Now The DeskTop is infected.

mannaoz · 05-15-2008, 03:28 AM

Well here we go again
Now the Desk Top is infected and its taken me days to work out a way to get some information what it could be. I just wasn't able to access the browsers, Firefox would work and IE had some sort of message saying that I had the Addons not installed What ever that means

??
Tried many things then remembered I have the program on HDD Yahoo its works to keep copies sometimes.

Anyway I have a result I think so here goes.
Hope some help will be on the way soon

Please Please.

Deckard's System Scanner v20071014.68
Run by Jeff on 2008-05-15 19:11:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-15 19:12:42
Platform: Windows XP Service Pack 3, v.3311 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.exe
H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
H:\Program Files\Comodo\BOCore.exe
H:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe
C:\Program Files\Comodo\VEngine\VEngine.exe
H:\Program Files\Comodo\Firewall\cfp.exe
H:\Program Files\Comodo\Firewall\cmdagent.exe
H:\Program Files\Comodo\BOC425.EXE
H:\Program Files\Comodo\cmf.exe
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Comodo\Common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Comodo\BackUp\CmdBkSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Philips\VOIP321\VOIP321.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Comodo\Comodo AntiVirus\CavAUD.exe
H:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
H:\Program Files\Comodo\Comodo AntiVirus\CavEmSrv.exe
H:\Becky!\Jeff Nield\B2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\EMCO Malware Destroyer\MalwareDestroyer.exe
D:\New Downloads 2008\dss.exe
H:\Program Files\Comodo\Comodo AntiVirus\CAVSubmit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
F0 - win.ini: load=
F0 - win.ini: run=
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
F3 - REG:win.ini: Run=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: (no name) - {0435CCCE-2C88-4B70-A168-E215D5E9D148} - C:\WINDOWS\system32\ddcAttsq.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program Files\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cnfgCav] "H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TPG] C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VEngine] C:\Program Files\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BOC-425] H:\PROGRA~1\Comodo\BOC425.exe
O4 - HKLM\..\Run: [COMODO Memory Firewall] "H:\Program Files\Comodo\cmf.exe" -s
O4 - HKLM\..\Run: [DefragTaskBar] "H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [8891180c] rundll32.exe "C:\WINDOWS\system32\vmajiaeu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Append to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\Utilities\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\Utilities\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: eivwystg - C:\WINDOWS\system32\eivwystg.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\system32\monln.dll
O20 - Winlogon Notify: srlgaynb - C:\WINDOWS\system32\srlgaynb.dll
O20 - Winlogon Notify: __c00374B0 - C:\WINDOWS\system32\__c00374B0.dat
O20 - Winlogon Notify: __c004BC89 - C:\WINDOWS\system32\__c004BC89.dat
O20 - Winlogon Notify: __c005F5DD - C:\WINDOWS\system32\__c005F5DD.dat (file missing)
O20 - Winlogon Notify: __c008A491 - C:\WINDOWS\system32\__c008A491.dat
O20 - Winlogon Notify: __c00AC5E8 - C:\WINDOWS\system32\__c00AC5E8.dat
O20 - Winlogon Notify: __c00BEFB4 - C:\WINDOWS\system32\__c00BEFB4.dat
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - Unknown owner - H:\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BOCore - COMODO - H:\Program Files\Comodo\BOCore.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - H:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\Common\CAVASpy\cavasm.exe
O23 - Service: ComodoBackupService - COMODO - H:\Program Files\Comodo\BackUp\CmdBkSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Unknown owner - H:\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VTingWinIe - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe -a

--
End of file - 16083 bytes

-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-15 15:59:16 32320 --a------ C:\WINDOWS\system32\__c004BC89.dat
2008-05-15 15:59:14 32320 --a------ C:\WINDOWS\system32\eivwystg.dll
2008-05-15 15:47:10 2112 --a------ C:\WINDOWS\system32\bflsjuwk.exe
2008-05-15 15:46:17 32320 --a------ C:\WINDOWS\system32\__c00A607.dat
2008-05-15 15:46:15 32320 --a------ C:\WINDOWS\system32\dgxrqwkh.dll
2008-05-14 22:24:50 91712 --a------ C:\WINDOWS\system32\vmajiaeu.dll
2008-05-14 22:21:50 99392 --a------ C:\WINDOWS\system32\okbufvgu.dll
2008-05-14 22:19:14 3648 --a------ C:\WINDOWS\system32\afyamxuf.dll
2008-05-13 22:30:56 32320 --a------ C:\WINDOWS\system32\__c008A491.dat
2008-05-13 22:30:55 32320 --a------ C:\WINDOWS\system32\srlgaynb.dll
2008-05-13 22:27:25 2112 --a------ C:\WINDOWS\system32\ncgbwhbe.exe
2008-05-13 22:21:25 3648 --a------ C:\WINDOWS\system32\elnewnvv.dll
2008-05-13 22:18:34 100928 --a------ C:\WINDOWS\system32\qumwihas.dll
2008-05-12 22:24:26 32320 --a------ C:\WINDOWS\system32\__c001BA66.dat
2008-05-12 22:24:25 32320 --a------ C:\WINDOWS\system32\gaqtjbxr.dll
2008-05-12 22:21:25 2112 --a------ C:\WINDOWS\system32\chiqcapt.exe
2008-05-12 22:18:25 100416 --a------ C:\WINDOWS\system32\qhdmffth.dll
2008-05-12 20:47:55 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-12 20:47:22 0 d-------- C:\Program Files\Common Files\Skype
2008-05-12 11:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2008-05-12 10:09:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-12 10:09:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-12 10:08:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-12 09:41:15 0 d-------- C:\Program Files\EMCO Malware Destroyer
2008-05-12 01:44:17 32320 --a------ C:\WINDOWS\system32\__c00AC5E8.dat
2008-05-12 01:44:15 32320 --a------ C:\WINDOWS\system32\fiqwkbwo.dll
2008-05-11 22:26:18 2112 --a------ C:\WINDOWS\system32\sreommou.exe
2008-05-11 22:23:15 32320 --a------ C:\WINDOWS\system32\bkuyosqs.dll
2008-05-11 22:20:16 32320 --a------ C:\WINDOWS\system32\vooybgbh.dll
2008-05-11 22:17:31 98368 --a------ C:\WINDOWS\system32\uqtupplq.dll
2008-05-11 14:17:20 1018 --a------ C:\WINDOWS\system32\jerror.dat
2008-05-11 14:17:20 22438 --a------ C:\WINDOWS\system32\jcsball.dat
2008-05-10 22:26:36 32320 --a------ C:\WINDOWS\system32\__c00BEFB4.dat
2008-05-10 22:26:33 32320 --a------ C:\WINDOWS\system32\ewanaqby.dll
2008-05-10 22:26:11 32320 --a------ C:\WINDOWS\system32\uvleutea.dll
2008-05-10 22:17:24 2112 --a------ C:\WINDOWS\system32\ppecnibt.exe
2008-05-10 22:17:02 100416 --a------ C:\WINDOWS\system32\mydeywqt.dll
2008-05-10 08:05:46 32320 --a------ C:\WINDOWS\system32\__c00374B0.dat
2008-05-10 08:05:45 32320 --a------ C:\WINDOWS\system32\icvxpxro.dll
2008-05-10 08:02:47 32320 --a------ C:\WINDOWS\system32\ejlylhql.dll
2008-05-10 05:10:08 32320 --a------ C:\WINDOWS\system32\oxdtulmu.dll
2008-05-10 05:07:08 32320 --a------ C:\WINDOWS\system32\smhfpadx.dll
2008-05-10 05:04:08 32320 --a------ C:\WINDOWS\system32\ptjxnmwu.dll
2008-05-10 05:01:08 32320 --a------ C:\WINDOWS\system32\qxlqqwgm.dll
2008-05-10 04:58:08 32320 --a------ C:\WINDOWS\system32\emripjpp.dll
2008-05-10 04:55:08 32320 --a------ C:\WINDOWS\system32\sirshkim.dll
2008-05-10 04:52:08 32320 --a------ C:\WINDOWS\system32\wyyjusnw.dll
2008-05-10 04:49:08 32320 --a------ C:\WINDOWS\system32\mlnqaeam.dll
2008-05-10 04:46:08 32320 --a------ C:\WINDOWS\system32\qvvqxple.dll
2008-05-10 04:43:08 32320 --a------ C:\WINDOWS\system32\lsnplrvb.dll
2008-05-10 04:40:08 32320 --a------ C:\WINDOWS\system32\lmdxngmp.dll
2008-05-10 04:37:08 32320 --a------ C:\WINDOWS\system32\ployhipj.dll
2008-05-10 04:34:08 32320 --a------ C:\WINDOWS\system32\ubvxsfmp.dll
2008-05-10 04:31:08 32320 --a------ C:\WINDOWS\system32\wdvevdjq.dll
2008-05-10 04:28:08 32320 --a------ C:\WINDOWS\system32\ewppbisk.dll
2008-05-10 04:25:08 32320 --a------ C:\WINDOWS\system32\yvbybvce.dll
2008-05-10 04:22:08 32320 --a------ C:\WINDOWS\system32\coebqtdh.dll
2008-05-10 04:19:08 32320 --a------ C:\WINDOWS\system32\lytlvcdi.dll
2008-05-10 04:16:08 32320 --a------ C:\WINDOWS\system32\rhljvapt.dll
2008-05-10 04:13:08 32320 --a------ C:\WINDOWS\system32\fbcuamgw.dll
2008-05-10 04:10:08 32320 --a------ C:\WINDOWS\system32\vwlewtxs.dll
2008-05-10 04:07:08 32320 --a------ C:\WINDOWS\system32\vmcdckjh.dll
2008-05-10 04:04:08 32320 --a------ C:\WINDOWS\system32\crfvtsfy.dll
2008-05-10 04:01:08 32320 --a------ C:\WINDOWS\system32\umcvujue.dll
2008-05-10 03:58:08 32320 --a------ C:\WINDOWS\system32\clvleahi.dll
2008-05-10 03:55:08 32320 --a------ C:\WINDOWS\system32\gcuxrghx.dll
2008-05-10 03:52:08 32320 --a------ C:\WINDOWS\system32\xfwpprjr.dll
2008-05-10 03:49:08 32320 --a------ C:\WINDOWS\system32\furkpoox.dll
2008-05-10 03:46:08 32320 --a------ C:\WINDOWS\system32\iqysheyf.dll
2008-05-10 03:43:08 32320 --a------ C:\WINDOWS\system32\nyjspnse.dll
2008-05-10 03:40:08 32320 --a------ C:\WINDOWS\system32\oiaabtpj.dll
2008-05-10 03:37:08 32320 --a------ C:\WINDOWS\system32\beslmrtd.dll
2008-05-10 03:34:08 32320 --a------ C:\WINDOWS\system32\liichvva.dll
2008-05-10 03:31:08 32320 --a------ C:\WINDOWS\system32\eegcvsne.dll
2008-05-10 03:28:08 32320 --a------ C:\WINDOWS\system32\uykgkixk.dll
2008-05-10 03:25:08 32320 --a------ C:\WINDOWS\system32\lbtdfnth.dll
2008-05-10 03:22:08 32320 --a------ C:\WINDOWS\system32\uuimriau.dll
2008-05-10 03:19:08 32320 --a------ C:\WINDOWS\system32\xkkeqbdw.dll
2008-05-10 03:16:08 32320 --a------ C:\WINDOWS\system32\klbtmufx.dll
2008-05-10 03:13:08 32320 --a------ C:\WINDOWS\system32\fmskrjik.dll
2008-05-10 03:10:08 32320 --a------ C:\WINDOWS\system32\qkshyreb.dll
2008-05-10 03:07:08 32320 --a------ C:\WINDOWS\system32\yswucodk.dll
2008-05-10 03:04:08 32320 --a------ C:\WINDOWS\system32\ncrecoro.dll
2008-05-10 03:01:08 32320 --a------ C:\WINDOWS\system32\ldcjgsey.dll
2008-05-10 02:58:08 32320 --a------ C:\WINDOWS\system32\gprsbgrt.dll
2008-05-10 02:55:08 32320 --a------ C:\WINDOWS\system32\smwveqhe.dll
2008-05-10 02:52:08 32320 --a------ C:\WINDOWS\system32\gkroppjp.dll
2008-05-10 02:49:08 32320 --a------ C:\WINDOWS\system32\annifibp.dll
2008-05-10 02:46:08 32320 --a------ C:\WINDOWS\system32\hfjsbpqj.dll
2008-05-10 02:43:08 32320 --a------ C:\WINDOWS\system32\vjsoydym.dll
2008-05-10 02:40:08 32320 --a------ C:\WINDOWS\system32\tyigvric.dll
2008-05-10 02:37:08 32320 --a------ C:\WINDOWS\system32\sqrwrjod.dll
2008-05-10 02:34:08 32320 --a------ C:\WINDOWS\system32\ormipcbm.dll
2008-05-10 02:31:08 32320 --a------ C:\WINDOWS\system32\hxqdqjat.dll
2008-05-10 02:28:08 32320 --a------ C:\WINDOWS\system32\dgvywttc.dll
2008-05-10 02:25:08 32320 --a------ C:\WINDOWS\system32\ekqvvnbe.dll
2008-05-10 02:22:08 32320 --a------ C:\WINDOWS\system32\rydsftrw.dll
2008-05-10 02:19:08 32320 --a------ C:\WINDOWS\system32\uoveaugs.dll
2008-05-10 02:16:08 32320 --a------ C:\WINDOWS\system32\iocyitgr.dll
2008-05-10 02:13:08 32320 --a------ C:\WINDOWS\system32\cgtqmauq.dll
2008-05-10 02:10:08 32320 --a------ C:\WINDOWS\system32\aehbblck.dll
2008-05-10 02:07:08 32320 --a------ C:\WINDOWS\system32\yugbxdih.dll
2008-05-10 02:04:08 32320 --a------ C:\WINDOWS\system32\tchnsxcy.dll
2008-05-10 02:01:08 32320 --a------ C:\WINDOWS\system32\pjybgfrl.dll
2008-05-10 01:58:08 32320 --a------ C:\WINDOWS\system32\ikswvybw.dll
2008-05-10 01:55:08 32320 --a------ C:\WINDOWS\system32\dyopiaah.dll
2008-05-10 01:52:08 32320 --a------ C:\WINDOWS\system32\qfitekxk.dll
2008-05-10 01:49:08 32320 --a------ C:\WINDOWS\system32\psqhkiot.dll
2008-05-10 01:46:08 32320 --a------ C:\WINDOWS\system32\eefqqlcn.dll
2008-05-10 01:43:08 32320 --a------ C:\WINDOWS\system32\uwiqqftm.dll
2008-05-10 01:40:08 32320 --a------ C:\WINDOWS\system32\rjmyhpjn.dll
2008-05-10 01:37:08 32320 --a------ C:\WINDOWS\system32\oqxumdej.dll
2008-05-10 01:34:08 32320 --a------ C:\WINDOWS\system32\mtxecqif.dll
2008-05-10 01:31:08 32320 --a------ C:\WINDOWS\system32\capakxjg.dll
2008-05-10 01:28:08 32320 --a------ C:\WINDOWS\system32\fggwlwmj.dll
2008-05-10 01:25:08 32320 --a------ C:\WINDOWS\system32\mtrjkxca.dll
2008-05-10 01:22:08 32320 --a------ C:\WINDOWS\system32\venyunid.dll
2008-05-10 01:19:08 32320 --a------ C:\WINDOWS\system32\pwedyppo.dll
2008-05-10 01:16:08 32320 --a------ C:\WINDOWS\system32\lrlwrapf.dll
2008-05-10 01:13:08 32320 --a------ C:\WINDOWS\system32\uatkhnpl.dll
2008-05-10 01:10:08 32320 --a------ C:\WINDOWS\system32\aivsknut.dll
2008-05-10 01:07:08 32320 --a------ C:\WINDOWS\system32\lbixbuee.dll
2008-05-10 01:04:08 32320 --a------ C:\WINDOWS\system32\cnprhxpo.dll
2008-05-10 01:01:08 32320 --a------ C:\WINDOWS\system32\nhxndjbc.dll
2008-05-10 00:58:08 32320 --a------ C:\WINDOWS\system32\dtatpaer.dll
2008-05-10 00:55:08 32320 --a------ C:\WINDOWS\system32\gnkhxngj.dll
2008-05-10 00:52:08 32320 --a------ C:\WINDOWS\system32\usklrlll.dll
2008-05-10 00:49:08 32320 --a------ C:\WINDOWS\system32\cjccnspr.dll
2008-05-10 00:46:08 32320 --a------ C:\WINDOWS\system32\myqlsfkx.dll
2008-05-10 00:43:08 32320 --a------ C:\WINDOWS\system32\fulxwktv.dll
2008-05-10 00:40:08 32320 --a------ C:\WINDOWS\system32\ccgjvywc.dll
2008-05-10 00:37:08 32320 --a------ C:\WINDOWS\system32\jwdfqaum.dll
2008-05-10 00:34:08 32320 --a------ C:\WINDOWS\system32\iuklldlb.dll
2008-05-10 00:31:08 32320 --a------ C:\WINDOWS\system32\apkduttr.dll
2008-05-10 00:28:08 32320 --a------ C:\WINDOWS\system32\mjusruqr.dll
2008-05-10 00:25:08 32320 --a------ C:\WINDOWS\system32\avlcdsnw.dll
2008-05-10 00:22:08 32320 --a------ C:\WINDOWS\system32\fgojcorh.dll
2008-05-10 00:19:08 32320 --a------ C:\WINDOWS\system32\gowjoqfm.dll
2008-05-10 00:16:08 32320 --a------ C:\WINDOWS\system32\hspgpvoe.dll
2008-05-10 00:13:08 32320 --a------ C:\WINDOWS\system32\jftfrmjb.dll
2008-05-10 00:10:08 32320 --a------ C:\WINDOWS\system32\rardtusp.dll
2008-05-10 00:07:08 32320 --a------ C:\WINDOWS\system32\rrliuejo.dll
2008-05-10 00:04:08 32320 --a------ C:\WINDOWS\system32\amknfgdp.dll
2008-05-10 00:01:08 32320 --a------ C:\WINDOWS\system32\qtyitgbd.dll
2008-05-09 23:58:08 32320 --a------ C:\WINDOWS\system32\ueqrabik.dll
2008-05-09 23:55:08 32320 --a------ C:\WINDOWS\system32\wsqinxul.dll
2008-05-09 23:52:08 32320 --a------ C:\WINDOWS\system32\vswvslxx.dll
2008-05-09 23:49:08 32320 --a------ C:\WINDOWS\system32\jbutwkac.dll
2008-05-09 23:46:08 32320 --a------ C:\WINDOWS\system32\cjavjinv.dll
2008-05-09 23:43:08 32320 --a------ C:\WINDOWS\system32\ymgehipw.dll
2008-05-09 23:40:08 32320 --a------ C:\WINDOWS\system32\frpgxsog.dll
2008-05-09 23:37:08 32320 --a------ C:\WINDOWS\system32\cuyhbgbk.dll
2008-05-09 23:34:08 32320 --a------ C:\WINDOWS\system32\pqludfka.dll
2008-05-09 23:31:08 32320 --a------ C:\WINDOWS\system32\ohtxevlg.dll
2008-05-09 23:28:08 32320 --a------ C:\WINDOWS\system32\wqtynmoy.dll
2008-05-09 23:25:08 32320 --a------ C:\WINDOWS\system32\diyamcyy.dll
2008-05-09 23:22:08 32320 --a------ C:\WINDOWS\system32\jqedtvmb.dll
2008-05-09 23:19:08 32320 --a------ C:\WINDOWS\system32\nxdyxyfd.dll
2008-05-09 23:16:08 32320 --a------ C:\WINDOWS\system32\jtlpypix.dll
2008-05-09 23:13:08 32320 --a------ C:\WINDOWS\system32\bfbamxff.dll
2008-05-09 23:10:08 32320 --a------ C:\WINDOWS\system32\sscujfic.dll
2008-05-09 23:07:08 32320 --a------ C:\WINDOWS\system32\umkvqqux.dll
2008-05-09 23:04:08 32320 --a------ C:\WINDOWS\system32\kpdawfef.dll
2008-05-09 23:01:08 32320 --a------ C:\WINDOWS\system32\xlfvksrb.dll
2008-05-09 22:58:08 32320 --a------ C:\WINDOWS\system32\rxdftrun.dll
2008-05-09 22:55:08 32320 --a------ C:\WINDOWS\system32\geyiilru.dll
2008-05-09 22:52:08 32320 --a------ C:\WINDOWS\system32\gtvlsvhm.dll
2008-05-09 22:49:08 32320 --a------ C:\WINDOWS\system32\latdpoka.dll
2008-05-09 22:46:08 32320 --a------ C:\WINDOWS\system32\pkmcdrat.dll
2008-05-09 22:43:08 32320 --a------ C:\WINDOWS\system32\taeyqleh.dll
2008-05-09 22:40:08 32320 --a------ C:\WINDOWS\system32\pucmjauh.dll
2008-05-09 22:37:08 32320 --a------ C:\WINDOWS\system32\npruaxry.dll
2008-05-09 22:34:08 32320 --a------ C:\WINDOWS\system32\yiaoormu.dll
2008-05-09 22:31:08 32320 --a------ C:\WINDOWS\system32\klpsnhjn.dll
2008-05-09 22:28:08 32320 --a------ C:\WINDOWS\system32\fvtvoyua.dll
2008-05-09 22:25:08 32320 --a------ C:\WINDOWS\system32\hynbeoxu.dll
2008-05-09 22:22:08 32320 --a------ C:\WINDOWS\system32\mmsilnir.dll
2008-05-09 22:19:08 32320 --a------ C:\WINDOWS\system32\pcvycwkc.dll
2008-05-09 22:16:08 32320 --a------ C:\WINDOWS\system32\opbhswie.dll
2008-05-09 22:13:08 32320 --a------ C:\WINDOWS\system32\vdcrrqnk.dll
2008-05-09 22:10:08 32320 --a------ C:\WINDOWS\system32\dvqsekts.dll
2008-05-09 22:07:08 32320 --a------ C:\WINDOWS\system32\jpofmnxa.dll
2008-05-09 22:04:08 32320 --a------ C:\WINDOWS\system32\qpellyvl.dll
2008-05-09 22:01:08 32320 --a------ C:\WINDOWS\system32\mghtblqa.dll
2008-05-09 21:58:08 32320 --a------ C:\WINDOWS\system32\yxulwqdp.dll
2008-05-09 21:55:08 32320 --a------ C:\WINDOWS\system32\kawqfdxn.dll
2008-05-09 21:52:08 32320 --a------ C:\WINDOWS\system32\iimvpqtb.dll
2008-05-09 21:49:08 32320 --a------ C:\WINDOWS\system32\wladebuj.dll
2008-05-09 21:46:08 32320 --a------ C:\WINDOWS\system32\gxbchsox.dll
2008-05-09 21:43:08 32320 --a------ C:\WINDOWS\system32\qtqkukti.dll
2008-05-09 21:37:08 32320 --a------ C:\WINDOWS\system32\oeoqnlss.dll
2008-05-09 21:34:08 32320 --a------ C:\WINDOWS\system32\deqrtxcd.dll
2008-05-09 21:31:08 32320 --a------ C:\WINDOWS\system32\kxsyklpm.dll
2008-05-09 21:28:08 32320 --a------ C:\WINDOWS\system32\nemeygmo.dll
2008-05-09 21:25:08 32320 --a------ C:\WINDOWS\system32\waehwpjn.dll
2008-05-09 21:22:08 32320 --a------ C:\WINDOWS\system32\rabiwbim.dll
2008-05-09 21:19:08 32320 --a------ C:\WINDOWS\system32\clwrlknl.dll
2008-05-09 21:16:08 32320 --a------ C:\WINDOWS\system32\yodfabck.dll
2008-05-09 21:13:08 32320 --a------ C:\WINDOWS\system32\exjttujd.dll
2008-05-09 21:10:08 32320 --a------ C:\WINDOWS\system32\cwkdfils.dll
2008-05-09 21:07:08 32320 --a------ C:\WINDOWS\system32\uuhgebfd.dll
2008-05-09 21:04:08 32320 --a------ C:\WINDOWS\system32\rpruhbpc.dll
2008-05-09 21:01:08 32320 --a------ C:\WINDOWS\system32\pcycbdef.dll
2008-05-09 20:58:08 32320 --a------ C:\WINDOWS\system32\trfmyofk.dll
2008-05-09 20:55:08 32320 --a------ C:\WINDOWS\system32\xduojsjv.dll
2008-05-09 20:52:08 32320 --a------ C:\WINDOWS\system32\rypiofcf.dll
2008-05-09 20:49:08 32320 --a------ C:\WINDOWS\system32\kbnbpnfl.dll
2008-05-09 20:46:08 32320 --a------ C:\WINDOWS\system32\suhxgafn.dll
2008-05-09 20:43:08 32320 --a------ C:\WINDOWS\system32\qcajkhnw.dll
2008-05-09 20:40:08 32320 --a------ C:\WINDOWS\system32\jajcfgfa.dll
2008-05-09 20:37:08 32320 --a------ C:\WINDOWS\system32\ywoxhqtd.dll
2008-05-09 20:34:08 32320 --a------ C:\WINDOWS\system32\oydpboum.dll
2008-05-09 20:31:08 32320 --a------ C:\WINDOWS\system32\hdwboane.dll
2008-05-09 20:28:08 32320 --a------ C:\WINDOWS\system32\kprsnkdw.dll
2008-05-09 20:25:08 32320 --a------ C:\WINDOWS\system32\otrkctlu.dll
2008-05-09 20:22:08 32320 --a------ C:\WINDOWS\system32\xgyyvdnc.dll
2008-05-09 20:19:08 32320 --a------ C:\WINDOWS\system32\xfekemyv.dll
2008-05-09 20:16:08 32320 --a------ C:\WINDOWS\system32\llcbgjta.dll
2008-05-09 20:13:08 32320 --a------ C:\WINDOWS\system32\ignfwpbb.dll
2008-05-09 20:10:08 32320 --a------ C:\WINDOWS\system32\sjtsanuc.dll
2008-05-09 20:07:08 32320 --a------ C:\WINDOWS\system32\wgtxmsiy.dll
2008-05-09 20:04:08 32320 --a------ C:\WINDOWS\system32\iixgugls.dll
2008-05-09 20:01:08 32320 --a------ C:\WINDOWS\system32\jefjvsui.dll
2008-05-09 19:58:08 32320 --a------ C:\WINDOWS\system32\bdkwvfcu.dll
2008-05-09 19:55:09 32320 --a------ C:\WINDOWS\system32\__c006C59A.dat
2008-05-09 19:55:08 32320 --a------ C:\WINDOWS\system32\vjtktidk.dll
2008-05-09 19:52:09 32320 --a------ C:\WINDOWS\system32\__c009E766.dat
2008-05-09 19:52:08 32320 --a------ C:\WINDOWS\system32\pvfmamqr.dll
2008-05-09 19:49:08 32320 --a------ C:\WINDOWS\system32\pgqisbej.dll
2008-05-09 19:46:09 32320 --a------ C:\WINDOWS\system32\__c00E5E97.dat
2008-05-09 19:46:08 32320 --a------ C:\WINDOWS\system32\jqprxjhg.dll
2008-05-09 19:43:08 32320 --a------ C:\WINDOWS\system32\davdvuxn.dll
2008-05-09 19:40:08 32320 --a------ C:\WINDOWS\system32\vomtksfu.dll
2008-05-09 19:37:08 32320 --a------ C:\WINDOWS\system32\fhwmqslx.dll
2008-05-09 19:34:08 32320 --a------ C:\WINDOWS\system32\uijchomm.dll
2008-05-09 19:31:08 32320 --a------ C:\WINDOWS\system32\uhfaduxx.dll
2008-05-09 19:28:08 32320 --a------ C:\WINDOWS\system32\chdemnns.dll
2008-05-09 19:25:08 32320 --a------ C:\WINDOWS\system32\cqtdrmje.dll
2008-05-09 19:24:57 262144 --a------ C:\Documents and Settings\All Users\NTUSER.dat
2008-05-09 19:22:42 32320 --a------ C:\WINDOWS\system32\axuoquhx.dll
2008-05-09 17:43:09 2112 --a------ C:\WINDOWS\system32\pdtpaafk.exe
2008-05-09 17:37:09 99904 --a------ C:\WINDOWS\system32\odktvgcl.dll
2008-05-09 09:49:30 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-08 19:46:45 0 d-------- C:\Program Files\Panda Security
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\xmlprov.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\WZCSVC.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\WudfSvc.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\wuauserv.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\wscsvc.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\WMPNetworkSvc.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\WmiApSrv.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\WmiApRpl.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\Wmi.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\WmdmPmSN.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\WinTrust.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\WinSock2.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\{FE5C8D59-7B75-462F-AA45-BD43E374AAA0}.sys
2008-05-08 18:58:28 0 --a------ C:\WINDOWS\system32\drivers\{1E07A0D9-AF0F-4846-9920-7836BE219C2F}.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\winmgmt.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\WebClient.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\WDICA.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\W3SVC.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\W32Time.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\vulfntrs.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\vulfnths.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\VTingWinIe.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\VSS.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\Video3D.sys
2008-05-08 18:58:27 0 --a------ C:\WINDOWS\system32\drivers\VgaSave.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\usb.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\UPS.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\upnphost.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\TSDDD.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\TrkWks.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\TlntSvr.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\Themes.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\TermService.sys
2008-05-08 18:58:26 0 --a------ C:\WINDOWS\system32\drivers\TapiSrv.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SysmonLog.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\swwd.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SwPrv.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\stisvc.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SSDPSRV.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\srservice.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\Spooler.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SNMPTRAP.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SNMP.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\Simbad.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\ShellHWDetection.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SharedAccess.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SENS.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\seclogon.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\Schedule.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SCardSvr.sys
2008-05-08 18:58:25 0 --a------ C:\WINDOWS\system32\drivers\SamSs.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RTLE8023xp.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RSVP.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RpcSs.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RpcLocator.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RemoteRegistry.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RemoteAccess.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RDSessMgr.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RDPNP.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RDPDD.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RasMan.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\RasAuto.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\ProtectedStorage.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\Processor.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\PptpMiniport.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\PolicyAgent.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\PlugPlay.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\PerfProc.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\PerfOS.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\PerfNet.sys
2008-05-08 18:58:24 0 --a------ C:\WINDOWS\system32\drivers\PerfDisk.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\PDRFRAME.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\PDRELI.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\PDFRAME.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\PDCOMP.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\PCIDump.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\ose.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\NVSvc.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\nv.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\NtmsSvc.sys
2008-05-08 18:58:23 0 --a------ C:\WINDOWS\system32\drivers\NtLmSsp.sys
2008-05-08 18:58:22 0 --a------ C:\WINDOWS\system32\drivers\NMIndexingService.sys
2008-05-08 18:58:22 0 --a------ C:\WINDOWS\system32\drivers\Nla.sys
2008-05-08 18:58:22 0 --a------ C:\WINDOWS\system32\drivers\NetTcpPortSharing.sys
2008-05-08 18:58:21 0 --a------ C:\WINDOWS\system32\drivers\Netman.sys
2008-05-08 18:58:21 0 --a------ C:\WINDOWS\system32\drivers\Netlogon.sys
2008-05-08 18:58:21 0 --a------ C:\WINDOWS\system32\drivers\NetDDEdsdm.sys
2008-05-08 18:58:21 0 --a------ C:\WINDOWS\system32\drivers\NetDDE.sys
2008-05-08 18:58:21 0 --a------ C:\WINDOWS\system32\drivers\NBService.sys
2008-05-08 18:58:21 0 --a------ C:\WINDOWS\system32\drivers\napagent.sys
2008-05-08 18:58:21 0 --a------ C:\WINDOWS\system32\drivers\MSIServer.sys
2008-05-08 18:58:21 0 --a------ C:\WINDOWS\system32\drivers\MSDTC.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\mnmsrvc.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\Messenger.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\LmHosts.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\LicenseService.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\ldap.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\lanmanworkstation.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\lanmanserver.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\ISAPISearch.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\IpFilterDriver.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\IntcAzAudAddService.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\inetaccs.sys
2008-05-08 18:58:20 0 --a------ C:\WINDOWS\system32\drivers\ImapiService.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\idsvc.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\IDriverT.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\HTTPFilter.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\hkmsvc.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\HidServ.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\helpsvc.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\Gpc.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\gdrv.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\Fax.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\FastUserSwitchingCompatibility.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\EventSystem.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\Eventlog.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\EapHost.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\Dot3svc.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\Dnscache.sys
2008-05-08 18:58:19 0 --a------ C:\WINDOWS\system32\drivers\dmserver.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\dmadmin.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\Dhcp.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\DcomLaunch.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\CSIScanner.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\CryptSvc.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\ContentIndex.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\ContentFilter.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\COMSysApp.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\cmdAgent.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\ClipSrv.sys
2008-05-08 18:58:18 0 --a------ C:\WINDOWS\system32\drivers\CiSvc.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\Browser.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\BOCore.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\BOCDRIVE.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\BITS.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\AudioSrv.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\ATKKeyboardService.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\Atdisk.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\asuskbnt.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\aspnet_state.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\ASPI32.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\AshampooDefragService.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\AppMgmt.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\ALG.sys
2008-05-08 18:58:17 0 --a------ C:\WINDOWS\system32\drivers\Alerter.sys
2008-05-08 18:58:16 0 --a------ C:\WINDOWS\system32\drivers\Abiosdsk.sys
2008-05-08 18:34:08 0 dr-h----- C:\Documents and Settings\Jeff\Recent
2008-05-08 17:43:00 2112 --a------ C:\WINDOWS\system32\dcruxccn.exe
2008-05-08 17:42:54 32320 --a------ C:\WINDOWS\system32\__c0087BD3.dat
2008-05-08 17:42:53 32320 --a------ C:\WINDOWS\system32\msblvwnt.dll
2008-05-07 17:54:38 2112 --a------ C:\WINDOWS\system32\yxblubwp.exe
2008-05-07 17:51:37 32320 --a------ C:\WINDOWS\system32\yovmabwq.dll
2008-05-07 08:11:03 32320 --a------ C:\WINDOWS\system32\__c008DF90.dat
2008-05-06 09:49:26 0 d-------- C:\Documents and Settings\Jeff\Application Data\mjusbsp
2008-05-06 00:49:50 96832 --a------ C:\WINDOWS\system32\oouwdkdq.dll
2008-05-06 00:46:43 32320 --a------ C:\WINDOWS\system32\whgcwsup.dll
2008-05-06 00:46:13 32320 --a------ C:\WINDOWS\system32\__c00D3D2.dat
2008-05-06 00:46:10 32320 --a------ C:\WINDOWS\system32\pjfovyww.dll
2008-05-06 00:43:07 104000 --a------ C:\WINDOWS\system32\glfyiqtk.dll
2008-05-05 20:26:02 32768 --a------ C:\WINDOWS\system32\VTingWin.dll <Not Verified; Microsoft Corporation; >
2008-05-05 17:09:04 0 d-------- C:\Documents and Settings\Jeff\Application Data\PKWARE
2008-05-05 17:09:04 0 d-------- C:\Documents and Settings\All Users\Application Data\PKWARE
2008-05-05 14:34:52 0 d-------- C:\Program Files\Common Files\PKWARE
2008-05-05 12:39:28 341199 --ahs---- C:\WINDOWS\system32\qsttAcdd.ini2
2008-05-05 12:39:23 281088 --a------ C:\WINDOWS\system32\ddcAttsq.dll
2008-05-05 12:37:33 0 --a------ C:\WINDOWS\system32\rqRHXrOe.dll
2008-05-05 12:34:17 43520 --a------ C:\WINDOWS\system32\byXNdedA.dll
2008-05-05 12:32:43 0 d-------- C:\Documents and Settings\Jeff\Application Data\Ashampoo
2008-05-04 12:39:38 0 d-------- C:\Program Files\TPG LeechOmeter
2008-04-28 09:27:49 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-28 09:27:25 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-25 14:39:43 0 d-------- C:\WINDOWS\system32\ebay
2008-04-21 18:54:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 18:25:50 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-04-21 18:25:50 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-04-21 18:24:37 36352 --a------ C:\WINDOWS\system32\ssqQgFuv.dll
2008-04-21 16:41:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-21 16:40:31 0 d-------- C:\Documents and Settings\Jeff\Application Data\Azureus
2008-04-21 16:36:48 0 d-------- C:\Program Files\Azureus
2008-04-21 16:36:44 0 d-------- C:\Documents and Settings\Jeff\Temp
2008-04-21 15:45:11 0 d-------- C:\Documents and Settings\Jeff\Application Data\FastStone
2008-04-21 15:37:58 0 d-------- C:\Documents and Settings\Jeff\Application Data\CD-LabelPrint
2008-04-17 10:26:47 0 d-------- C:\Program Files\Philips

-- Find3M Report ---------------------------------------------------------------

2008-05-15 18:48:24 0 d-------- C:\Documents and Settings\Jeff\Application Data\Skype
2008-05-15 17:52:03 0 d-------- C:\Documents and Settings\Jeff\Application Data\MailWasherPro
2008-05-15 16:05:56 0 d-------- C:\Documents and Settings\Jeff\Application Data\skypePM
2008-05-12 20:47:25 0 d-------- C:\Program Files\Skype
2008-05-12 20:47:22 0 d-------- C:\Program Files\Common Files
2008-05-12 12:00:41 0 d-------- C:\Documents and Settings\Jeff\Application Data\Comodo
2008-05-12 09:27:35 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-12 09:27:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 09:26:00 0 d-------- C:\Program Files\GIGABYTE
2008-05-09 20:15:51 0 d-------- C:\Program Files\Comodo
2008-05-09 09:47:21 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll <Not Verified; COMODO; Comodo AntiVirus.>
2008-05-08 19:51:47 2458 --a------ C:\WINDOWS\mozver.dat
2008-05-06 11:11:42 257024 --a------ C:\WINDOWS\ATKKBService.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
2008-05-06 10:55:19 0 d-------- C:\Documents and Settings\Jeff\Application Data\uTorrent
2008-04-30 16:14:44 0 d-------- C:\Documents and Settings\Jeff\Application Data\U3
2008-04-28 09:27:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-28 09:27:51 0 d-------- C:\Documents and Settings\Jeff\Application Data\Adobe
2008-04-21 12:43:25 0 d-------- C:\Documents and Settings\Jeff\Application Data\Ahead
2008-04-17 10:22:03 0 d-------- C:\Program Files\SkypeMate
2008-04-10 21:02:02 0 d-------- C:\Documents and Settings\Jeff\Application Data\Canon
2008-04-10 13:13:36 0 d-------- C:\Documents and Settings\Jeff\Application Data\Media Player Classic
2008-03-31 15

32 0 d-------- C:\Program Files\Common Files\CANON
2008-03-31 15:03:26 0 d-------- C:\Program Files\Canon
2008-03-31 15:02:12 0 d--h----- C:\Program Files\CanonBJ
2008-03-31 13:33:20 0 d-------- C:\Program Files\ASUS
2008-03-26 08

58 0 d-------- C:\Program Files\NCH Software
2008-03-26 08:05:11 0 d-------- C:\Documents and Settings\Jeff\Application Data\NCH Swift Sound
2008-03-25 14:45:39 0 d-------- C:\Program Files\Siber Systems
2008-03-25 09:20:45 0 d-------- C:\Documents and Settings\Jeff\Application Data\Auslogics
2008-03-25 08:27:32 0 d-------- C:\Documents and Settings\Jeff\Application Data\Vso
2008-03-25 08:27:32 33 --a------ C:\Documents and Settings\Jeff\Application Data\pcouffin.log
2008-03-25 08:27:30 47360 --a------ C:\Documents and Settings\Jeff\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-25 08:27:30 7887 --a------ C:\Documents and Settings\Jeff\Application Data\pcouffin.cat
2008-03-25 08:27:23 1144 --a------ C:\Documents and Settings\Jeff\Application Data\pcouffin.inf
2008-03-25 08:15:27 34 --a------ C:\Documents and Settings\Jeff\Application Data\burnaware.ini
2008-03-24 15:30:41 0 d-------- C:\Documents and Settings\Jeff\Application Data\WinRAR
2008-03-23 18:48:38 0 d-------- C:\Program Files\Messenger
2008-03-23 18:48:15 0 d-------- C:\Program Files\Movie Maker
2008-03-23 18:45:16 0 d-------- C:\Program Files\Windows NT
2008-03-23 10:12:27 0 d-------- C:\Documents and Settings\Jeff\Application Data\ooVoo Details
2008-03-18 13:37:19 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-18 13:08:34 0 d-------- C:\Documents and Settings\Jeff\Application Data\AdobeUM
2008-03-18 12:09:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-18 12:08:34 0 d-------- C:\Program Files\Microsoft.NET
2008-03-18 06:17:11 0 d-------- C:\Documents and Settings\Jeff\Application Data\Help
2008-03-18 00:56:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-18 00:56:30 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-18 00:55:59 62 --ahs---- C:\Documents and Settings\Jeff\Application Data\desktop.ini
2008-03-17 16:17:46 0 d-------- C:\Program Files\MSXML 4.0
2008-03-17 16:12:13 0 d-------- C:\Documents and Settings\Jeff\Application Data\Talkback
2008-03-17 16:12:02 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-17 16:12:00 0 d-------- C:\Documents and Settings\Jeff\Application Data\Mozilla
2008-03-17 15:17:16 0 d-------- C:\Documents and Settings\Jeff\Application Data\Macromedia
2008-03-17 15:13:11 0 d-------- C:\Documents and Settings\Jeff\Application Data\Sun
2008-03-17 15:04:18 0 d-------- C:\Program Files\My Company Name
2008-03-17 14:46:27 0 d-------- C:\Program Files\Realtek
2008-03-17 14:46:23 0 d-------- C:\Documents and Settings\Jeff\Application Data\InstallShield
2008-03-17 14:44:21 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-17 14:43:53 0 d-------- C:\Program Files\Yahoo!
2008-03-17 14:32:50 0 d-------- C:\Documents and Settings\Jeff\Application Data\Identities
2008-03-17 14:32:29 0 d-------- C:\Program Files\Microsoft WSE
2008-03-17 14:31:56 0 d-------- C:\Program Files\MSBuild
2008-03-17 14:29:20 0 d-------- C:\Program Files\Reference Assemblies
2008-03-17 14:29:16 83968 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2008-03-17 14:29:01 0 d-------- C:\Program Files\MSXML 6.0
2008-03-17 14:22:12 0 d-------- C:\Program Files\microsoft frontpage
2008-03-17 14:21:59 0 d-------- C:\Program Files\Utilities
2008-03-17 14:20:41 0 d-------- C:\Program Files\Java
2008-03-17 14:20:32 0 d-------- C:\Program Files\Common Files\Java
2008-03-17 14:17:24 0 -rahs---- C:\MSDOS.SYS
2008-03-17 14:17:24 0 -rahs---- C:\IO.SYS
2008-03-17 14:17:24 0 --a------ C:\CONFIG.SYS
2008-03-17 14:17:24 0 --a------ C:\AUTOEXEC.BAT
2008-03-17 14:16:09 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-17 14:14:53 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-17 14:13:38 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-17 14:13:15 0 d-------- C:\Program Files\Online Services
2008-03-17 14:13:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-17 14:12:45 0 d-------- C:\Program Files\Microsoft PowerToys
2008-03-17 14:12:45 0 d-------- C:\Program Files\HashTab Shell Extension
2008-03-17 14:12:36 0 d-------- C:\Program Files\MSN Gaming Zone

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0435CCCE-2C88-4B70-A168-E215D5E9D148}]
05/05/2008 12:39 PM 281088 --a------ C:\WINDOWS\system32\ddcAttsq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [28/05/2007 08:04 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 10:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 10:00 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [07/09/2006 12:19 PM]
"RTHDCPL"="RTHDCPL.EXE" [20/08/2007 05:38 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/06/2007 02:43 AM]
"nwiz"="nwiz.exe" [29/06/2007 02:43 AM C:\WINDOWS\system32\nwiz.exe]
"cnfgCav"="H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [12/05/2008 10:04 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 02:57 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [17/02/2005 06:15 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [17/02/2005 06:15 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [29/06/2007 02:43 AM]
"Acrobat Assistant 8.0"="H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [22/10/2006 11:24 PM]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"TPG"="C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe" [17/02/2008 12:11 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"VEngine"="C:\Program Files\Comodo\VEngine\VEngine.exe" [10/05/2008 07:56 AM]
"COMODO Firewall Pro"="H:\Program Files\Comodo\Firewall\cfp.exe" [12/05/2008 09:24 PM]
"BOC-425"="H:\PROGRA~1\Comodo\BOC425.exe" [26/11/2007 10:38 AM]
"COMODO Memory Firewall"="H:\Program Files\Comodo\cmf.exe" [12/05/2008 11:58 AM]
"DefragTaskBar"="H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [18/04/2008 09:11 AM]
"8891180c"="C:\WINDOWS\system32\vmajiaeu.dll" [14/05/2008 10:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [12/02/2008 01:59 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 06:03 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 05:45 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [25/03/2008 02:49 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [5/3/2007 3:52:18 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [4/28/2008 9:26:36 AM]
Adobe Acrobat Synchronizer.lnk - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eivwystg]
eivwystg.dll 15/05/2008 03:59 PM 32320 C:\WINDOWS\system32\eivwystg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 12/05/2008 10:04 AM 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\srlgaynb]
srlgaynb.dll 13/05/2008 10:30 PM 32320 C:\WINDOWS\system32\srlgaynb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00374B0]
__c00374B0.dat 10/05/2008 08:05 AM 32320 C:\WINDOWS\system32\__c00374B0.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c004BC89]
__c004BC89.dat 15/05/2008 03:59 PM 32320 C:\WINDOWS\system32\__c004BC89.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c005F5DD]
__c005F5DD.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c008A491]
__c008A491.dat 13/05/2008 10:30 PM 32320 C:\WINDOWS\system32\__c008A491.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00AC5E8]
__c00AC5E8.dat 12/05/2008 01:44 AM 32320 C:\WINDOWS\system32\__c00AC5E8.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BEFB4]
__c00BEFB4.dat 10/05/2008 10:26 PM 32320 C:\WINDOWS\system32\__c00BEFB4.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcAttsq

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
H:\Program Files\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{645a758c-1a8d-11dd-9e1f-001a4d5c184b}]
AutoRun\command- O:\autorun.exe
phone\command- O:\autorun.exe

-- End of Deckard's System Scanner: finished at 2008-05-15 19:15:09 ------------

Wish we could find these Attackers and do nasty things to them see how they feel with steel. OK not that far but sometimes.

Regards Jeff in OZ

Ried · 05-16-2008, 07:52 AM

Hi Jeff,

This machine has been heavily infected. I can clean it for you, but you did mention in your other thread that you have 32 machines here. Our assistance is geared toward personal computers, not businesses. Do you not have an IT department? Is there an image they can push for you?

mannaoz · 05-16-2008, 11:35 AM

Morning Ried

I don't know where you got that information from.
My combined arsonal comprises only 2 machines. One is a laptop I was using to find the group again and found it had some issues the other is the desktop ??

Are you sure you are on the right page.
I can't explan how I could have told you I have 32 machines.

Respectfully

Jeff in OZ

mannaoz · 05-16-2008, 01:06 PM

OK I see whats happened thats a typo
I have hit the 32 together now I see the problem you have in my post

I suppose I should also have an editor check my post as well as the spell checker.
Sorry its my fault here
can assure you I only have 2 machines.
Jeff in OZ

Ried · 05-16-2008, 05:30 PM

Hi Jeff,

Ok, well that explains that.

Let's get started. This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Go ahead and save ComboFix.exe to a flash drive and transfer it to this machine.

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

mannaoz · 05-16-2008, 06:20 PM

Hope this is correct as the machine still had the firewall and antivirus working I took it out through the process.
Thanks in advance

ComboFix 08-05-15.3 - Jeff 2008-05-17 10:05:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2467 [GMT 10:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\cmfdll32.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aehbblck.dll
C:\WINDOWS\system32\afyamxuf.dll
C:\WINDOWS\system32\annifibp.dll
C:\WINDOWS\system32\atxmgicq.ini
C:\WINDOWS\system32\beslmrtd.dll
C:\WINDOWS\system32\bflsjuwk.exe
C:\WINDOWS\system32\bkuyosqs.dll
C:\WINDOWS\system32\byXNdedA.dll
C:\WINDOWS\system32\cgtqmauq.dll
C:\WINDOWS\system32\chiqcapt.exe
C:\WINDOWS\system32\clvleahi.dll
C:\WINDOWS\system32\coebqtdh.dll
C:\WINDOWS\system32\crfvtsfy.dll
C:\WINDOWS\system32\dcruxccn.exe
C:\WINDOWS\system32\ddcAttsq.dll
C:\WINDOWS\system32\dgvywttc.dll
C:\WINDOWS\system32\dgxrqwkh.dll
C:\WINDOWS\system32\eegcvsne.dll
C:\WINDOWS\system32\eivwystg.dll
C:\WINDOWS\system32\ejlylhql.dll
C:\WINDOWS\system32\ekqvvnbe.dll
C:\WINDOWS\system32\elnewnvv.dll
C:\WINDOWS\system32\emripjpp.dll
C:\WINDOWS\system32\ewanaqby.dll
C:\WINDOWS\system32\ewppbisk.dll
C:\WINDOWS\system32\fbcuamgw.dll
C:\WINDOWS\system32\fiqwkbwo.dll
C:\WINDOWS\system32\fmskrjik.dll
C:\WINDOWS\system32\furkpoox.dll
C:\WINDOWS\system32\gaqtjbxr.dll
C:\WINDOWS\system32\gcuxrghx.dll
C:\WINDOWS\system32\gkroppjp.dll
C:\WINDOWS\system32\gprsbgrt.dll
C:\WINDOWS\system32\hfjsbpqj.dll
C:\WINDOWS\system32\hioepsqw.dll
C:\WINDOWS\system32\hxqdqjat.dll
C:\WINDOWS\system32\icvxpxro.dll
C:\WINDOWS\system32\iocyitgr.dll
C:\WINDOWS\system32\iqysheyf.dll
C:\WINDOWS\system32\iuebnwaf.ini
C:\WINDOWS\system32\klbtmufx.dll
C:\WINDOWS\system32\kmhrpvph.exe
C:\WINDOWS\system32\lbtdfnth.dll
C:\WINDOWS\system32\ldcjgsey.dll
C:\WINDOWS\system32\liichvva.dll
C:\WINDOWS\system32\lmdxngmp.dll
C:\WINDOWS\system32\lsnplrvb.dll
C:\WINDOWS\system32\lytlvcdi.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgvmnjcx.ini
C:\WINDOWS\system32\mlnqaeam.dll
C:\WINDOWS\system32\mydeywqt.dll
C:\WINDOWS\system32\mynpxdgh.dll
C:\WINDOWS\system32\ncgbwhbe.exe
C:\WINDOWS\system32\ncrecoro.dll
C:\WINDOWS\system32\nexleapm.exe
C:\WINDOWS\system32\nyjspnse.dll
C:\WINDOWS\system32\odktvgcl.dll
C:\WINDOWS\system32\oftgwaew.dll
C:\WINDOWS\system32\oiaabtpj.dll
C:\WINDOWS\system32\okbufvgu.dll
C:\WINDOWS\system32\oouwdkdq.dll
C:\WINDOWS\system32\oqvgldeh.ini
C:\WINDOWS\system32\ormipcbm.dll
C:\WINDOWS\system32\oxdtulmu.dll
C:\WINDOWS\system32\pdtpaafk.exe
C:\WINDOWS\system32\ployhipj.dll
C:\WINDOWS\system32\ppecnibt.exe
C:\WINDOWS\system32\pscvihuu.ini
C:\WINDOWS\system32\ptjxnmwu.dll
C:\WINDOWS\system32\qdkdwuoo.ini
C:\WINDOWS\system32\qhdmffth.dll
C:\WINDOWS\system32\qkshyreb.dll
C:\WINDOWS\system32\qmjsarjb.ini
C:\WINDOWS\system32\qsttAcdd.ini
C:\WINDOWS\system32\qsttAcdd.ini2
C:\WINDOWS\system32\qumwihas.dll
C:\WINDOWS\system32\qvvqxple.dll
C:\WINDOWS\system32\qxlqqwgm.dll
C:\WINDOWS\system32\rhljvapt.dll
C:\WINDOWS\system32\rydsftrw.dll
C:\WINDOWS\system32\sirshkim.dll
C:\WINDOWS\system32\skxarxlx.dll
C:\WINDOWS\system32\smhfpadx.dll
C:\WINDOWS\system32\smwveqhe.dll
C:\WINDOWS\system32\sqrwrjod.dll
C:\WINDOWS\system32\sreommou.exe
C:\WINDOWS\system32\srlgaynb.dll
C:\WINDOWS\system32\ssqQgFuv.dll
C:\WINDOWS\system32\tvanhtnw.dll
C:\WINDOWS\system32\tyigvric.dll
C:\WINDOWS\system32\ubvxsfmp.dll
C:\WINDOWS\system32\ueaijamv.ini
C:\WINDOWS\system32\umcvujue.dll
C:\WINDOWS\system32\uoveaugs.dll
C:\WINDOWS\system32\uqtupplq.dll
C:\WINDOWS\system32\uuhivcsp.dll
C:\WINDOWS\system32\uuimriau.dll
C:\WINDOWS\system32\uvleutea.dll
C:\WINDOWS\system32\uykgkixk.dll
C:\WINDOWS\system32\vdabofth.ini
C:\WINDOWS\system32\vjsoydym.dll
C:\WINDOWS\system32\vmcdckjh.dll
C:\WINDOWS\system32\vooybgbh.dll
C:\WINDOWS\system32\vvwxepge.ini
C:\WINDOWS\system32\vwlewtxs.dll
C:\WINDOWS\system32\wdvevdjq.dll
C:\WINDOWS\system32\wqspeoih.ini
C:\WINDOWS\system32\wyyjusnw.dll
C:\WINDOWS\system32\xfwpprjr.dll
C:\WINDOWS\system32\xkkeqbdw.dll
C:\WINDOWS\system32\yswucodk.dll
C:\WINDOWS\system32\yvbybvce.dll
C:\WINDOWS\system32\yxblubwp.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-17 10:04 . 2008-05-17 10:04 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 06:38 . 2008-05-17 06:38 32,320 --a------ C:\WINDOWS\system32\__c00F2179.dat
2008-05-16 13:47 . 2008-05-16 13:47 32,320 --a------ C:\WINDOWS\system32\__c0071A80.dat
2008-05-15 15:59 . 2008-05-15 15:59 32,320 --a------ C:\WINDOWS\system32\__c004BC89.dat
2008-05-15 15:46 . 2008-05-15 15:46 32,320 --a------ C:\WINDOWS\system32\__c00A607.dat
2008-05-13 22:30 . 2008-05-13 22:30 32,320 --a------ C:\WINDOWS\system32\__c008A491.dat
2008-05-12 22:24 . 2008-05-12 22:24 32,320 --a------ C:\WINDOWS\system32\__c001BA66.dat
2008-05-12 20:47 . 2008-05-12 20:47 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-12 20:47 . 2008-05-12 20:47 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-12 11:58 . 2008-05-12 11:58 77,568 --a------ C:\WINDOWS\system32\cmfdll32.dll.vir
2008-05-12 11:17 . 2008-05-12 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2008-05-12 11:17 . 2008-05-17 10:11 10,473 --a------ C:\WINDOWS\BOC425.INI
2008-05-12 10:09 . 2008-05-12 10:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-12 10:08 . 2008-05-12 10:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-12 10:08 . 2008-05-12 21:27 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-12 10:08 . 2008-05-12 21:27 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-12 10:08 . 2008-05-12 21:27 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-12 09:41 . 2008-05-12 18:05 <DIR> d-------- C:\Program Files\EMCO Malware Destroyer
2008-05-12 01:44 . 2008-05-12 01:44 32,320 --a------ C:\WINDOWS\system32\__c00AC5E8.dat
2008-05-11 14:17 . 2008-05-12 09:18 22,438 --a------ C:\WINDOWS\system32\jcsball.dat
2008-05-11 14:17 . 2008-05-12 09:18 7,603 --a------ C:\WINDOWS\system32\jcsb.new
2008-05-11 14:17 . 2008-05-12 09:18 1,018 --a------ C:\WINDOWS\system32\jerror.dat
2008-05-10 22:26 . 2008-05-10 22:26 32,320 --a------ C:\WINDOWS\system32\__c00BEFB4.dat
2008-05-10 08:05 . 2008-05-10 08:05 32,320 --a------ C:\WINDOWS\system32\__c00374B0.dat
2008-05-10 02:07 . 2008-05-10 02:07 32,320 --a------ C:\WINDOWS\system32\yugbxdih.dll
2008-05-10 02:04 . 2008-05-10 02:04 32,320 --a------ C:\WINDOWS\system32\tchnsxcy.dll
2008-05-10 02:01 . 2008-05-10 02:01 32,320 --a------ C:\WINDOWS\system32\pjybgfrl.dll
2008-05-10 01:58 . 2008-05-10 01:58 32,320 --a------ C:\WINDOWS\system32\ikswvybw.dll
2008-05-10 01:55 . 2008-05-10 01:55 32,320 --a------ C:\WINDOWS\system32\dyopiaah.dll
2008-05-10 01:52 . 2008-05-10 01:52 32,320 --a------ C:\WINDOWS\system32\qfitekxk.dll
2008-05-10 01:49 . 2008-05-10 01:49 32,320 --a------ C:\WINDOWS\system32\psqhkiot.dll
2008-05-10 01:46 . 2008-05-10 01:46 32,320 --a------ C:\WINDOWS\system32\eefqqlcn.dll
2008-05-10 01:43 . 2008-05-10 01:43 32,320 --a------ C:\WINDOWS\system32\uwiqqftm.dll
2008-05-10 01:40 . 2008-05-10 01:40 32,320 --a------ C:\WINDOWS\system32\rjmyhpjn.dll
2008-05-10 01:37 . 2008-05-10 01:37 32,320 --a------ C:\WINDOWS\system32\oqxumdej.dll
2008-05-10 01:34 . 2008-05-10 01:34 32,320 --a------ C:\WINDOWS\system32\mtxecqif.dll
2008-05-10 01:31 . 2008-05-10 01:31 32,320 --a------ C:\WINDOWS\system32\capakxjg.dll
2008-05-10 01:28 . 2008-05-10 01:28 32,320 --a------ C:\WINDOWS\system32\fggwlwmj.dll
2008-05-10 01:25 . 2008-05-10 01:25 32,320 --a------ C:\WINDOWS\system32\mtrjkxca.dll
2008-05-10 01:22 . 2008-05-10 01:22 32,320 --a------ C:\WINDOWS\system32\venyunid.dll
2008-05-10 01:19 . 2008-05-10 01:19 32,320 --a------ C:\WINDOWS\system32\pwedyppo.dll
2008-05-10 01:16 . 2008-05-10 01:16 32,320 --a------ C:\WINDOWS\system32\lrlwrapf.dll
2008-05-10 01:13 . 2008-05-10 01:13 32,320 --a------ C:\WINDOWS\system32\uatkhnpl.dll
2008-05-10 01:10 . 2008-05-10 01:10 32,320 --a------ C:\WINDOWS\system32\aivsknut.dll
2008-05-10 01:07 . 2008-05-10 01:07 32,320 --a------ C:\WINDOWS\system32\lbixbuee.dll
2008-05-10 01:04 . 2008-05-10 01:04 32,320 --a------ C:\WINDOWS\system32\cnprhxpo.dll
2008-05-10 01:01 . 2008-05-10 01:01 32,320 --a------ C:\WINDOWS\system32\nhxndjbc.dll
2008-05-10 00:58 . 2008-05-10 00:58 32,320 --a------ C:\WINDOWS\system32\dtatpaer.dll
2008-05-10 00:55 . 2008-05-10 00:55 32,320 --a------ C:\WINDOWS\system32\gnkhxngj.dll
2008-05-10 00:52 . 2008-05-10 00:52 32,320 --a------ C:\WINDOWS\system32\usklrlll.dll
2008-05-10 00:49 . 2008-05-10 00:49 32,320 --a------ C:\WINDOWS\system32\cjccnspr.dll
2008-05-10 00:46 . 2008-05-10 00:46 32,320 --a------ C:\WINDOWS\system32\myqlsfkx.dll
2008-05-10 00:43 . 2008-05-10 00:43 32,320 --a------ C:\WINDOWS\system32\fulxwktv.dll
2008-05-10 00:40 . 2008-05-10 00:40 32,320 --a------ C:\WINDOWS\system32\ccgjvywc.dll
2008-05-10 00:37 . 2008-05-10 00:37 32,320 --a------ C:\WINDOWS\system32\jwdfqaum.dll
2008-05-10 00:34 . 2008-05-10 00:34 32,320 --a------ C:\WINDOWS\system32\iuklldlb.dll
2008-05-10 00:31 . 2008-05-10 00:31 32,320 --a------ C:\WINDOWS\system32\apkduttr.dll
2008-05-10 00:28 . 2008-05-10 00:28 32,320 --a------ C:\WINDOWS\system32\mjusruqr.dll
2008-05-10 00:25 . 2008-05-10 00:25 32,320 --a------ C:\WINDOWS\system32\avlcdsnw.dll
2008-05-10 00:22 . 2008-05-10 00:22 32,320 --a------ C:\WINDOWS\system32\fgojcorh.dll
2008-05-10 00:19 . 2008-05-10 00:19 32,320 --a------ C:\WINDOWS\system32\gowjoqfm.dll
2008-05-10 00:16 . 2008-05-10 00:16 32,320 --a------ C:\WINDOWS\system32\hspgpvoe.dll
2008-05-10 00:13 . 2008-05-10 00:13 32,320 --a------ C:\WINDOWS\system32\jftfrmjb.dll
2008-05-10 00:10 . 2008-05-10 00:10 32,320 --a------ C:\WINDOWS\system32\rardtusp.dll
2008-05-10 00:07 . 2008-05-10 00:07 32,320 --a------ C:\WINDOWS\system32\rrliuejo.dll
2008-05-10 00:04 . 2008-05-10 00:04 32,320 --a------ C:\WINDOWS\system32\amknfgdp.dll
2008-05-10 00:01 . 2008-05-10 00:01 32,320 --a------ C:\WINDOWS\system32\qtyitgbd.dll
2008-05-09 23:58 . 2008-05-09 23:58 32,320 --a------ C:\WINDOWS\system32\ueqrabik.dll
2008-05-09 23:55 . 2008-05-09 23:55 32,320 --a------ C:\WINDOWS\system32\wsqinxul.dll
2008-05-09 23:52 . 2008-05-09 23:52 32,320 --a------ C:\WINDOWS\system32\vswvslxx.dll
2008-05-09 23:49 . 2008-05-09 23:49 32,320 --a------ C:\WINDOWS\system32\jbutwkac.dll
2008-05-09 23:46 . 2008-05-09 23:46 32,320 --a------ C:\WINDOWS\system32\cjavjinv.dll
2008-05-09 23:43 . 2008-05-09 23:43 32,320 --a------ C:\WINDOWS\system32\ymgehipw.dll
2008-05-09 23:40 . 2008-05-09 23:40 32,320 --a------ C:\WINDOWS\system32\frpgxsog.dll
2008-05-09 23:37 . 2008-05-09 23:37 32,320 --a------ C:\WINDOWS\system32\cuyhbgbk.dll
2008-05-09 23:34 . 2008-05-09 23:34 32,320 --a------ C:\WINDOWS\system32\pqludfka.dll
2008-05-09 23:31 . 2008-05-09 23:31 32,320 --a------ C:\WINDOWS\system32\ohtxevlg.dll
2008-05-09 23:28 . 2008-05-09 23:28 32,320 --a------ C:\WINDOWS\system32\wqtynmoy.dll
2008-05-09 23:25 . 2008-05-09 23:25 32,320 --a------ C:\WINDOWS\system32\diyamcyy.dll
2008-05-09 23:22 . 2008-05-09 23:22 32,320 --a------ C:\WINDOWS\system32\jqedtvmb.dll
2008-05-09 23:19 . 2008-05-09 23:19 32,320 --a------ C:\WINDOWS\system32\nxdyxyfd.dll
2008-05-09 23:16 . 2008-05-09 23:16 32,320 --a------ C:\WINDOWS\system32\jtlpypix.dll
2008-05-09 23:13 . 2008-05-09 23:13 32,320 --a------ C:\WINDOWS\system32\bfbamxff.dll
2008-05-09 23:10 . 2008-05-09 23:10 32,320 --a------ C:\WINDOWS\system32\sscujfic.dll
2008-05-09 23:07 . 2008-05-09 23:07 32,320 --a------ C:\WINDOWS\system32\umkvqqux.dll
2008-05-09 23:04 . 2008-05-09 23:04 32,320 --a------ C:\WINDOWS\system32\kpdawfef.dll
2008-05-09 23:01 . 2008-05-09 23:01 32,320 --a------ C:\WINDOWS\system32\xlfvksrb.dll
2008-05-09 22:58 . 2008-05-09 22:58 32,320 --a------ C:\WINDOWS\system32\rxdftrun.dll
2008-05-09 22:55 . 2008-05-09 22:55 32,320 --a------ C:\WINDOWS\system32\geyiilru.dll
2008-05-09 22:52 . 2008-05-09 22:52 32,320 --a------ C:\WINDOWS\system32\gtvlsvhm.dll
2008-05-09 22:49 . 2008-05-09 22:49 32,320 --a------ C:\WINDOWS\system32\latdpoka.dll
2008-05-09 22:46 . 2008-05-09 22:46 32,320 --a------ C:\WINDOWS\system32\pkmcdrat.dll
2008-05-09 22:43 . 2008-05-09 22:43 32,320 --a------ C:\WINDOWS\system32\taeyqleh.dll
2008-05-09 22:40 . 2008-05-09 22:40 32,320 --a------ C:\WINDOWS\system32\pucmjauh.dll
2008-05-09 22:37 . 2008-05-09 22:37 32,320 --a------ C:\WINDOWS\system32\npruaxry.dll
2008-05-09 22:34 . 2008-05-09 22:34 32,320 --a------ C:\WINDOWS\system32\yiaoormu.dll
2008-05-09 22:31 . 2008-05-09 22:31 32,320 --a------ C:\WINDOWS\system32\klpsnhjn.dll
2008-05-09 22:28 . 2008-05-09 22:28 32,320 --a------ C:\WINDOWS\system32\fvtvoyua.dll
2008-05-09 22:25 . 2008-05-09 22:25 32,320 --a------ C:\WINDOWS\system32\hynbeoxu.dll
2008-05-09 22:22 . 2008-05-09 22:22 32,320 --a------ C:\WINDOWS\system32\mmsilnir.dll
2008-05-09 22:19 . 2008-05-09 22:19 32,320 --a------ C:\WINDOWS\system32\pcvycwkc.dll
2008-05-09 22:16 . 2008-05-09 22:16 32,320 --a------ C:\WINDOWS\system32\opbhswie.dll
2008-05-09 22:13 . 2008-05-09 22:13 32,320 --a------ C:\WINDOWS\system32\vdcrrqnk.dll
2008-05-09 22:10 . 2008-05-09 22:10 32,320 --a------ C:\WINDOWS\system32\dvqsekts.dll
2008-05-09 22:07 . 2008-05-09 22:07 32,320 --a------ C:\WINDOWS\system32\jpofmnxa.dll
2008-05-09 22:04 . 2008-05-09 22:04 32,320 --a------ C:\WINDOWS\system32\qpellyvl.dll
2008-05-09 22:01 . 2008-05-09 22:01 32,320 --a------ C:\WINDOWS\system32\mghtblqa.dll
2008-05-09 21:58 . 2008-05-09 21:58 32,320 --a------ C:\WINDOWS\system32\yxulwqdp.dll
2008-05-09 21:55 . 2008-05-09 21:55 32,320 --a------ C:\WINDOWS\system32\kawqfdxn.dll
2008-05-09 21:52 . 2008-05-09 21:52 32,320 --a------ C:\WINDOWS\system32\iimvpqtb.dll
2008-05-09 21:49 . 2008-05-09 21:49 32,320 --a------ C:\WINDOWS\system32\wladebuj.dll
2008-05-09 21:46 . 2008-05-09 21:46 32,320 --a------ C:\WINDOWS\system32\gxbchsox.dll
2008-05-09 21:43 . 2008-05-09 21:43 32,320 --a------ C:\WINDOWS\system32\qtqkukti.dll
2008-05-09 21:37 . 2008-05-09 21:37 32,320 --a------ C:\WINDOWS\system32\oeoqnlss.dll
2008-05-09 21:34 . 2008-05-09 21:34 32,320 --a------ C:\WINDOWS\system32\deqrtxcd.dll
2008-05-09 21:31 . 2008-05-09 21:31 32,320 --a------ C:\WINDOWS\system32\kxsyklpm.dll
2008-05-09 21:28 . 2008-05-09 21:28 32,320 --a------ C:\WINDOWS\system32\nemeygmo.dll
2008-05-09 21:25 . 2008-05-09 21:25 32,320 --a------ C:\WINDOWS\system32\waehwpjn.dll
2008-05-09 21:22 . 2008-05-09 21:22 32,320 --a------ C:\WINDOWS\system32\rabiwbim.dll
2008-05-09 21:19 . 2008-05-09 21:19 32,320 --a------ C:\WINDOWS\system32\clwrlknl.dll
2008-05-09 21:16 . 2008-05-09 21:16 32,320 --a------ C:\WINDOWS\system32\yodfabck.dll
2008-05-09 21:13 . 2008-05-09 21:13 32,320 --a------ C:\WINDOWS\system32\exjttujd.dll
2008-05-09 21:10 . 2008-05-09 21:10 32,320 --a------ C:\WINDOWS\system32\cwkdfils.dll
2008-05-09 21:07 . 2008-05-09 21:07 32,320 --a------ C:\WINDOWS\system32\uuhgebfd.dll
2008-05-09 21:04 . 2008-05-09 21:04 32,320 --a------ C:\WINDOWS\system32\rpruhbpc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 00:14 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Skype
2008-05-16 22:07 --------- d-----w C:\Documents and Settings\Jeff\Application Data\skypePM
2008-05-16 20:39 --------- d-----w C:\Documents and Settings\Jeff\Application Data\MailWasherPro
2008-05-16 08:20 7,086 ----a-w C:\WINDOWS\system32\Fxxplfnt.tmp
2008-05-12 12:20 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe
2008-05-12 10:47 --------- d-----w C:\Program Files\Skype
2008-05-12 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-05-12 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-12 02:00 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Comodo
2008-05-12 00:04 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-12 00:04 434,252 ----a-w C:\WINDOWS\system32\msvcrtd.dll
2008-05-12 00:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-12 00:04 102,400 ----a-w C:\WINDOWS\system32\drivers\cavasm.sys
2008-05-12 00:04 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
2008-05-11 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-11 23:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 23:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-11 23:26 --------- d-----w C:\Program Files\GIGABYTE
2008-05-11 04:17 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-05-09 10:15 --------- d-----w C:\Program Files\Comodo
2008-05-08 23:47 73,728 ----a-w C:\WINDOWS\system32\CavEmLSP.dll
2008-05-06 01:11 257,024 ----a-w C:\WINDOWS\ATKKBService.exe
2008-05-06 00:55 --------- d-----w C:\Documents and Settings\Jeff\Application Data\uTorrent
2008-05-05 23:32 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-30 06:14 --------- d-----w C:\Documents and Settings\Jeff\Application Data\U3
2008-04-27 23:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-21 02:43 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Ahead
2008-04-17 00:22 --------- d-----w C:\Program Files\SkypeMate
2008-04-10 11:02 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Canon
2008-04-10 03:13 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Media Player Classic
2008-03-31 05:06 --------- d-----w C:\Program Files\Common Files\CANON
2008-03-31 05:03 --------- d-----w C:\Program Files\Canon
2008-03-31 05:02 --------- d--h--w C:\Program Files\CanonBJ
2008-03-31 05:02 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-31 04:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-31 03:33 --------- d-----w C:\Program Files\ASUS
2008-03-25 22:06 --------- d-----w C:\Program Files\NCH Software
2008-03-25 22:05 --------- d-----w C:\Documents and Settings\Jeff\Application Data\NCH Swift Sound
2008-03-25 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-25 04:45 --------- d-----w C:\Program Files\Siber Systems
2008-03-24 23:20 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Auslogics
2008-03-24 22:27 87,608 ----a-w C:\Documents and Settings\Jeff\Application Data\inst.exe
2008-03-24 22:27 47,360 ----a-w C:\Documents and Settings\Jeff\Application Data\pcouffin.sys
2008-03-24 22:27 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Vso
2008-03-24 08:38 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-23 00:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\ooVoo Details
2008-03-18 05:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-18 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-18 03:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-18 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-18 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-18 03:08 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM
2008-03-18 02:09 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-18 02:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-17 08:41 --------- d-----w C:\Program Files\Unlocker
2008-03-17 06:17 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-17 06:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Talkback
2008-03-17 05:04 --------- d-----w C:\Program Files\My Company Name
2008-03-17 04:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-17 04:46 --------- d-----w C:\Program Files\Realtek
2008-03-17 04:46 --------- d-----w C:\Documents and Settings\Jeff\Application Data\InstallShield
2008-03-17 04:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-17 04:43 --------- d-----w C:\Program Files\Yahoo!
2008-03-17 04:32 --------- d-----w C:\Program Files\Microsoft WSE
2008-03-17 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-17 04:31 --------- d-----w C:\Program Files\MSBuild
2008-03-17 04:29 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
2008-03-17 04:29 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-03-17 04:29 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-03-17 04:29 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-17 04:29 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-17 04:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-17 04:21 --------- d-----w C:\Program Files\Utilities
2008-03-17 04:20 --------- d-----w C:\Program Files\Java
2008-03-17 04:20 --------- d-----w C:\Program Files\Common Files\Java
2008-03-17 04:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-17 04:12 --------- d-----w C:\Program Files\Microsoft PowerToys
2008-03-17 04:12 --------- d-----w C:\Program Files\HashTab Shell Extension
.

------- Sigcheck -------

2007-05-28 08:03 823296 b8f4db39ca7353752f245379d285c80e C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2008-02-12 13:59 666112 c1b4a43d78c9a0b2ec403e0d6f1a11bb C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-12-07 12:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\wininet.dll
2007-12-07 12:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CD208B0-0E17-4FC1-8802-E04EA5B80E75}]
C:\WINDOWS\system32\ddcAttsq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 13:59 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-25 14:49 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-05-28 08:04 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00 455168]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 17:38 16384512 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 02:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 02:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"cnfgCav"="H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-05-12 10:04 110592]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 06:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 06:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 02:43 81920]
"Acrobat Assistant 8.0"="H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TPG"="C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe" [2008-02-17 00:11 1339392]
"VEngine"="C:\Program Files\Comodo\VEngine\VEngine.exe" [2008-05-10 07:56 335616]
"COMODO Firewall Pro"="H:\Program Files\Comodo\Firewall\cfp.exe" [2008-05-12 21:24 1572608]
"BOC-425"="H:\PROGRA~1\Comodo\BOC425.exe" [2007-11-26 10:38 342272]
"COMODO Memory Firewall"="H:\Program Files\Comodo\cmf.exe" [2008-05-12 11:58 2236160]
"DefragTaskBar"="H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 09:11 173408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 13:59 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [5/3/2007 3:52:18 PM 376832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [4/28/2008 9:26:36 AM 295606]
Adobe Acrobat Synchronizer.lnk - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2008-05-12 10:04 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00374B0]
__c00374B0.dat 2008-05-10 08:05 32320 C:\WINDOWS\system32\__c00374B0.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c004BC89]
__c004BC89.dat 2008-05-15 15:59 32320 C:\WINDOWS\system32\__c004BC89.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c005F5DD]
__c005F5DD.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0071A80]
__c0071A80.dat 2008-05-16 13:47 32320 C:\WINDOWS\system32\__c0071A80.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c008A491]
__c008A491.dat 2008-05-13 22:30 32320 C:\WINDOWS\system32\__c008A491.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00AC5E8]
__c00AC5E8.dat 2008-05-12 01:44 32320 C:\WINDOWS\system32\__c00AC5E8.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BEFB4]
__c00BEFB4.dat 2008-05-10 22:26 32320 C:\WINDOWS\system32\__c00BEFB4.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00F2179]
__c00F2179.dat 2008-05-17 06:38 32320 C:\WINDOWS\system32\__c00F2179.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-07-12 09:03 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-02-12 13:59 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
H:\Program Files\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-12 21:27]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-12 21:27]
R2 cmfd;cmfd;H:\Program Files\Comodo\cmfd.sys [2008-05-12 11:58]
R2 ComodoBackupService;ComodoBackupService;H:\Program Files\Comodo\BackUp\CmdBkSvc.exe [2008-05-12 11:20]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 09:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 09:03]
S2 VTingWinIe;VTingWinIe;C:\WINDOWS\system32\drivers\svchost.exe []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-11 14:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{645a758c-1a8d-11dd-9e1f-001a4d5c184b}]
\Shell\AutoRun\command - O:\autorun.exe
\Shell\phone\command - O:\autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 10:13:01
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\__c00374B0.dat
-> C:\WINDOWS\system32\__c004BC89.dat
-> C:\WINDOWS\system32\__c0071A80.dat
-> C:\WINDOWS\system32\__c008A491.dat
-> C:\WINDOWS\system32\__c00AC5E8.dat
-> C:\WINDOWS\system32\__c00BEFB4.dat
-> C:\WINDOWS\system32\__c00F2179.dat

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\WINDOWS\system32\__c00374B0.dat
.
------------------------ Other Running Processes ------------------------
.
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\ATKKBS~1.EXE
H:\Program Files\Comodo\BOCore.exe
H:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\Comodo\Common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
H:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
H:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\WINDOWS\system32\rundll32.exe
H:\Program Files\Comodo\Comodo AntiVirus\CavAUD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-17 10:15:00 - machine was rebooted [Jeff]
ComboFix-quarantined-files.txt 2008-05-17 00:14:54

Pre-Run: 22,641,229,824 bytes free
Post-Run: 22,580,916,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
H:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

510 --- E O F --- 2008-05-16 20:41:43

Ried · 05-16-2008, 07:30 PM

Ok Jeff, here's round 2.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/249652-now-desktop-infected-post1487605.html#post1487605

Collect::
C:\WINDOWS\system32\__c00F2179.dat
C:\WINDOWS\system32\__c0071A80.dat
C:\WINDOWS\system32\__c004BC89.dat
C:\WINDOWS\system32\__c00A607.dat
C:\WINDOWS\system32\__c008A491.dat
C:\WINDOWS\system32\__c001BA66.dat
C:\WINDOWS\system32\__c00AC5E8.dat
C:\WINDOWS\system32\jcsball.dat
C:\WINDOWS\system32\jcsb.new
C:\WINDOWS\system32\jerror.dat
C:\WINDOWS\system32\__c00BEFB4.dat
C:\WINDOWS\system32\__c00374B0.dat
C:\WINDOWS\system32\yugbxdih.dll
C:\WINDOWS\system32\tchnsxcy.dll
C:\WINDOWS\system32\pjybgfrl.dll

File::
C:\WINDOWS\system32\ezsidmv.dat
C:\WINDOWS\system32\jcsball.dat
C:\WINDOWS\system32\jcsb.new
C:\WINDOWS\system32\jerror.dat
C:\WINDOWS\system32\ikswvybw.dll
C:\WINDOWS\system32\dyopiaah.dll
C:\WINDOWS\system32\qfitekxk.dll
C:\WINDOWS\system32\psqhkiot.dll
C:\WINDOWS\system32\eefqqlcn.dll
C:\WINDOWS\system32\uwiqqftm.dll
C:\WINDOWS\system32\rjmyhpjn.dll
C:\WINDOWS\system32\oqxumdej.dll
C:\WINDOWS\system32\mtxecqif.dll
C:\WINDOWS\system32\capakxjg.dll
C:\WINDOWS\system32\fggwlwmj.dll
C:\WINDOWS\system32\mtrjkxca.dll
C:\WINDOWS\system32\venyunid.dll
C:\WINDOWS\system32\pwedyppo.dll
C:\WINDOWS\system32\lrlwrapf.dll
C:\WINDOWS\system32\uatkhnpl.dll
C:\WINDOWS\system32\aivsknut.dll
C:\WINDOWS\system32\lbixbuee.dll
C:\WINDOWS\system32\cnprhxpo.dll
C:\WINDOWS\system32\nhxndjbc.dll
C:\WINDOWS\system32\dtatpaer.dll
C:\WINDOWS\system32\gnkhxngj.dll
C:\WINDOWS\system32\usklrlll.dll
C:\WINDOWS\system32\cjccnspr.dll
C:\WINDOWS\system32\myqlsfkx.dll
C:\WINDOWS\system32\fulxwktv.dll
C:\WINDOWS\system32\ccgjvywc.dll
C:\WINDOWS\system32\jwdfqaum.dll
C:\WINDOWS\system32\iuklldlb.dll
C:\WINDOWS\system32\apkduttr.dll
C:\WINDOWS\system32\mjusruqr.dll
C:\WINDOWS\system32\avlcdsnw.dll
C:\WINDOWS\system32\fgojcorh.dll
C:\WINDOWS\system32\gowjoqfm.dll
C:\WINDOWS\system32\hspgpvoe.dll
C:\WINDOWS\system32\jftfrmjb.dll
C:\WINDOWS\system32\rardtusp.dll
C:\WINDOWS\system32\rrliuejo.dll
C:\WINDOWS\system32\amknfgdp.dll
C:\WINDOWS\system32\qtyitgbd.dll
C:\WINDOWS\system32\ueqrabik.dll
C:\WINDOWS\system32\wsqinxul.dll
C:\WINDOWS\system32\vswvslxx.dll
C:\WINDOWS\system32\jbutwkac.dll
C:\WINDOWS\system32\cjavjinv.dll
C:\WINDOWS\system32\ymgehipw.dll
C:\WINDOWS\system32\frpgxsog.dll
C:\WINDOWS\system32\cuyhbgbk.dll
C:\WINDOWS\system32\pqludfka.dll
C:\WINDOWS\system32\ohtxevlg.dll
C:\WINDOWS\system32\wqtynmoy.dll
C:\WINDOWS\system32\diyamcyy.dll
C:\WINDOWS\system32\jqedtvmb.dll
C:\WINDOWS\system32\nxdyxyfd.dll
C:\WINDOWS\system32\jtlpypix.dll
C:\WINDOWS\system32\bfbamxff.dll
C:\WINDOWS\system32\sscujfic.dll
C:\WINDOWS\system32\umkvqqux.dll
C:\WINDOWS\system32\kpdawfef.dll
C:\WINDOWS\system32\xlfvksrb.dll
C:\WINDOWS\system32\rxdftrun.dll
C:\WINDOWS\system32\geyiilru.dll
C:\WINDOWS\system32\gtvlsvhm.dll
C:\WINDOWS\system32\latdpoka.dll
C:\WINDOWS\system32\pkmcdrat.dll
C:\WINDOWS\system32\taeyqleh.dll
C:\WINDOWS\system32\pucmjauh.dll
C:\WINDOWS\system32\npruaxry.dll
C:\WINDOWS\system32\yiaoormu.dll
C:\WINDOWS\system32\klpsnhjn.dll
C:\WINDOWS\system32\fvtvoyua.dll
C:\WINDOWS\system32\hynbeoxu.dll
C:\WINDOWS\system32\mmsilnir.dll
C:\WINDOWS\system32\pcvycwkc.dll
C:\WINDOWS\system32\opbhswie.dll
C:\WINDOWS\system32\vdcrrqnk.dll
C:\WINDOWS\system32\dvqsekts.dll
C:\WINDOWS\system32\jpofmnxa.dll
C:\WINDOWS\system32\qpellyvl.dll
C:\WINDOWS\system32\mghtblqa.dll
C:\WINDOWS\system32\yxulwqdp.dll
C:\WINDOWS\system32\kawqfdxn.dll
C:\WINDOWS\system32\iimvpqtb.dll
C:\WINDOWS\system32\wladebuj.dll
C:\WINDOWS\system32\gxbchsox.dll
C:\WINDOWS\system32\qtqkukti.dll
C:\WINDOWS\system32\oeoqnlss.dll
C:\WINDOWS\system32\deqrtxcd.dll
C:\WINDOWS\system32\kxsyklpm.dll
C:\WINDOWS\system32\nemeygmo.dll
C:\WINDOWS\system32\waehwpjn.dll
C:\WINDOWS\system32\rabiwbim.dll
C:\WINDOWS\system32\clwrlknl.dll
C:\WINDOWS\system32\yodfabck.dll
C:\WINDOWS\system32\exjttujd.dll
C:\WINDOWS\system32\cwkdfils.dll
C:\WINDOWS\system32\uuhgebfd.dll
C:\WINDOWS\system32\rpruhbpc.dll
C:\WINDOWS\system32\Fxxplfnt.tmp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CD208B0-0E17-4FC1-8802-E04EA5B80E75}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00374B0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c004BC89]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c005F5DD]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0071A80]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c008A491]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00AC5E8]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BEFB4]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00F2179]

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.
A browser will open.
Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs!
Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis.exe and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
New HijackThis log
Update on system behavior

mannaoz · 05-16-2008, 11:46 PM

Here is the result from the scan hope this is what you want me to do. Also sent this to http://www.bleepingcomputer.com/pf.php as asked in the script?
ComboFix 08-05-15.3 - Jeff 2008-05-17 15:32:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2728 [GMT 10:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff\Desktop\ComProbs5.08\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\aivsknut.dll
C:\WINDOWS\system32\amknfgdp.dll
C:\WINDOWS\system32\apkduttr.dll
C:\WINDOWS\system32\avlcdsnw.dll
C:\WINDOWS\system32\bfbamxff.dll
C:\WINDOWS\system32\capakxjg.dll
C:\WINDOWS\system32\ccgjvywc.dll
C:\WINDOWS\system32\cjavjinv.dll
C:\WINDOWS\system32\cjccnspr.dll
C:\WINDOWS\system32\clwrlknl.dll
C:\WINDOWS\system32\cnprhxpo.dll
C:\WINDOWS\system32\cuyhbgbk.dll
C:\WINDOWS\system32\cwkdfils.dll
C:\WINDOWS\system32\deqrtxcd.dll
C:\WINDOWS\system32\diyamcyy.dll
C:\WINDOWS\system32\dtatpaer.dll
C:\WINDOWS\system32\dvqsekts.dll
C:\WINDOWS\system32\dyopiaah.dll
C:\WINDOWS\system32\eefqqlcn.dll
C:\WINDOWS\system32\exjttujd.dll
C:\WINDOWS\system32\ezsidmv.dat
C:\WINDOWS\system32\fggwlwmj.dll
C:\WINDOWS\system32\fgojcorh.dll
C:\WINDOWS\system32\frpgxsog.dll
C:\WINDOWS\system32\fulxwktv.dll
C:\WINDOWS\system32\fvtvoyua.dll
C:\WINDOWS\system32\Fxxplfnt.tmp
C:\WINDOWS\system32\geyiilru.dll
C:\WINDOWS\system32\gnkhxngj.dll
C:\WINDOWS\system32\gowjoqfm.dll
C:\WINDOWS\system32\gtvlsvhm.dll
C:\WINDOWS\system32\gxbchsox.dll
C:\WINDOWS\system32\hspgpvoe.dll
C:\WINDOWS\system32\hynbeoxu.dll
C:\WINDOWS\system32\iimvpqtb.dll
C:\WINDOWS\system32\ikswvybw.dll
C:\WINDOWS\system32\iuklldlb.dll
C:\WINDOWS\system32\jbutwkac.dll
C:\WINDOWS\system32\jcsb.new
C:\WINDOWS\system32\jcsball.dat
C:\WINDOWS\system32\jerror.dat
C:\WINDOWS\system32\jftfrmjb.dll
C:\WINDOWS\system32\jpofmnxa.dll
C:\WINDOWS\system32\jqedtvmb.dll
C:\WINDOWS\system32\jtlpypix.dll
C:\WINDOWS\system32\jwdfqaum.dll
C:\WINDOWS\system32\kawqfdxn.dll
C:\WINDOWS\system32\klpsnhjn.dll
C:\WINDOWS\system32\kpdawfef.dll
C:\WINDOWS\system32\kxsyklpm.dll
C:\WINDOWS\system32\latdpoka.dll
C:\WINDOWS\system32\lbixbuee.dll
C:\WINDOWS\system32\lrlwrapf.dll
C:\WINDOWS\system32\mghtblqa.dll
C:\WINDOWS\system32\mjusruqr.dll
C:\WINDOWS\system32\mmsilnir.dll
C:\WINDOWS\system32\mtrjkxca.dll
C:\WINDOWS\system32\mtxecqif.dll
C:\WINDOWS\system32\myqlsfkx.dll
C:\WINDOWS\system32\nemeygmo.dll
C:\WINDOWS\system32\nhxndjbc.dll
C:\WINDOWS\system32\npruaxry.dll
C:\WINDOWS\system32\nxdyxyfd.dll
C:\WINDOWS\system32\oeoqnlss.dll
C:\WINDOWS\system32\ohtxevlg.dll
C:\WINDOWS\system32\opbhswie.dll
C:\WINDOWS\system32\oqxumdej.dll
C:\WINDOWS\system32\pcvycwkc.dll
C:\WINDOWS\system32\pkmcdrat.dll
C:\WINDOWS\system32\pqludfka.dll
C:\WINDOWS\system32\psqhkiot.dll
C:\WINDOWS\system32\pucmjauh.dll
C:\WINDOWS\system32\pwedyppo.dll
C:\WINDOWS\system32\qfitekxk.dll
C:\WINDOWS\system32\qpellyvl.dll
C:\WINDOWS\system32\qtqkukti.dll
C:\WINDOWS\system32\qtyitgbd.dll
C:\WINDOWS\system32\rabiwbim.dll
C:\WINDOWS\system32\rardtusp.dll
C:\WINDOWS\system32\rjmyhpjn.dll
C:\WINDOWS\system32\rpruhbpc.dll
C:\WINDOWS\system32\rrliuejo.dll
C:\WINDOWS\system32\rxdftrun.dll
C:\WINDOWS\system32\sscujfic.dll
C:\WINDOWS\system32\taeyqleh.dll
C:\WINDOWS\system32\uatkhnpl.dll
C:\WINDOWS\system32\ueqrabik.dll
C:\WINDOWS\system32\umkvqqux.dll
C:\WINDOWS\system32\usklrlll.dll
C:\WINDOWS\system32\uuhgebfd.dll
C:\WINDOWS\system32\uwiqqftm.dll
C:\WINDOWS\system32\vdcrrqnk.dll
C:\WINDOWS\system32\venyunid.dll
C:\WINDOWS\system32\vswvslxx.dll
C:\WINDOWS\system32\waehwpjn.dll
C:\WINDOWS\system32\wladebuj.dll
C:\WINDOWS\system32\wqtynmoy.dll
C:\WINDOWS\system32\wsqinxul.dll
C:\WINDOWS\system32\xlfvksrb.dll
C:\WINDOWS\system32\yiaoormu.dll
C:\WINDOWS\system32\ymgehipw.dll
C:\WINDOWS\system32\yodfabck.dll
C:\WINDOWS\system32\yxulwqdp.dll
.
The following files were disabled during the run:
C:\WINDOWS\system32\cmfdll32.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\__c001BA66.dat
C:\WINDOWS\system32\__c00374B0.dat
C:\WINDOWS\system32\__c004BC89.dat
C:\WINDOWS\system32\__c0071A80.dat
C:\WINDOWS\system32\__c008A491.dat
C:\WINDOWS\system32\__c00A607.dat
C:\WINDOWS\system32\__c00AC5E8.dat
C:\WINDOWS\system32\__c00BEFB4.dat
C:\WINDOWS\system32\__c00F2179.dat
C:\WINDOWS\system32\aivsknut.dll
C:\WINDOWS\system32\amknfgdp.dll
C:\WINDOWS\system32\apkduttr.dll
C:\WINDOWS\system32\avlcdsnw.dll
C:\WINDOWS\system32\axuoquhx.dll
C:\WINDOWS\system32\bdkwvfcu.dll
C:\WINDOWS\system32\bfbamxff.dll
C:\WINDOWS\system32\capakxjg.dll
C:\WINDOWS\system32\ccgjvywc.dll
C:\WINDOWS\system32\chdemnns.dll
C:\WINDOWS\system32\cjavjinv.dll
C:\WINDOWS\system32\cjccnspr.dll
C:\WINDOWS\system32\clwrlknl.dll
C:\WINDOWS\system32\cnprhxpo.dll
C:\WINDOWS\system32\cqtdrmje.dll
C:\WINDOWS\system32\cuyhbgbk.dll
C:\WINDOWS\system32\cwkdfils.dll
C:\WINDOWS\system32\davdvuxn.dll
C:\WINDOWS\system32\deqrtxcd.dll
C:\WINDOWS\system32\diyamcyy.dll
C:\WINDOWS\system32\dtatpaer.dll
C:\WINDOWS\system32\dvqsekts.dll
C:\WINDOWS\system32\dyopiaah.dll
C:\WINDOWS\system32\eefqqlcn.dll
C:\WINDOWS\system32\exjttujd.dll
C:\WINDOWS\system32\ezsidmv.dat
C:\WINDOWS\system32\fggwlwmj.dll
C:\WINDOWS\system32\fgojcorh.dll
C:\WINDOWS\system32\fhwmqslx.dll
C:\WINDOWS\system32\frpgxsog.dll
C:\WINDOWS\system32\fulxwktv.dll
C:\WINDOWS\system32\fvtvoyua.dll
C:\WINDOWS\system32\Fxxplfnt.tmp
C:\WINDOWS\system32\geyiilru.dll
C:\WINDOWS\system32\glfyiqtk.dll
C:\WINDOWS\system32\gnkhxngj.dll
C:\WINDOWS\system32\gowjoqfm.dll
C:\WINDOWS\system32\gtvlsvhm.dll
C:\WINDOWS\system32\gxbchsox.dll
C:\WINDOWS\system32\hdwboane.dll
C:\WINDOWS\system32\hspgpvoe.dll
C:\WINDOWS\system32\hynbeoxu.dll
C:\WINDOWS\system32\ignfwpbb.dll
C:\WINDOWS\system32\iimvpqtb.dll
C:\WINDOWS\system32\iixgugls.dll
C:\WINDOWS\system32\ikswvybw.dll
C:\WINDOWS\system32\iuklldlb.dll
C:\WINDOWS\system32\jajcfgfa.dll
C:\WINDOWS\system32\jbutwkac.dll
C:\WINDOWS\system32\jcsb.new
C:\WINDOWS\system32\jcsball.dat
C:\WINDOWS\system32\jefjvsui.dll
C:\WINDOWS\system32\jerror.dat
C:\WINDOWS\system32\jftfrmjb.dll
C:\WINDOWS\system32\jpofmnxa.dll
C:\WINDOWS\system32\jqedtvmb.dll
C:\WINDOWS\system32\jqprxjhg.dll
C:\WINDOWS\system32\jtlpypix.dll
C:\WINDOWS\system32\jwdfqaum.dll
C:\WINDOWS\system32\kawqfdxn.dll
C:\WINDOWS\system32\kbnbpnfl.dll
C:\WINDOWS\system32\klpsnhjn.dll
C:\WINDOWS\system32\kpdawfef.dll
C:\WINDOWS\system32\kprsnkdw.dll
C:\WINDOWS\system32\kxsyklpm.dll
C:\WINDOWS\system32\latdpoka.dll
C:\WINDOWS\system32\lbixbuee.dll
C:\WINDOWS\system32\llcbgjta.dll
C:\WINDOWS\system32\lrlwrapf.dll
C:\WINDOWS\system32\mghtblqa.dll
C:\WINDOWS\system32\mjusruqr.dll
C:\WINDOWS\system32\mmsilnir.dll
C:\WINDOWS\system32\msblvwnt.dll
C:\WINDOWS\system32\mtrjkxca.dll
C:\WINDOWS\system32\mtxecqif.dll
C:\WINDOWS\system32\myqlsfkx.dll
C:\WINDOWS\system32\nemeygmo.dll
C:\WINDOWS\system32\nhxndjbc.dll
C:\WINDOWS\system32\npruaxry.dll
C:\WINDOWS\system32\nxdyxyfd.dll
C:\WINDOWS\system32\oeoqnlss.dll
C:\WINDOWS\system32\ohtxevlg.dll
C:\WINDOWS\system32\opbhswie.dll
C:\WINDOWS\system32\oqxumdej.dll
C:\WINDOWS\system32\otrkctlu.dll
C:\WINDOWS\system32\oydpboum.dll
C:\WINDOWS\system32\pcvycwkc.dll
C:\WINDOWS\system32\pcycbdef.dll
C:\WINDOWS\system32\pgqisbej.dll
C:\WINDOWS\system32\pjfovyww.dll
C:\WINDOWS\system32\pjybgfrl.dll
C:\WINDOWS\system32\pkmcdrat.dll
C:\WINDOWS\system32\pqludfka.dll
C:\WINDOWS\system32\psqhkiot.dll
C:\WINDOWS\system32\pucmjauh.dll
C:\WINDOWS\system32\pvfmamqr.dll
C:\WINDOWS\system32\pwedyppo.dll
C:\WINDOWS\system32\qcajkhnw.dll
C:\WINDOWS\system32\qfitekxk.dll
C:\WINDOWS\system32\qpellyvl.dll
C:\WINDOWS\system32\qtqkukti.dll
C:\WINDOWS\system32\qtyitgbd.dll
C:\WINDOWS\system32\rabiwbim.dll
C:\WINDOWS\system32\rardtusp.dll
C:\WINDOWS\system32\rjmyhpjn.dll
C:\WINDOWS\system32\rpruhbpc.dll
C:\WINDOWS\system32\rrliuejo.dll
C:\WINDOWS\system32\rxdftrun.dll
C:\WINDOWS\system32\rypiofcf.dll
C:\WINDOWS\system32\sjtsanuc.dll
C:\WINDOWS\system32\sscujfic.dll
C:\WINDOWS\system32\suhxgafn.dll
C:\WINDOWS\system32\taeyqleh.dll
C:\WINDOWS\system32\tchnsxcy.dll
C:\WINDOWS\system32\trfmyofk.dll
C:\WINDOWS\system32\uatkhnpl.dll
C:\WINDOWS\system32\ueqrabik.dll
C:\WINDOWS\system32\uhfaduxx.dll
C:\WINDOWS\system32\uijchomm.dll
C:\WINDOWS\system32\umkvqqux.dll
C:\WINDOWS\system32\usklrlll.dll
C:\WINDOWS\system32\uuhgebfd.dll
C:\WINDOWS\system32\uwiqqftm.dll
C:\WINDOWS\system32\vdcrrqnk.dll
C:\WINDOWS\system32\venyunid.dll
C:\WINDOWS\system32\vjtktidk.dll
C:\WINDOWS\system32\vomtksfu.dll
C:\WINDOWS\system32\vswvslxx.dll
C:\WINDOWS\system32\waehwpjn.dll
C:\WINDOWS\system32\wgtxmsiy.dll
C:\WINDOWS\system32\whgcwsup.dll
C:\WINDOWS\system32\wladebuj.dll
C:\WINDOWS\system32\wqtynmoy.dll
C:\WINDOWS\system32\wsqinxul.dll
C:\WINDOWS\system32\xduojsjv.dll
C:\WINDOWS\system32\xfekemyv.dll
C:\WINDOWS\system32\xgyyvdnc.dll
C:\WINDOWS\system32\xlfvksrb.dll
C:\WINDOWS\system32\yiaoormu.dll
C:\WINDOWS\system32\ymgehipw.dll
C:\WINDOWS\system32\yodfabck.dll
C:\WINDOWS\system32\yovmabwq.dll
C:\WINDOWS\system32\yugbxdih.dll
C:\WINDOWS\system32\ywoxhqtd.dll
C:\WINDOWS\system32\yxulwqdp.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-17 10:04 . 2008-05-17 10:04 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-12 20:47 . 2008-05-12 20:47 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-12 11:58 . 2008-05-12 11:58 77,568 --a------ C:\WINDOWS\system32\cmfdll32.dll.vir
2008-05-12 11:17 . 2008-05-12 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2008-05-12 11:17 . 2008-05-17 15:35 10,351 --a------ C:\WINDOWS\BOC425.INI
2008-05-12 10:09 . 2008-05-12 10:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-12 10:08 . 2008-05-12 10:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-12 10:08 . 2008-05-12 21:27 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-12 10:08 . 2008-05-12 21:27 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-12 10:08 . 2008-05-12 21:27 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-12 09:41 . 2008-05-12 18:05 <DIR> d-------- C:\Program Files\EMCO Malware Destroyer
2008-05-09 19:55 . 2008-05-09 19:55 32,320 --a------ C:\WINDOWS\system32\__c006C59A.dat
2008-05-09 19:52 . 2008-05-09 19:52 32,320 --a------ C:\WINDOWS\system32\__c009E766.dat
2008-05-09 19:46 . 2008-05-09 19:46 32,320 --a------ C:\WINDOWS\system32\__c00E5E97.dat
2008-05-09 19:24 . 2008-05-09 19:24 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.dat.LOG
2008-05-09 09:49 . 2008-05-12 10:04 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-05-08 21:42 . 2008-05-08 21:42 <DIR> d-------- C:\Deckard
2008-05-08 19:46 . 2008-05-08 19:46 <DIR> d-------- C:\Program Files\Panda Security
2008-05-08 17:42 . 2008-05-08 17:42 32,320 --a------ C:\WINDOWS\system32\__c0087BD3.dat
2008-05-07 08:11 . 2008-05-07 08:11 32,320 --a------ C:\WINDOWS\system32\__c008DF90.dat
2008-05-07 08:10 . 2008-05-07 17:22 7,594 --a------ C:\WINDOWS\system32\jcsb(2).new
2008-05-06 09:49 . 2008-05-06 09:52 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\mjusbsp
2008-05-06 00:46 . 2008-05-06 00:46 32,320 --a------ C:\WINDOWS\system32\__c00D3D2.dat
2008-05-06 00:43 . 2008-05-16 22:22 109,778 --a------ C:\WINDOWS\BM8ba22b90.xml
2008-05-05 20:26 . 2008-05-12 12:01 32,768 --a------ C:\WINDOWS\system32\VTingWin.dll
2008-05-05 17:09 . 2008-05-05 17:09 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\PKWARE
2008-05-05 17:09 . 2008-05-05 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PKWARE
2008-05-05 14:34 . 2008-05-05 14:34 <DIR> d-------- C:\Program Files\Common Files\PKWARE
2008-05-05 13:27 . 2008-05-05 13:28 107 --a------ C:\WINDOWS\SeeYa! Settings.ini
2008-05-05 13:27 . 2008-05-05 13:27 50 --a------ C:\WINDOWS\Illuminator Settings.ini
2008-05-05 13:27 . 2008-05-05 13:27 24 --a------ C:\WINDOWS\SEEYB.ini
2008-05-05 13:27 . 2008-05-05 13:27 24 --a------ C:\WINDOWS\APHIB.ini
2008-05-05 12:37 . 2008-05-05 12:37 0 --a------ C:\WINDOWS\system32\rqRHXrOe.dll
2008-05-05 12:32 . 2008-05-05 14:10 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\Ashampoo
2008-05-04 12:48 . 1999-11-10 02:55 16,119 --a------ C:\WINDOWS\system32\Odbcinst.chm
2008-05-04 12:39 . 2008-05-04 12:40 <DIR> d-------- C:\Program Files\TPG LeechOmeter
2008-05-02 17:27 . 2008-02-12 15:00 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-05-02 17:27 . 2008-02-12 15:00 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-04-28 09:27 . 2008-04-28 09:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-28 09:27 . 2008-04-28 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-25 14:39 . 2008-04-25 14:39 <DIR> d-------- C:\WINDOWS\system32\ebay
2008-04-21 18:54 . 2008-05-12 09:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 18:25 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-21 18:25 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-04-21 18:25 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-21 16:41 . 2008-04-21 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-21 16:40 . 2008-04-21 17:48 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\Azureus
2008-04-21 16:36 . 2008-04-21 16:40 <DIR> d-------- C:\Program Files\Azureus
2008-04-21 16:36 . 2008-04-21 16:36 <DIR> d-------- C:\Documents and Settings\Jeff\Temp
2008-04-21 15:45 . 2008-04-21 15:45 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\FastStone
2008-04-21 15:37 . 2008-04-21 15:37 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\CD-LabelPrint
2008-04-17 10:26 . 2008-04-17 10:26 <DIR> d-------- C:\Program Files\Philips

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 05:37 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Skype
2008-05-16 22:07 --------- d-----w C:\Documents and Settings\Jeff\Application Data\skypePM
2008-05-16 20:39 --------- d-----w C:\Documents and Settings\Jeff\Application Data\MailWasherPro
2008-05-12 12:20 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe
2008-05-12 10:47 --------- d-----w C:\Program Files\Skype
2008-05-12 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-05-12 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-12 02:00 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Comodo
2008-05-12 00:04 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-12 00:04 434,252 ----a-w C:\WINDOWS\system32\msvcrtd.dll
2008-05-12 00:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-12 00:04 102,400 ----a-w C:\WINDOWS\system32\drivers\cavasm.sys
2008-05-12 00:04 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
2008-05-11 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-11 23:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 23:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-11 23:26 --------- d-----w C:\Program Files\GIGABYTE
2008-05-11 04:17 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-05-09 10:15 --------- d-----w C:\Program Files\Comodo
2008-05-08 23:47 73,728 ----a-w C:\WINDOWS\system32\CavEmLSP.dll
2008-05-06 01:11 257,024 ----a-w C:\WINDOWS\ATKKBService.exe
2008-05-06 00:55 --------- d-----w C:\Documents and Settings\Jeff\Application Data\uTorrent
2008-05-05 23:32 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-30 06:14 --------- d-----w C:\Documents and Settings\Jeff\Application Data\U3
2008-04-27 23:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-21 02:43 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Ahead
2008-04-17 00:22 --------- d-----w C:\Program Files\SkypeMate
2008-04-10 11:02 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Canon
2008-04-10 03:13 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Media Player Classic
2008-03-31 05:06 --------- d-----w C:\Program Files\Common Files\CANON
2008-03-31 05:03 --------- d-----w C:\Program Files\Canon
2008-03-31 05:02 --------- d--h--w C:\Program Files\CanonBJ
2008-03-31 05:02 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-31 04:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-31 03:33 --------- d-----w C:\Program Files\ASUS
2008-03-25 22:06 --------- d-----w C:\Program Files\NCH Software
2008-03-25 22:05 --------- d-----w C:\Documents and Settings\Jeff\Application Data\NCH Swift Sound
2008-03-25 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-25 04:45 --------- d-----w C:\Program Files\Siber Systems
2008-03-24 23:20 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Auslogics
2008-03-24 22:27 87,608 ----a-w C:\Documents and Settings\Jeff\Application Data\inst.exe
2008-03-24 22:27 47,360 ----a-w C:\Documents and Settings\Jeff\Application Data\pcouffin.sys
2008-03-24 22:27 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Vso
2008-03-24 08:38 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-23 00:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\ooVoo Details
2008-03-18 05:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-18 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-18 03:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-18 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-18 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-18 03:08 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM
2008-03-18 02:09 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-18 02:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-17 08:41 --------- d-----w C:\Program Files\Unlocker
2008-03-17 06:17 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-17 06:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Talkback
2008-03-17 05:04 --------- d-----w C:\Program Files\My Company Name
2008-03-17 04:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-17 04:46 --------- d-----w C:\Program Files\Realtek
2008-03-17 04:46 --------- d-----w C:\Documents and Settings\Jeff\Application Data\InstallShield
2008-03-17 04:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-17 04:43 --------- d-----w C:\Program Files\Yahoo!
2008-03-17 04:32 --------- d-----w C:\Program Files\Microsoft WSE
2008-03-17 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-17 04:31 --------- d-----w C:\Program Files\MSBuild
2008-03-17 04:29 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
2008-03-17 04:29 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-03-17 04:29 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-03-17 04:29 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-17 04:29 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-17 04:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-17 04:21 --------- d-----w C:\Program Files\Utilities
2008-03-17 04:20 --------- d-----w C:\Program Files\Java
2008-03-17 04:20 --------- d-----w C:\Program Files\Common Files\Java
2008-03-17 04:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-17 04:12 --------- d-----w C:\Program Files\Microsoft PowerToys
2008-03-17 04:12 --------- d-----w C:\Program Files\HashTab Shell Extension
.

------- Sigcheck -------

2007-05-28 08:03 823296 b8f4db39ca7353752f245379d285c80e C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2008-02-12 13:59 666112 c1b4a43d78c9a0b2ec403e0d6f1a11bb C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-12-07 12:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\wininet.dll
2007-12-07 12:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-17_10.14.40.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 00:10:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-17 05:35:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 13:59 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-25 14:49 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-05-28 08:04 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00 455168]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 17:38 16384512 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 02:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 02:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"cnfgCav"="H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-05-12 10:04 110592]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 06:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 06:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 02:43 81920]
"Acrobat Assistant 8.0"="H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TPG"="C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe" [2008-02-17 00:11 1339392]
"VEngine"="C:\Program Files\Comodo\VEngine\VEngine.exe" [2008-05-10 07:56 335616]
"COMODO Firewall Pro"="H:\Program Files\Comodo\Firewall\cfp.exe" [2008-05-12 21:24 1572608]
"BOC-425"="H:\PROGRA~1\Comodo\BOC425.exe" [2007-11-26 10:38 342272]
"COMODO Memory Firewall"="H:\Program Files\Comodo\cmf.exe" [2008-05-12 11:58 2236160]
"DefragTaskBar"="H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 09:11 173408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 13:59 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [5/3/2007 3:52:18 PM 376832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [4/28/2008 9:26:36 AM 295606]
Adobe Acrobat Synchronizer.lnk - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2008-05-12 10:04 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-07-12 09:03 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-02-12 13:59 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
H:\Program Files\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-12 21:27]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-12 21:27]
R2 cmfd;cmfd;H:\Program Files\Comodo\cmfd.sys [2008-05-12 11:58]
R2 ComodoBackupService;ComodoBackupService;H:\Program Files\Comodo\BackUp\CmdBkSvc.exe [2008-05-12 11:20]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 09:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 09:03]
S2 VTingWinIe;VTingWinIe;C:\WINDOWS\system32\drivers\svchost.exe []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-11 14:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{645a758c-1a8d-11dd-9e1f-001a4d5c184b}]
\Shell\AutoRun\command - O:\autorun.exe
\Shell\phone\command - O:\autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 15:36:18
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP\cavbase47 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\ATKKBS~1.EXE
H:\Program Files\Comodo\BOCore.exe
H:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\Comodo\Common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\rundll32.exe
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
H:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
H:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Comodo\Comodo AntiVirus\CavAUD.exe
.
**************************************************************************
.
Completion time: 2008-05-17 15:40:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 05:40:13
ComboFix2.txt 2008-05-17 00:15:01

Pre-Run: 22,612,897,792 bytes free
Post-Run: 22,589,579,264 bytes free

547 --- E O F --- 2008-05-16 20:41:43
Now will do The Kapersky scan

Jeff in OZ

mannaoz · 05-16-2008, 11:57 PM

OK now here is were we get stuck. My IE is saying I have no addons enabled but when I follow the instruction to enable the addons this is greyed out and I can't find a way to open this. I use Firefox so I am not up to speed with this new instruction. I have tried so many times to enable the addons from the tools, manage addons. So please help here.

Thanks in advance

Jeff in OZ

Ried · 05-17-2008, 12:51 PM

Hi Jeff,

What you sent was the ComboFix.txt to that channel. What I need you to upload there is the submit.zip file that you see on your desktop.

Please submit it to this site --> http://www.bleepingcomputer.com/subm....php?channel=4

----------------------------------

Try this for your issue with IE Add ons:

1. Right-click the IE icon on the Start Menu, choose Properties.

Go to the Shortcut tab. In the Target field, if "-extoff" is at the end of the path to iexplore.exe, edit it out leaving "C:\Program Files\Internet
Explorer\iexplore.exe" (leave the quotes.)

2. Internet Options> Advanced> Browsing> check "Enable third-party browser extensions."

I'll copy this information to your Laptop thread. Let me know how that worked out for you.

mannaoz · 05-17-2008, 12:55 PM

Oh dear wrong again
OK will do so when I return home from my night shift in about 2 hours time from now. its 4.55am here now

Jeff in Oz

Ried · 05-17-2008, 01:03 PM

That'll be fine Jeff. I am subscribed so will receive notification when you reply.

mannaoz · 05-17-2008, 03:44 PM

Me again OK have just uploaded the file submit.zip and had notification it has been accepted.
Also have the K scan underway

Thanks again

Jeff in OZ

Ried · 05-17-2008, 09:18 PM

File received, thank you.

I do have more deletions for you, but we'll wait for the Kaspersky report and hit them all at one time.

mannaoz · 05-17-2008, 10:42 PM

I have just sent you all the results can't see them here??
Anyway I have just found that one of the HDD was not connected for some reason so I am redoing everything again DAM DAM DAM
Anyhow we are looking at another 6 hours of work here.
Sorry for that hope this will noty inconvenience you too much.

Jeff in OZ

Ried · 05-17-2008, 10:50 PM

What results are you referring to that you cannot see here?

Since you have to re-scan, let's get rid of what I do see before you start.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:

File::
C:\WINDOWS\system32\__c006C59A.dat
C:\WINDOWS\system32\__c009E766.dat
C:\WINDOWS\system32\__c00E5E97.dat
C:\WINDOWS\system32\__c0087BD3.dat
C:\WINDOWS\system32\__c008DF90.dat
C:\WINDOWS\system32\__c00D3D2.dat
C:\WINDOWS\BM8ba22b90.xml
C:\WINDOWS\system32\rqRHXrOe.dll

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

Post the C:\ComboFix.txt along with the Kaspersky results when it's finished.

mannaoz · 05-18-2008, 11:45 AM

OK 3.37am here now just completed. Have the scan results. WOW
1:
ComboFix 08-05-15.3 - Jeff 2008-05-19 3:27:28.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2805 [GMT 10:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\cmfdll32.dll

((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-18 14:04 . 2008-05-18 14:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-18 07:20 . 2008-05-18 07:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-18 07:20 . 2008-05-18 07:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-17 15:37 . 2008-05-17 15:37 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-17 10:04 . 2008-05-17 10:04 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-12 20:47 . 2008-05-12 20:47 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-12 11:58 . 2008-05-12 11:58 77,568 --a------ C:\WINDOWS\system32\cmfdll32.dll.vir
2008-05-12 11:17 . 2008-05-12 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2008-05-12 11:17 . 2008-05-19 03:26 10,361 --a------ C:\WINDOWS\BOC425.INI
2008-05-12 10:09 . 2008-05-12 10:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-12 10:08 . 2008-05-12 10:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-12 10:08 . 2008-05-12 21:27 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-12 10:08 . 2008-05-12 21:27 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-12 10:08 . 2008-05-12 21:27 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-12 09:41 . 2008-05-12 18:05 <DIR> d-------- C:\Program Files\EMCO Malware Destroyer
2008-05-09 19:55 . 2008-05-09 19:55 32,320 --a------ C:\WINDOWS\system32\__c006C59A.dat
2008-05-09 19:52 . 2008-05-09 19:52 32,320 --a------ C:\WINDOWS\system32\__c009E766.dat
2008-05-09 19:46 . 2008-05-09 19:46 32,320 --a------ C:\WINDOWS\system32\__c00E5E97.dat
2008-05-09 19:24 . 2008-05-09 19:24 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.dat.LOG
2008-05-09 09:49 . 2008-05-12 10:04 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-05-08 21:42 . 2008-05-08 21:42 <DIR> d-------- C:\Deckard
2008-05-08 19:46 . 2008-05-08 19:46 <DIR> d-------- C:\Program Files\Panda Security
2008-05-08 17:42 . 2008-05-08 17:42 32,320 --a------ C:\WINDOWS\system32\__c0087BD3.dat
2008-05-07 08:11 . 2008-05-07 08:11 32,320 --a------ C:\WINDOWS\system32\__c008DF90.dat
2008-05-07 08:10 . 2008-05-07 17:22 7,594 --a------ C:\WINDOWS\system32\jcsb(2).new
2008-05-06 09:49 . 2008-05-06 09:52 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\mjusbsp
2008-05-06 00:46 . 2008-05-06 00:46 32,320 --a------ C:\WINDOWS\system32\__c00D3D2.dat
2008-05-06 00:43 . 2008-05-16 22:22 109,778 --a------ C:\WINDOWS\BM8ba22b90.xml
2008-05-05 20:26 . 2008-05-12 12:01 32,768 --a------ C:\WINDOWS\system32\VTingWin.dll
2008-05-05 17:09 . 2008-05-18 07:38 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\PKWARE
2008-05-05 17:09 . 2008-05-05 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PKWARE
2008-05-05 14:34 . 2008-05-05 14:34 <DIR> d-------- C:\Program Files\Common Files\PKWARE
2008-05-05 13:27 . 2008-05-05 13:28 107 --a------ C:\WINDOWS\SeeYa! Settings.ini
2008-05-05 13:27 . 2008-05-05 13:27 50 --a------ C:\WINDOWS\Illuminator Settings.ini
2008-05-05 13:27 . 2008-05-05 13:27 24 --a------ C:\WINDOWS\SEEYB.ini
2008-05-05 13:27 . 2008-05-05 13:27 24 --a------ C:\WINDOWS\APHIB.ini
2008-05-05 12:37 . 2008-05-05 12:37 0 --a------ C:\WINDOWS\system32\rqRHXrOe.dll
2008-05-05 12:32 . 2008-05-05 14:10 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\Ashampoo
2008-05-04 12:48 . 1999-11-10 02:55 16,119 --a------ C:\WINDOWS\system32\Odbcinst.chm
2008-05-04 12:39 . 2008-05-04 12:40 <DIR> d-------- C:\Program Files\TPG LeechOmeter
2008-05-02 17:27 . 2008-02-12 15:00 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-05-02 17:27 . 2008-02-12 15:00 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-04-28 09:27 . 2008-04-28 09:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-28 09:27 . 2008-04-28 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-25 14:39 . 2008-04-25 14:39 <DIR> d-------- C:\WINDOWS\system32\ebay
2008-04-21 18:54 . 2008-05-12 09:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 18:25 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-21 18:25 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-04-21 18:25 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-21 16:41 . 2008-04-21 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-21 16:40 . 2008-04-21 17:48 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\Azureus
2008-04-21 16:36 . 2008-04-21 16:40 <DIR> d-------- C:\Program Files\Azureus
2008-04-21 16:36 . 2008-04-21 16:36 <DIR> d-------- C:\Documents and Settings\Jeff\Temp
2008-04-21 15:45 . 2008-04-21 15:45 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\FastStone
2008-04-21 15:37 . 2008-04-21 15:37 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\CD-LabelPrint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 17:25 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Skype
2008-05-18 17:24 --------- d-----w C:\Documents and Settings\Jeff\Application Data\skypePM
2008-05-17 21:07 --------- d-----w C:\Documents and Settings\Jeff\Application Data\MailWasherPro
2008-05-12 12:20 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe
2008-05-12 10:47 --------- d-----w C:\Program Files\Skype
2008-05-12 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-05-12 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-12 02:00 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Comodo
2008-05-12 00:04 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-12 00:04 434,252 ----a-w C:\WINDOWS\system32\msvcrtd.dll
2008-05-12 00:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-12 00:04 102,400 ----a-w C:\WINDOWS\system32\drivers\cavasm.sys
2008-05-12 00:04 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
2008-05-11 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-11 23:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 23:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-11 23:26 --------- d-----w C:\Program Files\GIGABYTE
2008-05-11 04:17 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-05-09 10:15 --------- d-----w C:\Program Files\Comodo
2008-05-08 23:47 73,728 ----a-w C:\WINDOWS\system32\CavEmLSP.dll
2008-05-06 01:11 257,024 ----a-w C:\WINDOWS\ATKKBService.exe
2008-05-06 00:55 --------- d-----w C:\Documents and Settings\Jeff\Application Data\uTorrent
2008-05-05 23:32 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-30 06:14 --------- d-----w C:\Documents and Settings\Jeff\Application Data\U3
2008-04-27 23:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-21 02:43 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Ahead
2008-04-17 00:26 --------- d-----w C:\Program Files\Philips
2008-04-17 00:22 --------- d-----w C:\Program Files\SkypeMate
2008-04-10 11:02 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Canon
2008-04-10 03:13 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Media Player Classic
2008-03-31 05:06 --------- d-----w C:\Program Files\Common Files\CANON
2008-03-31 05:03 --------- d-----w C:\Program Files\Canon
2008-03-31 05:02 --------- d--h--w C:\Program Files\CanonBJ
2008-03-31 05:02 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-31 04:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-31 03:33 --------- d-----w C:\Program Files\ASUS
2008-03-25 22:06 --------- d-----w C:\Program Files\NCH Software
2008-03-25 22:05 --------- d-----w C:\Documents and Settings\Jeff\Application Data\NCH Swift Sound
2008-03-25 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-25 04:45 --------- d-----w C:\Program Files\Siber Systems
2008-03-24 23:20 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Auslogics
2008-03-24 22:27 87,608 ----a-w C:\Documents and Settings\Jeff\Application Data\inst.exe
2008-03-24 22:27 47,360 ----a-w C:\Documents and Settings\Jeff\Application Data\pcouffin.sys
2008-03-24 22:27 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Vso
2008-03-24 08:38 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-23 00:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\ooVoo Details
2008-03-18 05:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-18 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-18 03:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-18 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-18 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-18 03:08 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM
2008-03-18 02:09 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-18 02:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-17 04:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-17 04:29 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
2008-03-17 04:29 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-03-17 04:29 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
.

------- Sigcheck -------

2007-05-28 08:03 823296 b8f4db39ca7353752f245379d285c80e C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2008-02-12 13:59 666112 c1b4a43d78c9a0b2ec403e0d6f1a11bb C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-12-07 12:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\wininet.dll
2007-12-07 12:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-17_10.14.40.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 00:10:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 17:23:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 02:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 05:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 05:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-09 04:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-18 17:24:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 13:59 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-25 14:49 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-05-28 08:04 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00 455168]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 17:38 16384512 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 02:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 02:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"cnfgCav"="H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-05-12 10:04 110592]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 06:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 06:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 02:43 81920]
"Acrobat Assistant 8.0"="H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TPG"="C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe" [2008-02-17 00:11 1339392]
"VEngine"="C:\Program Files\Comodo\VEngine\VEngine.exe" [2008-05-10 07:56 335616]
"COMODO Firewall Pro"="H:\Program Files\Comodo\Firewall\cfp.exe" [2008-05-12 21:24 1572608]
"BOC-425"="H:\PROGRA~1\Comodo\BOC425.exe" [2007-11-26 10:38 342272]
"COMODO Memory Firewall"="H:\Program Files\Comodo\cmf.exe" [2008-05-12 11:58 2236160]
"DefragTaskBar"="H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 09:11 173408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 13:59 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [5/3/2007 3:52:18 PM 376832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [4/28/2008 9:26:36 AM 295606]
Adobe Acrobat Synchronizer.lnk - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2008-05-12 10:04 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-07-12 09:03 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-02-12 13:59 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
H:\Program Files\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-12 21:27]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-12 21:27]
R2 cmfd;cmfd;H:\Program Files\Comodo\cmfd.sys [2008-05-12 11:58]
R2 ComodoBackupService;ComodoBackupService;H:\Program Files\Comodo\BackUp\CmdBkSvc.exe [2008-05-12 11:20]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 09:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 09:03]
S2 VTingWinIe;VTingWinIe;C:\WINDOWS\system32\drivers\svchost.exe []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-11 14:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{645a758c-1a8d-11dd-9e1f-001a4d5c184b}]
\Shell\AutoRun\command - O:\autorun.exe
\Shell\phone\command - O:\autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 03:29:04
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-05-19 3:29:44
ComboFix-quarantined-files.txt 2008-05-18 17:29:38
ComboFix2.txt 2008-05-18 17:21:13
ComboFix3.txt 2008-05-18 04:13:35
ComboFix4.txt 2008-05-17 05:40:18
ComboFix5.txt 2008-05-17 00:15:01

Pre-Run: 22,488,137,728 bytes free
Post-Run: 22,474,301,440 bytes free

256 --- E O F --- 2008-05-17 06:18:17

Hope this is the coorect procedure Will post the Kasperscan and HiJackthis next.
Jeff in OZ

mannaoz · 05-18-2008, 11:46 AM

2:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 19, 2008 3:16:47 AM
Operating System: Microsoft Windows XP Professional, Service Pack 3, v.3311 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 782313
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
P:\
Q:\

Scan Statistics:
Total number of scanned objects: 450648
Number of viruses found: 22
Number of infected objects: 577
Number of suspicious objects: 46
Duration of the scan process: 06:56:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\cav.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\cavasm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\monln.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\call256.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\chat512.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\index2.dat Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\user1024.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\user16384.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\user256.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\user4096.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Application Data\Skype\mannaoz\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Jeff\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c001BA66.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c00374B0.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c004BC89.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c0071A80.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c008A491.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c00A607.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c00AC5E8.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c00BEFB4.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/__c00F2179.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/pjybgfrl.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/tchnsxcy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip/yugbxdih.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\Desktop\[4]-Submit_2008-05-17@15.31.zip ZIP: infected - 12 skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\History\History.IE5\MSHist012008051820080519\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Temp\~DFABC8.tmp Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo\Ashampoo_Photo_Optimizer_2.0.0.1.exe/data0000.cab/is202225.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo\Ashampoo_Photo_Optimizer_2.0.0.1.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo\Ashampoo_Photo_Optimizer_2.0.0.1.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo\Ashampoo_Photo_Optimizer_2.0.0.1.rar/Ashampoo_Photo_Optimizer_2.0.0.1.exe/data0000.cab/is202225.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo\Ashampoo_Photo_Optimizer_2.0.0.1.rar/Ashampoo_Photo_Optimizer_2.0.0.1.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo\Ashampoo_Photo_Optimizer_2.0.0.1.rar/Ashampoo_Photo_Optimizer_2.0.0.1.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo\Ashampoo_Photo_Optimizer_2.0.0.1.rar RAR: infected - 3 skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo Burning Studio 2008\ashampoo_burningstudio2008.exe/is202326.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Ashampoo Burning Studio 2008\ashampoo_burningstudio2008.exe CAB: infected - 1 skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter\Magic Video Converter 8.0.2.18.zip/MagicVideoConverter.exe/data0000.cab/is152260.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter\Magic Video Converter 8.0.2.18.zip/MagicVideoConverter.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter\Magic Video Converter 8.0.2.18.zip/MagicVideoConverter.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter\Magic Video Converter 8.0.2.18.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter\MagicVideoConverter.exe/data0000.cab/is152260.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter\MagicVideoConverter.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter\MagicVideoConverter.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter 8.0.2.18.zip/MagicVideoConverter.exe/data0000.cab/is152260.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter 8.0.2.18.zip/MagicVideoConverter.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter 8.0.2.18.zip/MagicVideoConverter.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Magic Video Converter 8.0.2.18.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Microsoft Office 2008 Professional keygen working.EXE/data0000.cab/14XR6~1.EXE Infected: Backdoor.Win32.Agobot.pbd skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Microsoft Office 2008 Professional keygen working.EXE/data0000.cab Infected: Backdoor.Win32.Agobot.pbd skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Microsoft Office 2008 Professional keygen working.EXE Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Nero 8 Ultra New version 8 3 2 1 With New Keygen\Keygen.exe/data0000.cab/KEYGEN~1.EXE Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Nero 8 Ultra New version 8 3 2 1 With New Keygen\Keygen.exe/data0000.cab/Keygen.EXE/data0000.cab/WINDOW~1.EXE Infected: Backdoor.Win32.VB.cyy skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Nero 8 Ultra New version 8 3 2 1 With New Keygen\Keygen.exe/data0000.cab/Keygen.EXE/data0000.cab Infected: Backdoor.Win32.VB.cyy skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Nero 8 Ultra New version 8 3 2 1 With New Keygen\Keygen.exe/data0000.cab/Keygen.EXE Infected: Backdoor.Win32.VB.cyy skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Nero 8 Ultra New version 8 3 2 1 With New Keygen\Keygen.exe/data0000.cab Infected: Backdoor.Win32.VB.cyy skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Nero 8 Ultra New version 8 3 2 1 With New Keygen\Keygen.exe Rsrc-Package: infected - 5 skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Nero 8 Ultra New version 8 3 2 1 With New Keygen\Nero 8 Ultra v8 3 2 1_Trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Jeff\My Documents\Downloads\Nero 8 Ultra New version 8 3 2 1 With New Keygen\Nero 8 Ultra v8 3 2 1_Trial.exe 7-Zip: infected - 1 skipped
C:\Documents and Settings\Jeff\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jeff\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\EMCO Malware Destroyer\Quarantine\JEFF-36D5398FCF\NMC.DCMBOT.B\Files\WINDOWS\System32\config\svchost.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\Program Files\EMCO Malware Destroyer\Quarantine\JEFF-36D5398FCF\NMC.WEBMONEY.I\Files\WINDOWS\System32\Config\SVCHOST.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aehbblck.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\afyamxuf.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aivsknut.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amknfgdp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\annifibp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\apkduttr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\avlcdsnw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\axuoquhx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bdkwvfcu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\beslmrtd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bfbamxff.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkuyosqs.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNdedA.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\capakxjg.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ccgjvywc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cgtqmauq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\chdemnns.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cjavjinv.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cjccnspr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\clvleahi.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\clwrlknl.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cnprhxpo.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\coebqtdh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cqtdrmje.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\crfvtsfy.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cuyhbgbk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cwkdfils.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\davdvuxn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\deqrtxcd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dgvywttc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dgxrqwkh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\diyamcyy.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dtatpaer.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dvqsekts.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dyopiaah.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\eefqqlcn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\eegcvsne.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\eivwystg.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ejlylhql.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ekqvvnbe.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\elnewnvv.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\emripjpp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ewanaqby.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ewppbisk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\exjttujd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fbcuamgw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fggwlwmj.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fgojcorh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fhwmqslx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fiqwkbwo.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fmskrjik.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\frpgxsog.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fulxwktv.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\furkpoox.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fvtvoyua.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gaqtjbxr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gcuxrghx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geyiilru.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gkroppjp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\glfyiqtk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gnkhxngj.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gowjoqfm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gprsbgrt.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gtvlsvhm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gxbchsox.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hdwboane.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hfjsbpqj.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hioepsqw.dll.vir Infected: Trojan.Win32.Monder.fc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hspgpvoe.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hxqdqjat.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hynbeoxu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\icvxpxro.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ignfwpbb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iimvpqtb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iixgugls.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ikswvybw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iocyitgr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iqysheyf.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iuklldlb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jajcfgfa.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jbutwkac.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jefjvsui.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jftfrmjb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jpofmnxa.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jqedtvmb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jqprxjhg.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jtlpypix.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jwdfqaum.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kawqfdxn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kbnbpnfl.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\klbtmufx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\klpsnhjn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kpdawfef.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kprsnkdw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kxsyklpm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\latdpoka.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lbixbuee.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lbtdfnth.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ldcjgsey.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\liichvva.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\llcbgjta.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lmdxngmp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lrlwrapf.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lsnplrvb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lytlvcdi.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mghtblqa.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mjusruqr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mlnqaeam.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mmsilnir.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\msblvwnt.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mtrjkxca.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mtxecqif.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mydeywqt.dll.vir Infected: Trojan.Win32.Monder.dl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mynpxdgh.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\myqlsfkx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ncrecoro.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nemeygmo.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nhxndjbc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\npruaxry.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nxdyxyfd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nyjspnse.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oeoqnlss.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ohtxevlg.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oiaabtpj.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oouwdkdq.dll.vir Infected: Trojan.Win32.Monder.db skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\opbhswie.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oqxumdej.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ormipcbm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\otrkctlu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oxdtulmu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oydpboum.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pcvycwkc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pcycbdef.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pgqisbej.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pjfovyww.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pkmcdrat.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ployhipj.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pqludfka.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\psqhkiot.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ptjxnmwu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pucmjauh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pvfmamqr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pwedyppo.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qcajkhnw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qfitekxk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qhdmffth.dll.vir Infected: Trojan.Win32.Monder.di skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qkshyreb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qpellyvl.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qtqkukti.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qtyitgbd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qumwihas.dll.vir Infected: Trojan.Win32.Monder.do skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qvvqxple.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qxlqqwgm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rabiwbim.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rardtusp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rhljvapt.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rjmyhpjn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rpruhbpc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rrliuejo.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rxdftrun.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rydsftrw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rypiofcf.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sirshkim.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sjtsanuc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\skxarxlx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\smhfpadx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\smwveqhe.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sqrwrjod.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\srlgaynb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sscujfic.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqQgFuv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\suhxgafn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\taeyqleh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\trfmyofk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tvanhtnw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tyigvric.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uatkhnpl.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ubvxsfmp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ueqrabik.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uhfaduxx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uijchomm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\umcvujue.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\umkvqqux.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uoveaugs.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uqtupplq.dll.vir Infected: Trojan.Win32.Monder.dk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\usklrlll.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uuhgebfd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uuhivcsp.dll.vir Infected: Trojan.Win32.Monder.fb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uuimriau.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uvleutea.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uwiqqftm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uykgkixk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vdcrrqnk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\venyunid.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vjsoydym.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vjtktidk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vmcdckjh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vomtksfu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vooybgbh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vswvslxx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vwlewtxs.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\waehwpjn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wdvevdjq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wgtxmsiy.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\whgcwsup.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wladebuj.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wqtynmoy.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wsqinxul.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wyyjusnw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xduojsjv.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xfekemyv.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xfwpprjr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xgyyvdnc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xkkeqbdw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xlfvksrb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yiaoormu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ymgehipw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yodfabck.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yovmabwq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yswucodk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yvbybvce.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ywoxhqtd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yxulwqdp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-05-17_100824.71.zip/ddcAttsq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quk skipped
C:\QooBox\Quarantine\catchme2008-05-17_100824.71.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP100\A0087855.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP100\A0087857.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP100\A0088067.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP100\A0088071.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP100\A0088251.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP100\A0088253.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP101\A0089702.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP101\A0089704.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP101\A0089976.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP101\A0089977.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP101\A0089989.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP101\A0089990.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP102\A0090014.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP102\A0090023.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP102\A0090133.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP102\A0090134.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP103\A0090144.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP103\A0090160.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP103\A0090270.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP103\A0090271.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0090297.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0090305.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0090393.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0090394.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0090399.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0090400.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0091398.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0091399.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0091570.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0091596.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0091598.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0091739.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0091740.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0092743.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0092744.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0092916.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP104\A0092917.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP105\A0093930.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP105\A0093932.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095008.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095009.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095190.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095191.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095361.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095363.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095497.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095498.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095661.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP106\A0095662.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP107\A0095857.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP107\A0095859.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP107\A0096613.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP107\A0096614.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP107\A0097614.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP107\A0097615.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP108\A0097812.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP108\A0097814.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP108\A0097991.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP108\A0097993.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP109\A0098460.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP109\A0098462.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP109\A0098592.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP109\A0098593.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP109\A0098761.dll Infected: Trojan.Win32.Monder.dm skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP109\A0099435.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP109\A0099437.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP109\A0099635.exe Infected: Backdoor.Win32.Popwin.bgb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP110\A0101049.dll Infected: Trojan.Win32.Monder.dj skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103796.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103797.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103798.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103799.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103800.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103801.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103803.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103804.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103805.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103807.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103808.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103809.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103811.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103812.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103813.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103814.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103815.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103816.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103817.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103818.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103819.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103820.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103821.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103822.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103823.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103824.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103825.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103826.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103827.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103828.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103829.dll Infected: Trojan.Win32.Monder.fc skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103830.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103831.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103832.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103833.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103834.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103836.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103837.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103838.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103839.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103840.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103841.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103842.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103843.dll Infected: Trojan.Win32.Monder.dl skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103845.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103847.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103850.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103852.dll Infected: Trojan.Win32.Monder.db skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103853.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103854.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103856.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103858.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103859.dll Infected: Trojan.Win32.Monder.di skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103860.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103861.dll Infected: Trojan.Win32.Monder.do skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103862.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103863.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103864.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103865.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103866.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103867.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103868.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103869.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103870.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103872.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103873.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103874.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103875.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103876.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103877.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103878.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103879.dll Infected: Trojan.Win32.Monder.dk skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103880.dll Infected: Trojan.Win32.Monder.fb skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103881.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103882.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103883.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103884.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103885.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103886.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103887.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103888.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103889.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103890.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103891.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103892.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP115\A0103893.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104835.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104836.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104837.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104838.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104839.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104840.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104841.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104842.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104843.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104844.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104845.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104846.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104847.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104848.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104849.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104850.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104851.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104852.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104853.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104854.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104855.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104856.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104857.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104858.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104859.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104860.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104861.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104862.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104863.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104864.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104865.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104866.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104867.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104868.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104869.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104870.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104871.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104872.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104873.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104874.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104875.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104876.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104877.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104878.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104879.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104880.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104881.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104882.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104883.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104884.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104885.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104886.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104887.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104888.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104889.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104890.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104891.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104892.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104893.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104894.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104895.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104896.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104897.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104898.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104899.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104900.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104901.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104902.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104903.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104904.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104905.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104906.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104907.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104908.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104909.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104910.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104911.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104912.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104913.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104914.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104915.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104916.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104917.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104918.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104919.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104920.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104921.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104922.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104923.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104924.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104925.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104926.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104927.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104928.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104929.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104930.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104931.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104932.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104933.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104934.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104935.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104936.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104937.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104938.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104939.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104940.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104941.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104942.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104943.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104944.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104945.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104946.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104947.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104948.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104949.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104950.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104951.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104952.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104953.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104954.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104955.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104956.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104957.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104958.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104959.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104960.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104961.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104962.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104963.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104964.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104965.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104966.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104967.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104968.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104969.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104970.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP116\A0104971.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP117\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{56F8ADEF-BF5A-4436-8CDC-F3AFE9218C75}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\VTingWin.dll Infected: Backdoor.Win32.Popwin.bfo skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\__c006C59A.dat Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\__c0087BD3.dat Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\__c008DF90.dat Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\__c009E766.dat Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\__c00D3D2.dat Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\__c00E5E97.dat Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\Temp\Perflib_Perfdata_804.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\New Downloads 2007\Video Production Folder\Torrent101-3.0.0.1-setup-0283.exe/file12 Infected: Trojan.Win32.Obfuscated.en skipped
D:\New Downloads 2007\Video Production Folder\Torrent101-3.0.0.1-setup-0283.exe Inno: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{FDBE61EB-3650-40E8-9F10-E604B77BBA91}\RP55\A0021503.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\System Volume Information\_restore{FDBE61EB-3650-40E8-9F10-E604B77BBA91}\RP55\A0021503.exe RAR: infected - 1 skipped
E:\Becky\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
E:\Becky\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
E:\Becky\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf Mail: suspicious - 2 skipped
E:\Becky\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:50:29 +1100]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
E:\Becky\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
E:\Becky\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
E:\Becky\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
E:\Becky\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf Mail: suspicious - 4 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf Mail: suspicious - 2 skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:50:29 +1100]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf Mail: suspicious - 4 skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf Mail: suspicious - 2 skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:50:29 +1100]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\Becky!\Jeff\3ea1cf6f.mb\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf Mail: suspicious - 4 skipped
F:\D Drive Stuff\DownLoads 2008\Jeff\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\DownLoads 2008\Jeff\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\DownLoads 2008\Jeff\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf Mail: suspicious - 2 skipped
F:\D Drive Stuff\DownLoads 2008\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:50:29 +1100]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\DownLoads 2008\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\DownLoads 2008\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\DownLoads 2008\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\D Drive Stuff\DownLoads 2008\Jeff\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf Mail: suspicious - 4 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\Utorrent DLs\1CLICK DVD COPY 5(5.4.2.2)New-Updated\1CLICK DVD COPY 5(5.4.2.2)New-Updated\P.A.T.C.H.exe Infected: Trojan.Win32.Delf.bur skipped
F:\Utorrent DLs\1CLICK DVD COPY 5(5.4.2.2)New-Updated\1CLICK DVD COPY 5(5.4.2.2)New-Updated.rar/1CLICK DVD COPY 5(5.4.2.2)New-Updated/P.A.T.C.H.exe Infected: Trojan.Win32.Delf.bur skipped
F:\Utorrent DLs\1CLICK DVD COPY 5(5.4.2.2)New-Updated\1CLICK DVD COPY 5(5.4.2.2)New-Updated.rar RAR: infected - 1 skipped
H:\Ashampoo\Ashampoo Magical Defrag 2\log\log.txt Object is locked skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf/[From vcs <vcs@tpg.com.au>][Date Mon, 07 Nov 2005 18:38:55 +1100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!!!!Inbox\Ebay\Fraud\Sent\42210834.bmf Mail: suspicious - 2 skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:50:29 +1100]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 20:43:12 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text/[From vcs <vcs@tpg.com.au>][Date Mon, 02 Jan 2006 10:04:15 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf/[From vcs <vcs@tpg.com.au>][Date Sun, 01 Jan 2006 10:27:55 +1100]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!!!!Outbox\!!!Draft\!!!Sent\3ea1d614.bmf Mail: suspicious - 4 skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!Trash\4631ead3.bmf/[From eBay <ebay@ebay.com.au>][Date Tue, 26 Feb 08 11:03:43 GMT-0700]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!Trash\4631ead3.bmf Mail: suspicious - 1 skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!Trash\4631eae3.bmf/[From User:][Date Tue, 12 Feb 2008 00:02:59 -0700 (GMT)]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\Becky!\Jeff Nield\3ea1cf6f.mb\!Trash\4631eae3.bmf Mail: suspicious - 1 skipped
H:\Program Files\Comodo\BackUp\CmdBkpSvc.log Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{40D0B1FA-F68A-409F-8AB0-30C2D4A412AF}\RP117\change.log Object is locked skipped
Q:\Older Folders\Copy of Docs\Becky!\Holding MB File\3ea1cf6f.mb\!!!!Outbox\!!!Sent\#Attach\20040216130440.6665.VCS@tpg.com.au\megadriver.exe.b64 Infected: not-a-virus:Dialer.Win32.Allotick skipped
Q:\Older Folders\Copy of Docs\Becky!\Holding MB File\3ea1cf6f.mb\!Trash\3f7f8ccd.bmf/[From Citibank <user-billing36@citibank.com>][Date Wed, 19 May 2004 04:39:14 -0700 lead]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
Q:\Older Folders\Copy of Docs\Becky!\Holding MB File\3ea1cf6f.mb\!Trash\3f7f8ccd.bmf Mail: suspicious - 1 skipped
Q:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

mannaoz · 05-18-2008, 11:47 AM

3:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:34 AM, on 19/05/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Comodo\VEngine\VEngine.exe
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\ATKKBService.exe
H:\Program Files\Comodo\BOCORE.exe
H:\Program Files\Comodo\Firewall\cmdagent.exe
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
H:\Program Files\Comodo\BackUp\CmdBkSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program Files\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cnfgCav] "H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TPG] C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe
O4 - HKLM\..\Run: [VEngine] C:\Program Files\Comodo\VEngine\VEngine.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BOC-425] H:\PROGRA~1\Comodo\BOC425.exe
O4 - HKLM\..\Run: [COMODO Memory Firewall] "H:\Program Files\Comodo\cmf.exe" -s
O4 - HKLM\..\Run: [DefragTaskBar] "H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Append to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\Utilities\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\Utilities\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\Utilities\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - H:\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BOCore - COMODO - H:\Program Files\Comodo\BOCORE.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - H:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: ComodoBackupService - COMODO - H:\Program Files\Comodo\BackUp\CmdBkSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - H:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VTingWinIe - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing)

--
End of file - 13336 bytes

OK thats the lot

Jeff in OZ 3.47am

Ried · 05-18-2008, 10:19 PM

Hi Jeff,

Please refer to this link in Step 1 of our sticky topic IMPORTANT - Please Read This Before Posting for Malware Removal Help

Before we continue, I have to ask you to uninstall these 2 programs:

Microsoft Office 2008 Professional
Nero 8 Ultra

Then please run dss.exe again, but use these instructions:

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce main.txt and extra.txt for you. Please post both of those here.

05-16-2008, 07:52 AM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,977 OS: WinXP and Vista	Re: Now The DeskTop is infected. DAMIT Hi Jeff, This machine has been heavily infected. I can clean it for you, but you did mention in your other thread that you have 32 machines here. Our assistance is geared toward personal computers, not businesses. Do you not have an IT department? Is there an image they can push for you? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-16-2008, 11:35 AM	#3 (permalink)
mannaoz Registered User Join Date: Dec 2007 Posts: 51 OS: XP Pro SP2	Re: Now The DeskTop is infected. Morning Ried I don't know where you got that information from. My combined arsonal comprises only 2 machines. One is a laptop I was using to find the group again and found it had some issues the other is the desktop ?? Are you sure you are on the right page. I can't explan how I could have told you I have 32 machines. Respectfully Jeff in OZ

05-16-2008, 01:06 PM	#4 (permalink)
mannaoz Registered User Join Date: Dec 2007 Posts: 51 OS: XP Pro SP2	Re: Now The DeskTop is infected. OK I see whats happened thats a typo I have hit the 32 together now I see the problem you have in my post I suppose I should also have an editor check my post as well as the spell checker. Sorry its my fault here can assure you I only have 2 machines. Jeff in OZ

05-16-2008, 05:30 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,977 OS: WinXP and Vista	Re: Now The DeskTop is infected. Hi Jeff, Ok, well that explains that. Let's get started. This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix Go ahead and save ComboFix.exe to a flash drive and transfer it to this machine. Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-16-2008, 11:57 PM	#9 (permalink)
mannaoz Registered User Join Date: Dec 2007 Posts: 51 OS: XP Pro SP2	Re: Now The DeskTop is infected. OK now here is were we get stuck. My IE is saying I have no addons enabled but when I follow the instruction to enable the addons this is greyed out and I can't find a way to open this. I use Firefox so I am not up to speed with this new instruction. I have tried so many times to enable the addons from the tools, manage addons. So please help here. Thanks in advance Jeff in OZ

05-17-2008, 12:51 PM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,977 OS: WinXP and Vista	Re: Now The DeskTop is infected. Hi Jeff, What you sent was the ComboFix.txt to that channel. What I need you to upload there is the submit.zip file that you see on your desktop. Please submit it to this site --> http://www.bleepingcomputer.com/subm....php?channel=4 ---------------------------------- Try this for your issue with IE Add ons: 1. Right-click the IE icon on the Start Menu, choose Properties. Go to the Shortcut tab. In the Target field, if "-extoff" is at the end of the path to iexplore.exe, edit it out leaving "C:\Program Files\Internet Explorer\iexplore.exe" (leave the quotes.) 2. Internet Options> Advanced> Browsing> check "Enable third-party browser extensions." I'll copy this information to your Laptop thread. Let me know how that worked out for you. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-17-2008, 12:55 PM	#11 (permalink)
mannaoz Registered User Join Date: Dec 2007 Posts: 51 OS: XP Pro SP2	Re: Now The DeskTop is infected. Oh dear wrong again OK will do so when I return home from my night shift in about 2 hours time from now. its 4.55am here now Jeff in Oz

05-17-2008, 01:03 PM	#12 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,977 OS: WinXP and Vista	Re: Now The DeskTop is infected. That'll be fine Jeff. I am subscribed so will receive notification when you reply. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-17-2008, 03:44 PM	#13 (permalink)
mannaoz Registered User Join Date: Dec 2007 Posts: 51 OS: XP Pro SP2	Re: Now The DeskTop is infected. Me again OK have just uploaded the file submit.zip and had notification it has been accepted. Also have the K scan underway Thanks again Jeff in OZ

05-17-2008, 09:18 PM	#14 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,977 OS: WinXP and Vista	Re: Now The DeskTop is infected. File received, thank you. I do have more deletions for you, but we'll wait for the Kaspersky report and hit them all at one time. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-17-2008, 10:42 PM	#15 (permalink)
mannaoz Registered User Join Date: Dec 2007 Posts: 51 OS: XP Pro SP2	Re: Now The DeskTop is infected. I have just sent you all the results can't see them here?? Anyway I have just found that one of the HDD was not connected for some reason so I am redoing everything again DAM DAM DAM Anyhow we are looking at another 6 hours of work here. Sorry for that hope this will noty inconvenience you too much. Jeff in OZ

05-17-2008, 10:50 PM	#16 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,977 OS: WinXP and Vista	Re: Now The DeskTop is infected. What results are you referring to that you cannot see here? Since you have to re-scan, let's get rid of what I do see before you start. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Open notepad and copy/paste the text in the code box below into it: Code: File:: C:\WINDOWS\system32\__c006C59A.dat C:\WINDOWS\system32\__c009E766.dat C:\WINDOWS\system32\__c00E5E97.dat C:\WINDOWS\system32\__c0087BD3.dat C:\WINDOWS\system32\__c008DF90.dat C:\WINDOWS\system32\__c00D3D2.dat C:\WINDOWS\BM8ba22b90.xml C:\WINDOWS\system32\rqRHXrOe.dll Save this as "CFScript.txt", and as Type: All Files (.) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe Post the C:\ComboFix.txt along with the Kaspersky results when it's finished. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

05-18-2008, 11:45 AM	#17 (permalink)
mannaoz Registered User Join Date: Dec 2007 Posts: 51 OS: XP Pro SP2	Re: Now The DeskTop is infected. OK 3.37am here now just completed. Have the scan results. WOW 1: ComboFix 08-05-15.3 - Jeff 2008-05-19 3:27:28.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2805 [GMT 10:00] Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe . The following files were disabled during the run: C:\WINDOWS\system32\cmfdll32.dll ((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))) . 2008-05-18 14:04 . 2008-05-18 14:04 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-18 07:20 . 2008-05-18 07:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-18 07:20 . 2008-05-18 07:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-17 15:37 . 2008-05-17 15:37 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-17 10:04 . 2008-05-17 10:04 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-12 20:47 . 2008-05-12 20:47 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-05-12 11:58 . 2008-05-12 11:58 77,568 --a------ C:\WINDOWS\system32\cmfdll32.dll.vir 2008-05-12 11:17 . 2008-05-12 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425 2008-05-12 11:17 . 2008-05-19 03:26 10,361 --a------ C:\WINDOWS\BOC425.INI 2008-05-12 10:09 . 2008-05-12 10:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2008-05-12 10:08 . 2008-05-12 10:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo 2008-05-12 10:08 . 2008-05-12 21:27 139,008 --a------ C:\WINDOWS\system32\guard32.dll 2008-05-12 10:08 . 2008-05-12 21:27 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys 2008-05-12 10:08 . 2008-05-12 21:27 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys 2008-05-12 09:41 . 2008-05-12 18:05 <DIR> d-------- C:\Program Files\EMCO Malware Destroyer 2008-05-09 19:55 . 2008-05-09 19:55 32,320 --a------ C:\WINDOWS\system32\__c006C59A.dat 2008-05-09 19:52 . 2008-05-09 19:52 32,320 --a------ C:\WINDOWS\system32\__c009E766.dat 2008-05-09 19:46 . 2008-05-09 19:46 32,320 --a------ C:\WINDOWS\system32\__c00E5E97.dat 2008-05-09 19:24 . 2008-05-09 19:24 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.dat.LOG 2008-05-09 09:49 . 2008-05-12 10:04 216,576 --a------ C:\WINDOWS\system32\monln.dll 2008-05-08 21:42 . 2008-05-08 21:42 <DIR> d-------- C:\Deckard 2008-05-08 19:46 . 2008-05-08 19:46 <DIR> d-------- C:\Program Files\Panda Security 2008-05-08 17:42 . 2008-05-08 17:42 32,320 --a------ C:\WINDOWS\system32\__c0087BD3.dat 2008-05-07 08:11 . 2008-05-07 08:11 32,320 --a------ C:\WINDOWS\system32\__c008DF90.dat 2008-05-07 08:10 . 2008-05-07 17:22 7,594 --a------ C:\WINDOWS\system32\jcsb(2).new 2008-05-06 09:49 . 2008-05-06 09:52 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\mjusbsp 2008-05-06 00:46 . 2008-05-06 00:46 32,320 --a------ C:\WINDOWS\system32\__c00D3D2.dat 2008-05-06 00:43 . 2008-05-16 22:22 109,778 --a------ C:\WINDOWS\BM8ba22b90.xml 2008-05-05 20:26 . 2008-05-12 12:01 32,768 --a------ C:\WINDOWS\system32\VTingWin.dll 2008-05-05 17:09 . 2008-05-18 07:38 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\PKWARE 2008-05-05 17:09 . 2008-05-05 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PKWARE 2008-05-05 14:34 . 2008-05-05 14:34 <DIR> d-------- C:\Program Files\Common Files\PKWARE 2008-05-05 13:27 . 2008-05-05 13:28 107 --a------ C:\WINDOWS\SeeYa! Settings.ini 2008-05-05 13:27 . 2008-05-05 13:27 50 --a------ C:\WINDOWS\Illuminator Settings.ini 2008-05-05 13:27 . 2008-05-05 13:27 24 --a------ C:\WINDOWS\SEEYB.ini 2008-05-05 13:27 . 2008-05-05 13:27 24 --a------ C:\WINDOWS\APHIB.ini 2008-05-05 12:37 . 2008-05-05 12:37 0 --a------ C:\WINDOWS\system32\rqRHXrOe.dll 2008-05-05 12:32 . 2008-05-05 14:10 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\Ashampoo 2008-05-04 12:48 . 1999-11-10 02:55 16,119 --a------ C:\WINDOWS\system32\Odbcinst.chm 2008-05-04 12:39 . 2008-05-04 12:40 <DIR> d-------- C:\Program Files\TPG LeechOmeter 2008-05-02 17:27 . 2008-02-12 15:00 20,992 --a------ C:\WINDOWS\system32\dshowext.ax 2008-05-02 17:27 . 2008-02-12 15:00 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax 2008-04-28 09:27 . 2008-04-28 09:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-04-28 09:27 . 2008-04-28 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-04-25 14:39 . 2008-04-25 14:39 <DIR> d-------- C:\WINDOWS\system32\ebay 2008-04-21 18:54 . 2008-05-12 09:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-21 18:25 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll 2008-04-21 18:25 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll 2008-04-21 18:25 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll 2008-04-21 16:41 . 2008-04-21 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-04-21 16:40 . 2008-04-21 17:48 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\Azureus 2008-04-21 16:36 . 2008-04-21 16:40 <DIR> d-------- C:\Program Files\Azureus 2008-04-21 16:36 . 2008-04-21 16:36 <DIR> d-------- C:\Documents and Settings\Jeff\Temp 2008-04-21 15:45 . 2008-04-21 15:45 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\FastStone 2008-04-21 15:37 . 2008-04-21 15:37 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\CD-LabelPrint . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 17:25 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Skype 2008-05-18 17:24 --------- d-----w C:\Documents and Settings\Jeff\Application Data\skypePM 2008-05-17 21:07 --------- d-----w C:\Documents and Settings\Jeff\Application Data\MailWasherPro 2008-05-12 12:20 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe 2008-05-12 10:47 --------- d-----w C:\Program Files\Skype 2008-05-12 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo 2008-05-12 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo 2008-05-12 02:00 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Comodo 2008-05-12 00:04 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-05-12 00:04 434,252 ----a-w C:\WINDOWS\system32\msvcrtd.dll 2008-05-12 00:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-05-12 00:04 102,400 ----a-w C:\WINDOWS\system32\drivers\cavasm.sys 2008-05-12 00:04 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll 2008-05-11 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-05-11 23:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-11 23:27 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-11 23:26 --------- d-----w C:\Program Files\GIGABYTE 2008-05-11 04:17 14,656 ----a-w C:\WINDOWS\gdrv.sys 2008-05-09 10:15 --------- d-----w C:\Program Files\Comodo 2008-05-08 23:47 73,728 ----a-w C:\WINDOWS\system32\CavEmLSP.dll 2008-05-06 01:11 257,024 ----a-w C:\WINDOWS\ATKKBService.exe 2008-05-06 00:55 --------- d-----w C:\Documents and Settings\Jeff\Application Data\uTorrent 2008-05-05 23:32 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-04-30 06:14 --------- d-----w C:\Documents and Settings\Jeff\Application Data\U3 2008-04-27 23:27 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-21 02:43 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Ahead 2008-04-17 00:26 --------- d-----w C:\Program Files\Philips 2008-04-17 00:22 --------- d-----w C:\Program Files\SkypeMate 2008-04-10 11:02 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Canon 2008-04-10 03:13 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Media Player Classic 2008-03-31 05:06 --------- d-----w C:\Program Files\Common Files\CANON 2008-03-31 05:03 --------- d-----w C:\Program Files\Canon 2008-03-31 05:02 --------- d--h--w C:\Program Files\CanonBJ 2008-03-31 05:02 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-03-31 04:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-03-31 03:33 --------- d-----w C:\Program Files\ASUS 2008-03-25 22:06 --------- d-----w C:\Program Files\NCH Software 2008-03-25 22:05 --------- d-----w C:\Documents and Settings\Jeff\Application Data\NCH Swift Sound 2008-03-25 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm 2008-03-25 04:45 --------- d-----w C:\Program Files\Siber Systems 2008-03-24 23:20 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Auslogics 2008-03-24 22:27 87,608 ----a-w C:\Documents and Settings\Jeff\Application Data\inst.exe 2008-03-24 22:27 47,360 ----a-w C:\Documents and Settings\Jeff\Application Data\pcouffin.sys 2008-03-24 22:27 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Vso 2008-03-24 08:38 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-23 00:12 --------- d-----w C:\Documents and Settings\Jeff\Application Data\ooVoo Details 2008-03-18 05:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-18 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-03-18 03:37 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-18 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead 2008-03-18 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-03-18 03:08 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM 2008-03-18 02:09 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-03-18 02:08 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-17 04:44 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-03-17 04:29 9,480 ----a-w C:\WINDOWS\system32\icardres.dll 2008-03-17 04:29 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll 2008-03-17 04:29 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe . ------- Sigcheck ------- 2007-05-28 08:03 823296 b8f4db39ca7353752f245379d285c80e C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll 2008-02-12 13:59 666112 c1b4a43d78c9a0b2ec403e0d6f1a11bb C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 12:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\wininet.dll 2007-12-07 12:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\system32\dllcache\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-17_10.14.40.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-17 00:10:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-18 17:23:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-05-24 02:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 05:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 05:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2008-05-09 04:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-18 17:24:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 13:59 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-25 14:49 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-05-28 08:04 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 22:00 455168] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872] "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 17:38 16384512 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 02:43 8466432] "nwiz"="nwiz.exe" [2007-06-29 02:43 1626112 C:\WINDOWS\system32\nwiz.exe] "cnfgCav"="H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-05-12 10:04 110592] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 06:15 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 06:15 81920] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 02:43 81920] "Acrobat Assistant 8.0"="H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "TPG"="C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe" [2008-02-17 00:11 1339392] "VEngine"="C:\Program Files\Comodo\VEngine\VEngine.exe" [2008-05-10 07:56 335616] "COMODO Firewall Pro"="H:\Program Files\Comodo\Firewall\cfp.exe" [2008-05-12 21:24 1572608] "BOC-425"="H:\PROGRA~1\Comodo\BOC425.exe" [2007-11-26 10:38 342272] "COMODO Memory Firewall"="H:\Program Files\Comodo\cmf.exe" [2008-05-12 11:58 2236160] "DefragTaskBar"="H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 09:11 173408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 13:59 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\ VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [5/3/2007 3:52:18 PM 376832] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [4/28/2008 9:26:36 AM 295606] Adobe Acrobat Synchronizer.lnk - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM 734872] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln] monln.dll 2008-05-12 10:04 216576 C:\WINDOWS\system32\monln.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD] --a------ 2007-07-12 09:03 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-02-12 13:59 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] H:\Program Files\Acrobat\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP::Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP::Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP::Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP::Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP::Disabled:ooVoo UDP port 37675 "8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP) "8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP) "8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP) "8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP) "8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP) "8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP) "8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP) "8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP) "8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP) "8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP) "5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP) "5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP) R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-12 21:27] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-12 21:27] R2 cmfd;cmfd;H:\Program Files\Comodo\cmfd.sys [2008-05-12 11:58] R2 ComodoBackupService;ComodoBackupService;H:\Program Files\Comodo\BackUp\CmdBkSvc.exe [2008-05-12 11:20] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 09:03] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 09:03] S2 VTingWinIe;VTingWinIe;C:\WINDOWS\system32\drivers\svchost.exe [] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-11 14:17] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{645a758c-1a8d-11dd-9e1f-001a4d5c184b}] \Shell\AutoRun\command - O:\autorun.exe \Shell\phone\command - O:\autorun.exe . *********************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 03:29:04 Windows 5.1.2600 Service Pack 3, v.3311 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Unlocker\UnlockerHook.dll . Completion time: 2008-05-19 3:29:44 ComboFix-quarantined-files.txt 2008-05-18 17:29:38 ComboFix2.txt 2008-05-18 17:21:13 ComboFix3.txt 2008-05-18 04:13:35 ComboFix4.txt 2008-05-17 05:40:18 ComboFix5.txt 2008-05-17 00:15:01 Pre-Run: 22,488,137,728 bytes free Post-Run: 22,474,301,440 bytes free 256 --- E O F --- 2008-05-17 06:18:17 Hope this is the coorect procedure Will post the Kasperscan and HiJackthis next. Jeff in OZ

05-18-2008, 11:47 AM	#19 (permalink)
mannaoz Registered User Join Date: Dec 2007 Posts: 51 OS: XP Pro SP2	Re: Now The DeskTop is infected. 3: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:32:34 AM, on 19/05/2008 Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Comodo\VEngine\VEngine.exe H:\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe C:\WINDOWS\ATKKBService.exe H:\Program Files\Comodo\BOCORE.exe H:\Program Files\Comodo\Firewall\cmdagent.exe H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Comodo\common\CAVASpy\cavasm.exe H:\Program Files\Comodo\BackUp\CmdBkSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe H:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program Files\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [cnfgCav] "H:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TPG] C:\Program Files\TPG LeechOmeter\TPG LeechOmeter.exe O4 - HKLM\..\Run: [VEngine] C:\Program Files\Comodo\VEngine\VEngine.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\Program Files\Comodo\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [BOC-425] H:\PROGRA~1\Comodo\BOC425.exe O4 - HKLM\..\Run: [COMODO Memory Firewall] "H:\Program Files\Comodo\cmf.exe" -s O4 - HKLM\..\Run: [DefragTaskBar] "H:\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Append to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\Utilities\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\Utilities\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\Utilities\ieSpell\wikipedia.HTM O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\Utilities\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\Utilities\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\Utilities\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\Utilities\ieSpell\iespell.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - H:\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BOCore - COMODO - H:\Program Files\Comodo\BOCORE.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - H:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe O23 - Service: ComodoBackupService - COMODO - H:\Program Files\Comodo\BackUp\CmdBkSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - H:\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VTingWinIe - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing) -- End of file - 13336 bytes OK thats the lot Jeff in OZ 3.47am

05-18-2008, 10:19 PM	#20 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,977 OS: WinXP and Vista	Re: Now The DeskTop is infected. Hi Jeff, Please refer to this link in Step 1 of our sticky topic IMPORTANT - Please Read This Before Posting for Malware Removal Help Before we continue, I have to ask you to uninstall these 2 programs: Microsoft Office 2008 Professional Nero 8 Ultra Then please run dss.exe again, but use these instructions: Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK "%userprofile%\desktop\dss.exe" /config Click on "Check All" Click Scan! When finished, it shall produce main.txt and extra.txt for you. Please post both of those here. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."