Malware/Spyware

[CCHENG]

My OS is Vista. I have run the Trend Micro House Call scan and found the following viruses:

TROJ_BAGLE.AO
ADW_CRAMTB.A
WORM_BAGLE.TV
ADW_SAFEGUARD.B

My computer happens to have unexpected shutdown frequently. I had a Noron Antivirus 2008 installed. But I cannot open the program anymore. So, I uninstalled the Norton Antivirus 2008 and tried to re-installed it. But I cannot re-installed the software anymore.

In addition, evertime when I log on to my computer, the wireless service is not working. And I had to go to registry edit to change the settings.

I would greatly appreciate if someone can help me to remove all these viruses and fix the problem ASAP.

Thanks!
CC

[Ried]

Hello again Christina,

You've been through this before.

Kindly follow the instructions in our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help

• If you have any difficulty with any of the steps, move on to the next one.
• Be sure to reach Step 5 and post the requested logs in your next reply.

**Please note this section of the forum is very busy, so please familiarize yourself with the Bumping Rules also found in Step 5 of our sticky topic mentioned above.

One of our Analysts will review your log as soon as possible.

[CCHENG]

Hi, Ried:

Thank you for your prompt reply. I did try to follow those steps in IMPORTANT - Read This Before Posting For Malware Removal Help . But I cannot complete the Panda Scan. The computer had unexpected shutdown during the scan. Anyway, I will try to scan it one more time.

Thanks!
CC

[Ried]

It's fine if you cannot complete the Panda scan right now.

Quote:

Originally Posted by Ried

• If you have any difficulty with any of the steps, move on to the next one.
• Be sure to reach Step 5 and post the requested logs in your next reply.

[CCHENG]

Hi,

I finally finished the 5 steps, including Panda Active Scan. Please see my HijackThis log below and please advise next step ASAP. Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:52 AM, on 8/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\aol\1175767074\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Users\CC\AppData\Roaming\m\flec006.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: XBTB02555 - {18274E1A-9C95-42a8-90B9-A8C94E86335A} - C:\PROGRA~1\CLICK1~1\click108.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Click108 μμ·L?u‥a|C - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Click108 μμ·L?u‥a|C\click108.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175767074\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsjbmgr] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpsjbmgr.exe"
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [Time Zones for PCs] C:\Program Files\Digital Design Ltd\Time Zones for PCs\TZPC.EXE
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Users\CC\AppData\Roaming\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk895MNUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3A177-4E71-4ACA-BF7F-C92329D11CE5}: NameServer = 192.168.1.220,168.95.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 15010 bytes

[Ried]

Hi Christina,

How did you manage to get Vista this infected?

You truly need to be careful of the sites you frequent, and what you download.

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure how to do this, please see this link http://www.bleepingcomputer.com/forums/topic114351.html

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

[CCHENG]

Hi, Ried:

I thought I have the antivirus program, so my vista should be fine. However, I do not know what happened to Norton Antivirus. It does not seem that it protected my vista. I will try to be very careful from now on.

Please see Combofix log and Hijackthis log below.



ComboFix 08-08-23.01 - CC 2008-08-23 17:57:10.1 - NTFSx86

Running from: C:\Users\CC\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Users\CC\AppData\Roaming\m
C:\Users\CC\AppData\Roaming\m\data.oct
C:\Users\CC\AppData\Roaming\m\list.oct
C:\Users\CC\AppData\Roaming\m\shared
C:\Users\CC\AppData\Roaming\m\shared\.netshrink_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\[Appz_ITA].AVG.Antivirus.Pro.7.0.zip
C:\Users\CC\AppData\Roaming\m\shared\123_Cleaner_4.10.zip
C:\Users\CC\AppData\Roaming\m\shared\ABC_Image_Browser_4.8.7.zip
C:\Users\CC\AppData\Roaming\m\shared\ACA_Capture_Pro_5.2.zip
C:\Users\CC\AppData\Roaming\m\shared\AddTime_1.0.01.zip
C:\Users\CC\AppData\Roaming\m\shared\Adrian_Browser_2.0.zip
C:\Users\CC\AppData\Roaming\m\shared\AM_Lightning_Messenger_3.0.zip
C:\Users\CC\AppData\Roaming\m\shared\AmericanPictures_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Amro_Mousa's_AMBackup_3.01.zip
C:\Users\CC\AppData\Roaming\m\shared\Analog_CPU_&_MEM_Display_1.6.1.zip
C:\Users\CC\AppData\Roaming\m\shared\AniGif_Lite_ActiveX_Control_2.0_KeyGen.zip
C:\Users\CC\AppData\Roaming\m\shared\Arliweb_Folders.zip
C:\Users\CC\AppData\Roaming\m\shared\Auction_Business_Manager_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Auto_Expenses_5.0_[Crack].zip
C:\Users\CC\AppData\Roaming\m\shared\Blaze_Composer_Lite_3.0.zip
C:\Users\CC\AppData\Roaming\m\shared\BrickShooter_Puzzle.zip
C:\Users\CC\AppData\Roaming\m\shared\CESLogFile_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\ClickZap_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\ColorBtn_7.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Crib_3000_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Cryptosystem_ME6_7.67.zip
C:\Users\CC\AppData\Roaming\m\shared\DataHouse_4.01_(With_Crack).zip
C:\Users\CC\AppData\Roaming\m\shared\DigitByte_MPEG_Joiner_2.0.0381_Key.zip
C:\Users\CC\AppData\Roaming\m\shared\Disk_and_Registry_Alert_2.39_(KeyGen).zip
C:\Users\CC\AppData\Roaming\m\shared\Download_Druid_2.2_Build_22041118_[Key+Serial].zip
C:\Users\CC\AppData\Roaming\m\shared\DrStopSpam_2.3.1_Key+Serial.zip
C:\Users\CC\AppData\Roaming\m\shared\Easy_3D_Creator_3.0.0.2i.zip
C:\Users\CC\AppData\Roaming\m\shared\Easy_FLV_to_AVI_Converter_1.0.1.zip
C:\Users\CC\AppData\Roaming\m\shared\eGenie_0.4.16.zip
C:\Users\CC\AppData\Roaming\m\shared\EmailValidator_1.zip
C:\Users\CC\AppData\Roaming\m\shared\Embird_Alphabet_7_1.0_Patch.zip
C:\Users\CC\AppData\Roaming\m\shared\Excel_Bulk_Mailer_3.01.zip
C:\Users\CC\AppData\Roaming\m\shared\Fast_Query_Builder_for_Delphi_7_1.03_[Serial].zip
C:\Users\CC\AppData\Roaming\m\shared\FFT_Properties_3.5.zip
C:\Users\CC\AppData\Roaming\m\shared\File_Name_Converter_3.1.zip
C:\Users\CC\AppData\Roaming\m\shared\GAlert_2.5.8.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Gem_Slider_Deluxe_1.zip
C:\Users\CC\AppData\Roaming\m\shared\GolfChart_2.02.zip
C:\Users\CC\AppData\Roaming\m\shared\Graph_Digitizer_2.1.zip
C:\Users\CC\AppData\Roaming\m\shared\GraphicsExplorer_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\GuardMax_1.9.zip
C:\Users\CC\AppData\Roaming\m\shared\Halloween_Garden_Party_Screensaver_1.0_[KeyGen].zip
C:\Users\CC\AppData\Roaming\m\shared\Help_Desk_CDQuotations_for_Access_3.2.3.zip
C:\Users\CC\AppData\Roaming\m\shared\High_School_Sports_Online_toolbar_for_Firefox_1.5.0.4.zip
C:\Users\CC\AppData\Roaming\m\shared\HP0-093_Practice_Exam_Testing_Engine_Software_1.0_Key+Serial.zip
C:\Users\CC\AppData\Roaming\m\shared\Internet_Model_Optimizer_1.5.zip
C:\Users\CC\AppData\Roaming\m\shared\Inzomia_Image_Encrypt_1.0_With_Crack.zip
C:\Users\CC\AppData\Roaming\m\shared\iPod_Video_Converter_+_DVD_to_iPod_Suite_3.16.3.29.zip
C:\Users\CC\AppData\Roaming\m\shared\Jack_Black_Screensaver.zip
C:\Users\CC\AppData\Roaming\m\shared\Janotech_2.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Kaspersky_Security_for_MS_Exchange_Server_2003_5.5.zip
C:\Users\CC\AppData\Roaming\m\shared\LearnWords_Windows_4.2_(Crack).zip
C:\Users\CC\AppData\Roaming\m\shared\LogIt_2.02_(With_Crack).zip
C:\Users\CC\AppData\Roaming\m\shared\Mac_clock_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\MarknDial_0.7.zip
C:\Users\CC\AppData\Roaming\m\shared\Memory_Booster_3.1.zip
C:\Users\CC\AppData\Roaming\m\shared\MikeAndPetra_Toolbar_4.5.147.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Military_Helicopters_Screensaver_1.2.zip
C:\Users\CC\AppData\Roaming\m\shared\Mini_MP3_Recorder_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\MorphVOX_Classic_Voice_Changer_2.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Multi-Edit_2006_10.03.zip
C:\Users\CC\AppData\Roaming\m\shared\MyClock_1.7.zip
C:\Users\CC\AppData\Roaming\m\shared\NaturePainter_Digital_Canvas_1.1.zip
C:\Users\CC\AppData\Roaming\m\shared\NetJaxer_2.0.6.zip
C:\Users\CC\AppData\Roaming\m\shared\NetPeeker_2.83_KeyGen.zip
C:\Users\CC\AppData\Roaming\m\shared\NewsRaider_1.25.zip
C:\Users\CC\AppData\Roaming\m\shared\Norton.AntiVirus.2007.+.key.zip
C:\Users\CC\AppData\Roaming\m\shared\Norton.Antivirus.y.Norton.Internet.Security.2006.Espa簽ol.+.Serial.y.Activacion.zip
C:\Users\CC\AppData\Roaming\m\shared\OpenzUp_1.0_[Serial].zip
C:\Users\CC\AppData\Roaming\m\shared\Outlook_Cleaner_4.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Painting_Pictures_1.0_(Key+Serial).zip
C:\Users\CC\AppData\Roaming\m\shared\ParaWorld_single-player_demo.zip
C:\Users\CC\AppData\Roaming\m\shared\Passage_Express_2.2.1.zip
C:\Users\CC\AppData\Roaming\m\shared\PathNames_1.71.zip
C:\Users\CC\AppData\Roaming\m\shared\PDF_album_maker_1.01_[Cracked].zip
C:\Users\CC\AppData\Roaming\m\shared\Personal_Organizer_4.5_Key+Serial.zip
C:\Users\CC\AppData\Roaming\m\shared\Plasma_-_386_1.0_Crack.zip
C:\Users\CC\AppData\Roaming\m\shared\PopScan_4.63.zip
C:\Users\CC\AppData\Roaming\m\shared\Pragma_Fortress_SSH_ClientSuite_4.zip
C:\Users\CC\AppData\Roaming\m\shared\PrecisionID_Code_3_of_9_Barcode_Fonts_3.0_Serial.zip
C:\Users\CC\AppData\Roaming\m\shared\ProGP-Mygale_LiteEdition_1.1.zip
C:\Users\CC\AppData\Roaming\m\shared\Q-Tune_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\RankHigher_2.2.82_(Cracked).zip
C:\Users\CC\AppData\Roaming\m\shared\Reallusion_TalkingSlide_1.1_(Serial).zip
C:\Users\CC\AppData\Roaming\m\shared\Rise_of_Nations_Thrones_&_Patriots_Vietnam_map.zip
C:\Users\CC\AppData\Roaming\m\shared\Rugby_Pro_2006_1.1.2684.29689_(With_Crack).zip
C:\Users\CC\AppData\Roaming\m\shared\RW_-_Read_&_Write_0.21.zip
C:\Users\CC\AppData\Roaming\m\shared\SBE_WebSystem_1.6_(With_Crack).zip
C:\Users\CC\AppData\Roaming\m\shared\Scholar's_Aid_Lite_4.zip
C:\Users\CC\AppData\Roaming\m\shared\Scripter_plugin_1.0.1.zip
C:\Users\CC\AppData\Roaming\m\shared\SecrecyKeeper_2.0.0.246.zip
C:\Users\CC\AppData\Roaming\m\shared\Simple_Paint_1.5.zip
C:\Users\CC\AppData\Roaming\m\shared\Single_State_Mapper_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Site_Popper_3.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Softinvestor_1.2_[Crack].zip
C:\Users\CC\AppData\Roaming\m\shared\Software_Midi_Keyboard_1.8.zip
C:\Users\CC\AppData\Roaming\m\shared\Speaking_Mailer_2.10.zip
C:\Users\CC\AppData\Roaming\m\shared\Specrem_6.2.zip
C:\Users\CC\AppData\Roaming\m\shared\Staff_Tracker_In-Out_Board_3.0.zip
C:\Users\CC\AppData\Roaming\m\shared\T.A.S._Weather_Station_2.4.4.zip
C:\Users\CC\AppData\Roaming\m\shared\Tightwad_Personal_Budget_1.2_Cracked.zip
C:\Users\CC\AppData\Roaming\m\shared\TimeRecorder_4.25.3.zip
C:\Users\CC\AppData\Roaming\m\shared\Total_MP3_Converter_1.01.zip
C:\Users\CC\AppData\Roaming\m\shared\TreeMap_1.0.3_[With_Crack].zip
C:\Users\CC\AppData\Roaming\m\shared\Type_Library_Documentor_1.0.zip
C:\Users\CC\AppData\Roaming\m\shared\Ulead_DVD_Workshop_2.0_[KeyGen].zip
C:\Users\CC\AppData\Roaming\m\shared\United_States_ZIP_Code_Database_(Basic_Edition)_February_2007.zip
C:\Users\CC\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Crows_Perch_CTF_map.zip
C:\Users\CC\AppData\Roaming\m\shared\USBTrace_2.0_Serial.zip
C:\Users\CC\AppData\Roaming\m\shared\VB_Project_Eye_3.0.5.zip
C:\Users\CC\AppData\Roaming\m\shared\VBScodePrint_1.2.73_Key+Serial.zip
C:\Users\CC\AppData\Roaming\m\shared\Videoraptor_1.5.45.0_(Patch).zip
C:\Users\CC\AppData\Roaming\m\shared\VOX_for_Skype_0.9.5_Beta.zip
C:\Users\CC\AppData\Roaming\m\shared\Wallpaper_Sequencer_Standard_4.6.2.449.zip
C:\Users\CC\AppData\Roaming\m\shared\Warcraft_III_-_Isildur's_Death_map.zip
C:\Users\CC\AppData\Roaming\m\shared\Web_Weaver_2005_(Crack).zip
C:\Users\CC\AppData\Roaming\m\shared\Web2Pop_Standard_1.0.3.8.zip
C:\Users\CC\AppData\Roaming\m\shared\Webcam_Watcher_3.1.zip
C:\Users\CC\AppData\Roaming\m\shared\WebPrint_Plus_1.0_(Crack).zip
C:\Users\CC\AppData\Roaming\m\shared\WinFlash_Educator_9.0.01.zip
C:\Users\CC\AppData\Roaming\m\shared\WinXMedia_CD_Extractor_1.0.91_(With_Crack).zip
C:\Users\CC\AppData\Roaming\m\shared\Word_to_PDF_Converter_3.zip
C:\Users\CC\AppData\Roaming\m\shared\Word_Wizard_Deluxe_2.2.zip
C:\Users\CC\AppData\Roaming\m\shared\Writer's_Blocks_3.0.zip
C:\Users\CC\AppData\Roaming\m\shared\X-Wing_Alliance_Patch_2.02.zip
C:\Users\CC\AppData\Roaming\m\shared\XP_Firewall_Logger_2.01a_[Key].zip
C:\Users\CC\AppData\Roaming\m\shared\Zap_HTML_Compressor_2.0.zip
C:\Users\CC\AppData\Roaming\m\shared\ZebZip_1.2_Beta.zip
C:\Users\CC\AppData\Roaming\m\srvlist.oct
C:\Users\CC\AppData\Roaming\macromedia\Flash Player\#SharedObjects\KRL495KD\interclick.com
C:\Users\CC\AppData\Roaming\macromedia\Flash Player\#SharedObjects\KRL495KD\interclick.com\ud.sol
C:\Users\CC\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\CC\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@insightexpressai[1].txt
C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@tv.yam[1].txt
C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@vendorweb.citibank[1].txt
C:\Windows\system32\ban_list.txt
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\102088692.exe
C:\Windows\system32\drivers\downld\102100704.exe
C:\Windows\system32\drivers\downld\102111374.exe
C:\Windows\system32\drivers\downld\102118363.exe
C:\Windows\system32\drivers\downld\102122248.exe
C:\Windows\system32\drivers\downld\102124588.exe
C:\Windows\system32\drivers\downld\102126662.exe
C:\Windows\system32\drivers\downld\102181044.exe
C:\Windows\system32\drivers\downld\102183993.exe
C:\Windows\system32\drivers\downld\102218812.exe
C:\Windows\system32\drivers\downld\102250356.exe
C:\Windows\system32\drivers\downld\10791275.exe
C:\Windows\system32\drivers\downld\10821617.exe
C:\Windows\system32\drivers\downld\10869993.exe
C:\Windows\system32\drivers\downld\10911926.exe
C:\Windows\system32\drivers\downld\10962408.exe
C:\Windows\system32\drivers\downld\110167.exe
C:\Windows\system32\drivers\downld\11028646.exe
C:\Windows\system32\drivers\downld\11042171.exe
C:\Windows\system32\drivers\downld\11065556.exe
C:\Windows\system32\drivers\downld\11067724.exe
C:\Windows\system32\drivers\downld\11070704.exe
C:\Windows\system32\drivers\downld\11109143.exe
C:\Windows\system32\drivers\downld\11119564.exe
C:\Windows\system32\drivers\downld\11142605.exe
C:\Windows\system32\drivers\downld\11144602.exe
C:\Windows\system32\drivers\downld\11161341.exe
C:\Windows\system32\drivers\downld\11167908.exe
C:\Windows\system32\drivers\downld\11172573.exe
C:\Windows\system32\drivers\downld\11195786.exe
C:\Windows\system32\drivers\downld\11197814.exe
C:\Windows\system32\drivers\downld\11199670.exe
C:\Windows\system32\drivers\downld\11235004.exe
C:\Windows\system32\drivers\downld\11237890.exe
C:\Windows\system32\drivers\downld\11264301.exe
C:\Windows\system32\drivers\downld\11274644.exe
C:\Windows\system32\drivers\downld\116655114.exe
C:\Windows\system32\drivers\downld\116664162.exe
C:\Windows\system32\drivers\downld\116670604.exe
C:\Windows\system32\drivers\downld\116672960.exe
C:\Windows\system32\drivers\downld\116679294.exe
C:\Windows\system32\drivers\downld\116684333.exe
C:\Windows\system32\drivers\downld\116685877.exe
C:\Windows\system32\drivers\downld\116688545.exe
C:\Windows\system32\drivers\downld\116731866.exe
C:\Windows\system32\drivers\downld\116733988.exe
C:\Windows\system32\drivers\downld\116761116.exe
C:\Windows\system32\drivers\downld\116770944.exe
C:\Windows\system32\drivers\downld\118529.exe
C:\Windows\system32\drivers\downld\123864.exe
C:\Windows\system32\drivers\downld\127187.exe
C:\Windows\system32\drivers\downld\128201.exe
C:\Windows\system32\drivers\downld\130588.exe
C:\Windows\system32\drivers\downld\131103.exe
C:\Windows\system32\drivers\downld\131176295.exe
C:\Windows\system32\drivers\downld\131186295.exe
C:\Windows\system32\drivers\downld\131192472.exe
C:\Windows\system32\drivers\downld\131195218.exe
C:\Windows\system32\drivers\downld\131204110.exe
C:\Windows\system32\drivers\downld\131208026.exe
C:\Windows\system32\drivers\downld\131209570.exe
C:\Windows\system32\drivers\downld\131212206.exe
C:\Windows\system32\drivers\downld\131246043.exe
C:\Windows\system32\drivers\downld\131248679.exe
C:\Windows\system32\drivers\downld\131272860.exe
C:\Windows\system32\drivers\downld\131282797.exe
C:\Windows\system32\drivers\downld\133755.exe
C:\Windows\system32\drivers\downld\137234.exe
C:\Windows\system32\drivers\downld\137670.exe
C:\Windows\system32\drivers\downld\145626.exe
C:\Windows\system32\drivers\downld\14691706.exe
C:\Windows\system32\drivers\downld\14704467.exe
C:\Windows\system32\drivers\downld\14707836.exe
C:\Windows\system32\drivers\downld\14725464.exe
C:\Windows\system32\drivers\downld\14732297.exe
C:\Windows\system32\drivers\downld\14733576.exe
C:\Windows\system32\drivers\downld\14738834.exe
C:\Windows\system32\drivers\downld\14748880.exe
C:\Windows\system32\drivers\downld\14750534.exe
C:\Windows\system32\drivers\downld\14756430.exe
C:\Windows\system32\drivers\downld\14763185.exe
C:\Windows\system32\drivers\downld\14764465.exe
C:\Windows\system32\drivers\downld\14766461.exe
C:\Windows\system32\drivers\downld\14770299.exe
C:\Windows\system32\drivers\downld\14770361.exe
C:\Windows\system32\drivers\downld\14770408.exe
C:\Windows\system32\drivers\downld\14775182.exe
C:\Windows\system32\drivers\downld\14777116.exe
C:\Windows\system32\drivers\downld\14778364.exe
C:\Windows\system32\drivers\downld\14781609.exe
C:\Windows\system32\drivers\downld\14783029.exe
C:\Windows\system32\drivers\downld\14784433.exe
C:\Windows\system32\drivers\downld\14788052.exe
C:\Windows\system32\drivers\downld\14788988.exe
C:\Windows\system32\drivers\downld\14791000.exe
C:\Windows\system32\drivers\downld\14792997.exe
C:\Windows\system32\drivers\downld\14795166.exe
C:\Windows\system32\drivers\downld\14798972.exe
C:\Windows\system32\drivers\downld\14801296.exe
C:\Windows\system32\drivers\downld\14801374.exe
C:\Windows\system32\drivers\downld\14803995.exe
C:\Windows\system32\drivers\downld\14810953.exe
C:\Windows\system32\drivers\downld\14813464.exe
C:\Windows\system32\drivers\downld\14814697.exe
C:\Windows\system32\drivers\downld\14815274.exe
C:\Windows\system32\drivers\downld\14816850.exe
C:\Windows\system32\drivers\downld\14818612.exe
C:\Windows\system32\drivers\downld\14818690.exe
C:\Windows\system32\drivers\downld\14818987.exe
C:\Windows\system32\drivers\downld\14823105.exe
C:\Windows\system32\drivers\downld\14823776.exe
C:\Windows\system32\drivers\downld\14826147.exe
C:\Windows\system32\drivers\downld\14832543.exe
C:\Windows\system32\drivers\downld\14837691.exe
C:\Windows\system32\drivers\downld\14841264.exe
C:\Windows\system32\drivers\downld\14850499.exe
C:\Windows\system32\drivers\downld\14853947.exe
C:\Windows\system32\drivers\downld\14855647.exe
C:\Windows\system32\drivers\downld\14856380.exe
C:\Windows\system32\drivers\downld\14859204.exe
C:\Windows\system32\drivers\downld\14859812.exe
C:\Windows\system32\drivers\downld\14874913.exe
C:\Windows\system32\drivers\downld\14877612.exe
C:\Windows\system32\drivers\downld\14882401.exe
C:\Windows\system32\drivers\downld\14887269.exe
C:\Windows\system32\drivers\downld\14887924.exe
C:\Windows\system32\drivers\downld\14903586.exe
C:\Windows\system32\drivers\downld\153005.exe
C:\Windows\system32\drivers\downld\157732.exe
C:\Windows\system32\drivers\downld\157919.exe
C:\Windows\system32\drivers\downld\160166.exe
C:\Windows\system32\drivers\downld\161835.exe
C:\Windows\system32\drivers\downld\162787.exe
C:\Windows\system32\drivers\downld\166609.exe
C:\Windows\system32\drivers\downld\167404.exe
C:\Windows\system32\drivers\downld\168059.exe
C:\Windows\system32\drivers\downld\169292.exe
C:\Windows\system32\drivers\downld\169339.exe
C:\Windows\system32\drivers\downld\172037.exe
C:\Windows\system32\drivers\downld\172552.exe
C:\Windows\system32\drivers\downld\174393.exe
C:\Windows\system32\drivers\downld\175672.exe
C:\Windows\system32\drivers\downld\176062.exe
C:\Windows\system32\drivers\downld\176608.exe
C:\Windows\system32\drivers\downld\179494.exe
C:\Windows\system32\drivers\downld\179915.exe
C:\Windows\system32\drivers\downld\180274.exe
C:\Windows\system32\drivers\downld\181990.exe
C:\Windows\system32\drivers\downld\182723.exe
C:\Windows\system32\drivers\downld\183160.exe
C:\Windows\system32\drivers\downld\184346.exe
C:\Windows\system32\drivers\downld\185188.exe
C:\Windows\system32\drivers\downld\185469.exe
C:\Windows\system32\drivers\downld\185953.exe
C:\Windows\system32\drivers\downld\186561.exe
C:\Windows\system32\drivers\downld\189400.exe
C:\Windows\system32\drivers\downld\190180.exe
C:\Windows\system32\drivers\downld\193222.exe
C:\Windows\system32\drivers\downld\193456.exe
C:\Windows\system32\drivers\downld\193706.exe
C:\Windows\system32\drivers\downld\196842.exe
C:\Windows\system32\drivers\downld\198090.exe
C:\Windows\system32\drivers\downld\198495.exe
C:\Windows\system32\drivers\downld\200523.exe
C:\Windows\system32\drivers\downld\200648.exe
C:\Windows\system32\drivers\downld\202629.exe
C:\Windows\system32\drivers\downld\203144.exe
C:\Windows\system32\drivers\downld\204189.exe
C:\Windows\system32\drivers\downld\204548.exe
C:\Windows\system32\drivers\downld\205749.exe
C:\Windows\system32\drivers\downld\206436.exe
C:\Windows\system32\drivers\downld\206685.exe
C:\Windows\system32\drivers\downld\206810.exe
C:\Windows\system32\drivers\downld\207028.exe
C:\Windows\system32\drivers\downld\208074.exe
C:\Windows\system32\drivers\downld\208354.exe
C:\Windows\system32\drivers\downld\208838.exe
C:\Windows\system32\drivers\downld\209290.exe
C:\Windows\system32\drivers\downld\209337.exe
C:\Windows\system32\drivers\downld\209384.exe
C:\Windows\system32\drivers\downld\212036.exe
C:\Windows\system32\drivers\downld\213175.exe
C:\Windows\system32\drivers\downld\213518.exe
C:\Windows\system32\drivers\downld\214516.exe
C:\Windows\system32\drivers\downld\215515.exe
C:\Windows\system32\drivers\downld\216310.exe
C:\Windows\system32\drivers\downld\216825.exe
C:\Windows\system32\drivers\downld\217480.exe
C:\Windows\system32\drivers\downld\218104.exe
C:\Windows\system32\drivers\downld\218713.exe
C:\Windows\system32\drivers\downld\220008.exe
C:\Windows\system32\drivers\downld\220086.exe
C:\Windows\system32\drivers\downld\220257.exe
C:\Windows\system32\drivers\downld\220632.exe
C:\Windows\system32\drivers\downld\222020.exe
C:\Windows\system32\drivers\downld\223112.exe
C:\Windows\system32\drivers\downld\223175.exe
C:\Windows\system32\drivers\downld\223627.exe
C:\Windows\system32\drivers\downld\223674.exe
C:\Windows\system32\drivers\downld\223845.exe
C:\Windows\system32\drivers\downld\225561.exe
C:\Windows\system32\drivers\downld\227355.exe
C:\Windows\system32\drivers\downld\228182.exe
C:\Windows\system32\drivers\downld\228213.exe
C:\Windows\system32\drivers\downld\229087.exe
C:\Windows\system32\drivers\downld\229805.exe
C:\Windows\system32\drivers\downld\229992.exe
C:\Windows\system32\drivers\downld\230553.exe
C:\Windows\system32\drivers\downld\231053.exe
C:\Windows\system32\drivers\downld\231177.exe
C:\Windows\system32\drivers\downld\231770.exe
C:\Windows\system32\drivers\downld\232301.exe
C:\Windows\system32\drivers\downld\232316.exe
C:\Windows\system32\drivers\downld\234906.exe
C:\Windows\system32\drivers\downld\235077.exe
C:\Windows\system32\drivers\downld\235436.exe
C:\Windows\system32\drivers\downld\237495.exe
C:\Windows\system32\drivers\downld\237854.exe
C:\Windows\system32\drivers\downld\238104.exe
C:\Windows\system32\drivers\downld\238431.exe
C:\Windows\system32\drivers\downld\239804.exe
C:\Windows\system32\drivers\downld\239898.exe
C:\Windows\system32\drivers\downld\241193.exe
C:\Windows\system32\drivers\downld\241302.exe
C:\Windows\system32\drivers\downld\241739.exe
C:\Windows\system32\drivers\downld\245186.exe
C:\Windows\system32\drivers\downld\246668.exe
C:\Windows\system32\drivers\downld\248603.exe
C:\Windows\system32\drivers\downld\249601.exe
C:\Windows\system32\drivers\downld\249617.exe
C:\Windows\system32\drivers\downld\250116.exe
C:\Windows\system32\drivers\downld\250397.exe
C:\Windows\system32\drivers\downld\251863.exe
C:\Windows\system32\drivers\downld\252160.exe
C:\Windows\system32\drivers\downld\253314.exe
C:\Windows\system32\drivers\downld\254188.exe
C:\Windows\system32\drivers\downld\254921.exe
C:\Windows\system32\drivers\downld\25686921.exe
C:\Windows\system32\drivers\downld\256871.exe
C:\Windows\system32\drivers\downld\25702225.exe
C:\Windows\system32\drivers\downld\25725313.exe
C:\Windows\system32\drivers\downld\25726702.exe
C:\Windows\system32\drivers\downld\25728792.exe
C:\Windows\system32\drivers\downld\25762114.exe
C:\Windows\system32\drivers\downld\25763471.exe
C:\Windows\system32\drivers\downld\25786310.exe
C:\Windows\system32\drivers\downld\25797791.exe
C:\Windows\system32\drivers\downld\258852.exe
C:\Windows\system32\drivers\downld\259320.exe
C:\Windows\system32\drivers\downld\259616.exe
C:\Windows\system32\drivers\downld\259663.exe
C:\Windows\system32\drivers\downld\260053.exe
C:\Windows\system32\drivers\downld\260911.exe
C:\Windows\system32\drivers\downld\261317.exe
C:\Windows\system32\drivers\downld\261707.exe
C:\Windows\system32\drivers\downld\263126.exe
C:\Windows\system32\drivers\downld\263906.exe
C:\Windows\system32\drivers\downld\265747.exe
C:\Windows\system32\drivers\downld\266012.exe
C:\Windows\system32\drivers\downld\266714.exe
C:\Windows\system32\drivers\downld\268462.exe
C:\Windows\system32\drivers\downld\268914.exe
C:\Windows\system32\drivers\downld\269710.exe
C:\Windows\system32\drivers\downld\270318.exe
C:\Windows\system32\drivers\downld\270568.exe
C:\Windows\system32\drivers\downld\270724.exe
C:\Windows\system32\drivers\downld\271831.exe
C:\Windows\system32\drivers\downld\272861.exe
C:\Windows\system32\drivers\downld\274109.exe
C:\Windows\system32\drivers\downld\274499.exe
C:\Windows\system32\drivers\downld\274733.exe
C:\Windows\system32\drivers\downld\275060.exe
C:\Windows\system32\drivers\downld\275357.exe
C:\Windows\system32\drivers\downld\276074.exe
C:\Windows\system32\drivers\downld\276511.exe
C:\Windows\system32\drivers\downld\276995.exe
C:\Windows\system32\drivers\downld\277010.exe
C:\Windows\system32\drivers\downld\277946.exe
C:\Windows\system32\drivers\downld\278539.exe
C:\Windows\system32\drivers\downld\278570.exe
C:\Windows\system32\drivers\downld\278664.exe
C:\Windows\system32\drivers\downld\279163.exe
C:\Windows\system32\drivers\downld\279304.exe
C:\Windows\system32\drivers\downld\279350.exe
C:\Windows\system32\drivers\downld\280068.exe
C:\Windows\system32\drivers\downld\280396.exe
C:\Windows\system32\drivers\downld\281285.exe
C:\Windows\system32\drivers\downld\282361.exe
C:\Windows\system32\drivers\downld\282829.exe
C:\Windows\system32\drivers\downld\283563.exe
C:\Windows\system32\drivers\downld\285840.exe
C:\Windows\system32\drivers\downld\288913.exe
C:\Windows\system32\drivers\downld\288991.exe
C:\Windows\system32\drivers\downld\290489.exe
C:\Windows\system32\drivers\downld\290536.exe
C:\Windows\system32\drivers\downld\291503.exe
C:\Windows\system32\drivers\downld\292018.exe
C:\Windows\system32\drivers\downld\29235913.exe
C:\Windows\system32\drivers\downld\29243853.exe
C:\Windows\system32\drivers\downld\29260873.exe
C:\Windows\system32\drivers\downld\29267300.exe
C:\Windows\system32\drivers\downld\29278064.exe
C:\Windows\system32\drivers\downld\29284429.exe
C:\Windows\system32\drivers\downld\29286847.exe
C:\Windows\system32\drivers\downld\29289312.exe
C:\Windows\system32\drivers\downld\29289593.exe
C:\Windows\system32\drivers\downld\29292432.exe
C:\Windows\system32\drivers\downld\29293493.exe
C:\Windows\system32\drivers\downld\29296379.exe
C:\Windows\system32\drivers\downld\29298828.exe
C:\Windows\system32\drivers\downld\29302338.exe
C:\Windows\system32\drivers\downld\29302681.exe
C:\Windows\system32\drivers\downld\29303851.exe
C:\Windows\system32\drivers\downld\29304007.exe
C:\Windows\system32\drivers\downld\29306457.exe
C:\Windows\system32\drivers\downld\29307517.exe
C:\Windows\system32\drivers\downld\29309109.exe
C:\Windows\system32\drivers\downld\29311137.exe
C:\Windows\system32\drivers\downld\29312010.exe
C:\Windows\system32\drivers\downld\29312026.exe
C:\Windows\system32\drivers\downld\29321932.exe
C:\Windows\system32\drivers\downld\29325520.exe
C:\Windows\system32\drivers\downld\29326487.exe
C:\Windows\system32\drivers\downld\29327953.exe
C:\Windows\system32\drivers\downld\29328499.exe
C:\Windows\system32\drivers\downld\29330434.exe
C:\Windows\system32\drivers\downld\29335286.exe
C:\Windows\system32\drivers\downld\29337516.exe
C:\Windows\system32\drivers\downld\29339654.exe
C:\Windows\system32\drivers\downld\29345082.exe
C:\Windows\system32\drivers\downld\29347110.exe
C:\Windows\system32\drivers\downld\29351556.exe
C:\Windows\system32\drivers\downld\29353772.exe
C:\Windows\system32\drivers\downld\29354988.exe
C:\Windows\system32\drivers\downld\29373022.exe
C:\Windows\system32\drivers\downld\29376938.exe
C:\Windows\system32\drivers\downld\29378404.exe
C:\Windows\system32\drivers\downld\29378420.exe
C:\Windows\system32\drivers\downld\29380151.exe
C:\Windows\system32\drivers\downld\293827.exe
C:\Windows\system32\drivers\downld\29383240.exe
C:\Windows\system32\drivers\downld\29383490.exe
C:\Windows\system32\drivers\downld\29389387.exe
C:\Windows\system32\drivers\downld\29403271.exe
C:\Windows\system32\drivers\downld\29413676.exe
C:\Windows\system32\drivers\downld\295075.exe
C:\Windows\system32\drivers\downld\29550614.exe
C:\Windows\system32\drivers\downld\29552891.exe
C:\Windows\system32\drivers\downld\29577368.exe
C:\Windows\system32\drivers\downld\29586759.exe
C:\Windows\system32\drivers\downld\296620.exe
C:\Windows\system32\drivers\downld\298039.exe
C:\Windows\system32\drivers\downld\299896.exe
C:\Windows\system32\drivers\downld\302376.exe
C:\Windows\system32\drivers\downld\302766.exe
C:\Windows\system32\drivers\downld\303234.exe
C:\Windows\system32\drivers\downld\304794.exe
C:\Windows\system32\drivers\downld\305340.exe
C:\Windows\system32\drivers\downld\305668.exe
C:\Windows\system32\drivers\downld\308320.exe
C:\Windows\system32\drivers\downld\308757.exe
C:\Windows\system32\drivers\downld\309958.exe
C:\Windows\system32\drivers\downld\311721.exe
C:\Windows\system32\drivers\downld\312376.exe
C:\Windows\system32\drivers\downld\313296.exe
C:\Windows\system32\drivers\downld\313421.exe
C:\Windows\system32\drivers\downld\313749.exe
C:\Windows\system32\drivers\downld\315371.exe
C:\Windows\system32\drivers\downld\315512.exe
C:\Windows\system32\drivers\downld\316198.exe
C:\Windows\system32\drivers\downld\316463.exe
C:\Windows\system32\drivers\downld\316916.exe
C:\Windows\system32\drivers\downld\317711.exe
C:\Windows\system32\drivers\downld\318850.exe
C:\Windows\system32\drivers\downld\319521.exe
C:\Windows\system32\drivers\downld\322968.exe
C:\Windows\system32\drivers\downld\323046.exe
C:\Windows\system32\drivers\downld\326260.exe
C:\Windows\system32\drivers\downld\326541.exe
C:\Windows\system32\drivers\downld\326619.exe
C:\Windows\system32\drivers\downld\327492.exe
C:\Windows\system32\drivers\downld\330971.exe
C:\Windows\system32\drivers\downld\331034.exe
C:\Windows\system32\drivers\downld\331080.exe
C:\Windows\system32\drivers\downld\333264.exe
C:\Windows\system32\drivers\downld\334934.exe
C:\Windows\system32\drivers\downld\339302.exe
C:\Windows\system32\drivers\downld\342874.exe
C:\Windows\system32\drivers\downld\345214.exe
C:\Windows\system32\drivers\downld\345651.exe
C:\Windows\system32\drivers\downld\346649.exe
C:\Windows\system32\drivers\downld\347897.exe
C:\Windows\system32\drivers\downld\352219.exe
C:\Windows\system32\drivers\downld\353170.exe
C:\Windows\system32\drivers\downld\355385.exe
C:\Windows\system32\drivers\downld\355495.exe
C:\Windows\system32\drivers\downld\356041.exe
C:\Windows\system32\drivers\downld\357101.exe
C:\Windows\system32\drivers\downld\358053.exe
C:\Windows\system32\drivers\downld\358958.exe
C:\Windows\system32\drivers\downld\366196.exe
C:\Windows\system32\drivers\downld\374511.exe
C:\Windows\system32\drivers\downld\37563028.exe
C:\Windows\system32\drivers\downld\37580687.exe
C:\Windows\system32\drivers\downld\37583870.exe
C:\Windows\system32\drivers\downld\37585445.exe
C:\Windows\system32\drivers\downld\37588160.exe
C:\Windows\system32\drivers\downld\37625896.exe
C:\Windows\system32\drivers\downld\37627799.exe
C:\Windows\system32\drivers\downld\37652042.exe
C:\Windows\system32\drivers\downld\37677049.exe
C:\Windows\system32\drivers\downld\381765.exe
C:\Windows\system32\drivers\downld\394900.exe
C:\Windows\system32\drivers\downld\399690.exe
C:\Windows\system32\drivers\downld\40207744.exe
C:\Windows\system32\drivers\downld\40221597.exe
C:\Windows\system32\drivers\downld\40244467.exe
C:\Windows\system32\drivers\downld\40245637.exe
C:\Windows\system32\drivers\downld\40247899.exe
C:\Windows\system32\drivers\downld\40281798.exe
C:\Windows\system32\drivers\downld\40283436.exe
C:\Windows\system32\drivers\downld\40308942.exe
C:\Windows\system32\drivers\downld\40319675.exe
C:\Windows\system32\drivers\downld\416444.exe
C:\Windows\system32\drivers\downld\426506.exe
C:\Windows\system32\drivers\downld\430375.exe
C:\Windows\system32\drivers\downld\437567.exe
C:\Windows\system32\drivers\downld\43788435.exe
C:\Windows\system32\drivers\downld\43792382.exe
C:\Windows\system32\drivers\downld\43800509.exe
C:\Windows\system32\drivers\downld\43801461.exe
C:\Windows\system32\drivers\downld\43814908.exe
C:\Windows\system32\drivers\downld\43820821.exe
C:\Windows\system32\drivers\downld\43822381.exe
C:\Windows\system32\drivers\downld\43823083.exe
C:\Windows\system32\drivers\downld\43824268.exe
C:\Windows\system32\drivers\downld\43825860.exe
C:\Windows\system32\drivers\downld\43827170.exe
C:\Windows\system32\drivers\downld\43829276.exe
C:\Windows\system32\drivers\downld\43839229.exe
C:\Windows\system32\drivers\downld\43839432.exe
C:\Windows\system32\drivers\downld\43842598.exe
C:\Windows\system32\drivers\downld\43844861.exe
C:\Windows\system32\drivers\downld\43847060.exe
C:\Windows\system32\drivers\downld\43850461.exe
C:\Windows\system32\drivers\downld\43853425.exe
C:\Windows\system32\drivers\downld\43862723.exe
C:\Windows\system32\drivers\downld\43862957.exe
C:\Windows\system32\drivers\downld\43864673.exe
C:\Windows\system32\drivers\downld\43865187.exe
C:\Windows\system32\drivers\downld\43867855.exe
C:\Windows\system32\drivers\downld\43879930.exe
C:\Windows\system32\drivers\downld\43885000.exe
C:\Windows\system32\drivers\downld\43892410.exe
C:\Windows\system32\drivers\downld\43896856.exe
C:\Windows\system32\drivers\downld\43905264.exe
C:\Windows\system32\drivers\downld\43908259.exe
C:\Windows\system32\drivers\downld\43911676.exe
C:\Windows\system32\drivers\downld\43924125.exe
C:\Windows\system32\drivers\downld\43927026.exe
C:\Windows\system32\drivers\downld\43929444.exe
C:\Windows\system32\drivers\downld\43931457.exe
C:\Windows\system32\drivers\downld\43935809.exe
C:\Windows\system32\drivers\downld\43938992.exe
C:\Windows\system32\drivers\downld\43941971.exe
C:\Windows\system32\drivers\downld\43949880.exe
C:\Windows\system32\drivers\downld\43992359.exe
C:\Windows\system32\drivers\downld\44000378.exe
C:\Windows\system32\drivers\downld\44017101.exe
C:\Windows\system32\drivers\downld\44020908.exe
C:\Windows\system32\drivers\downld\44022046.exe
C:\Windows\system32\drivers\downld\44024605.exe
C:\Windows\system32\drivers\downld\44058972.exe
C:\Windows\system32\drivers\downld\44060906.exe
C:\Windows\system32\drivers\downld\44087988.exe
C:\Windows\system32\drivers\downld\44097551.exe
C:\Windows\system32\drivers\downld\52088718.exe
C:\Windows\system32\drivers\downld\52102040.exe
C:\Windows\system32\drivers\downld\52127000.exe
C:\Windows\system32\drivers\downld\52131353.exe
C:\Windows\system32\drivers\downld\52133911.exe
C:\Windows\system32\drivers\downld\52168341.exe
C:\Windows\system32\drivers\downld\52171632.exe
C:\Windows\system32\drivers\downld\52199946.exe
C:\Windows\system32\drivers\downld\52210118.exe
C:\Windows\system32\drivers\downld\58330817.exe
C:\Windows\system32\drivers\downld\58367883.exe
C:\Windows\system32\drivers\downld\58383779.exe
C:\Windows\system32\drivers\downld\58393951.exe
C:\Windows\system32\drivers\downld\58405463.exe
C:\Windows\system32\drivers\downld\58407008.exe
C:\Windows\system32\drivers\downld\58409972.exe
C:\Windows\system32\drivers\downld\58452014.exe
C:\Windows\system32\drivers\downld\58454292.exe
C:\Windows\system32\drivers\downld\58465118.exe
C:\Windows\system32\drivers\downld\58480890.exe
C:\Windows\system32\drivers\downld\58490297.exe
C:\Windows\system32\drivers\downld\58505210.exe
C:\Windows\system32\drivers\downld\58513245.exe
C:\Windows\system32\drivers\downld\58518502.exe
C:\Windows\system32\drivers\downld\58520873.exe
C:\Windows\system32\drivers\downld\58529905.exe
C:\Windows\system32\drivers\downld\58535350.exe
C:\Windows\system32\drivers\downld\58537549.exe
C:\Windows\system32\drivers\downld\58539749.exe
C:\Windows\system32\drivers\downld\58573461.exe
C:\Windows\system32\drivers\downld\58577704.exe
C:\Windows\system32\drivers\downld\58604677.exe
C:\Windows\system32\drivers\downld\58616190.exe
C:\Windows\system32\drivers\downld\62263290.exe
C:\Windows\system32\drivers\downld\62268672.exe
C:\Windows\system32\drivers\downld\62283820.exe
C:\Windows\system32\drivers\downld\62308062.exe
C:\Windows\system32\drivers\downld\62310995.exe
C:\Windows\system32\drivers\downld\62313132.exe
C:\Windows\system32\drivers\downld\62349855.exe
C:\Windows\system32\drivers\downld\62352492.exe
C:\Windows\system32\drivers\downld\62378824.exe
C:\Windows\system32\drivers\downld\62390509.exe
C:\Windows\system32\drivers\downld\72899719.exe
C:\Windows\system32\drivers\downld\72958953.exe
C:\Windows\system32\drivers\downld\72973445.exe
C:\Windows\system32\drivers\downld\72974178.exe
C:\Windows\system32\drivers\downld\72981417.exe
C:\Windows\system32\drivers\downld\72984786.exe
C:\Windows\system32\drivers\downld\72986362.exe
C:\Windows\system32\drivers\downld\72989123.exe
C:\Windows\system32\drivers\downld\73023132.exe
C:\Windows\system32\drivers\downld\73035331.exe
C:\Windows\system32\drivers\downld\73036048.exe
C:\Windows\system32\drivers\downld\73038373.exe
C:\Windows\system32\drivers\downld\73047483.exe
C:\Windows\system32\drivers\downld\73049464.exe
C:\Windows\system32\drivers\downld\73049511.exe
C:\Windows\system32\drivers\downld\73057374.exe
C:\Windows\system32\drivers\downld\73062834.exe
C:\Windows\system32\drivers\downld\73064035.exe
C:\Windows\system32\drivers\downld\73066219.exe
C:\Windows\system32\drivers\downld\73066281.exe
C:\Windows\system32\drivers\downld\73075563.exe
C:\Windows\system32\drivers\downld\73100212.exe
C:\Windows\system32\drivers\downld\73102458.exe
C:\Windows\system32\drivers\downld\73129290.exe
C:\Windows\system32\drivers\downld\73139914.exe
C:\Windows\system32\drivers\downld\87545811.exe
C:\Windows\system32\drivers\downld\87559195.exe
C:\Windows\system32\drivers\downld\87596417.exe
C:\Windows\system32\drivers\downld\87600458.exe
C:\Windows\system32\drivers\downld\87602143.exe
C:\Windows\system32\drivers\downld\87604748.exe
C:\Windows\system32\drivers\downld\87638896.exe
C:\Windows\system32\drivers\downld\87641548.exe
C:\Windows\system32\drivers\downld\87670409.exe
C:\Windows\system32\drivers\downld\87680658.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-23 18:04 . 2008-08-23 18:05 277,965,185 --a------ C:\Windows\MEMORY.DMP
2008-08-23 17:13 . 2008-08-23 17:13 <DIR> d-------- C:\Users\CC\AppData\Roaming\skypePM
2008-08-23 17:12 . 2008-08-23 17:12 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-21 09:47 . 2008-08-21 21:09 <DIR> d-------- C:\Program Files\Symantec
2008-08-21 09:47 . 2008-08-21 21:09 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-08-21 08:14 . 2008-08-21 08:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 07:47 . 2008-07-15 18:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-20 21:47 . 2008-06-26 18:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-20 21:47 . 2008-06-26 21:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-20 21:47 . 2008-04-17 22:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-20 21:46 . 2008-04-09 22:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-20 21:46 . 2008-06-18 20:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-20 21:24 . 2008-08-20 21:24 <DIR> d-------- C:\PROGRA~2\WinZipSE
2008-08-20 21:09 . 2008-08-20 21:09 <DIR> d-------- C:\Windows\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-08-20 20:51 . 2008-08-20 20:51 <DIR> d-------- C:\ie-spyad_zo
2008-08-20 20:43 . 2008-08-20 20:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-19 07:40 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-17 18:55 . 2008-08-17 18:55 <DIR> d-------- C:\Program Files\Panda Security
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Videos
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> d-------- C:\Users\CC_2\Saved Games
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Pictures
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Music
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Links
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Downloads
2008-08-16 17:01 . 2006-11-02 06:02 <DIR> dr------- C:\Users\CC_2\Documents
2008-08-16 17:01 . 2006-11-02 04:18 <DIR> d--h----- C:\Users\CC_2\AppData
2008-08-16 17:01 . 2008-08-16 17:01 <DIR> d-------- C:\Users\CC_2
2008-08-16 15:52 . 2008-08-21 09:51 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-08-16 08:34 . 2008-08-16 08:34 <DIR> d-------- C:\Users\Guest.CC-PC\AppData\Roaming\Yahoo!
2008-08-16 08:29 . 2008-08-16 08:29 <DIR> d-------- C:\Users\Guest.CC-PC\AppData\Roaming\Infineon
2008-08-16 08:28 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Searches
2008-08-16 08:28 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Contacts
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Videos
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Saved Games
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Pictures
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Music
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Links
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Downloads
2008-08-16 08:27 . 2008-08-16 08:30 <DIR> dr------- C:\Users\Guest.CC-PC\Documents
2008-08-16 08:27 . 2006-11-02 05:37 <DIR> d-------- C:\Users\Guest.CC-PC\AppData\Roaming\Media Center Programs
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> d--h----- C:\Users\Guest.CC-PC\AppData
2008-08-16 08:27 . 2008-08-18 21:19 <DIR> d-------- C:\Users\Guest.CC-PC
2008-08-16 08:22 . 2008-08-16 08:22 <DIR> d-------- C:\PROGRA~2\WindowsSearch
2008-08-16 08:15 . 2008-08-23 17:56 <DIR> d-------- C:\Users\Guest
2008-08-15 21:03 . 2008-08-15 21:03 <DIR> d-------- C:\Windows\Sun
2008-08-11 16:18 . 2008-08-15 11:44 69 --a------ C:\Windows\NeroDigital.ini
2008-08-11 16:10 . 2008-08-20 21:24 <DIR> d-------- C:\Program Files\WinZip Self-Extractor
2008-08-08 00:30 . 2008-08-08 00:30 0 --a------ C:\Windows\tosOBEX.INI
2008-08-08 00:24 . 2008-08-08 00:24 335 --a------ C:\Windows\mozregistry.dat
2008-08-07 02:21 . 2008-08-07 02:21 <DIR> d-------- C:\Users\CC\AppData\Roaming\Syntrillium
2008-08-07 02:20 . 2008-08-07 02:43 <DIR> d-------- C:\Program Files\coolpro2
2008-08-05 02:44 . 2008-08-05 02:44 <DIR> d-------- C:\Program Files\iTunes
2008-08-05 02:44 . 2008-08-05 02:44 <DIR> d-------- C:\Program Files\iPod
2008-08-05 02:14 . 2008-08-05 03:10 <DIR> d-------- C:\Users\CC\AppData\Roaming\WinFF
2008-08-02 09:36 . 2008-08-02 09:36 <DIR> d-------- C:\Program Files\Samsung
2008-07-26 23:05 . 2008-05-26 21:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-07-26 23:05 . 2008-05-26 22:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-07-26 23:05 . 2008-05-26 21:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-07-26 23:05 . 2008-05-26 22:17 11,776 --a------ C:\Windows\System32\msshooks.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 01:11 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-08-24 00:39 --------- d---a-w C:\PROGRA~2\TEMP
2008-08-24 00:17 --------- d-----w C:\Users\CC\AppData\Roaming\Skype
2008-08-24 00:12 --------- d-----w C:\Program Files\Skype
2008-08-24 00:11 --------- d-----w C:\PROGRA~2\Skype
2008-08-22 04:09 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-22 04:09 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-22 04:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-21 23:42 34,916 ----a-w C:\Users\CC\AppData\Roaming\nvModes.dat
2008-08-21 18:27 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-21 17:11 --------- d-----w C:\PROGRA~2\Symantec
2008-08-21 16:36 --------- d-----w C:\Program Files\Trillian
2008-08-21 14:52 --------- d-----w C:\Program Files\Java
2008-08-21 14:49 --------- d-----w C:\Program Files\Apple Software Update
2008-08-21 14:48 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-08-21 06:17 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 04:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 04:19 --------- d-----w C:\Program Files\PowerForPhone
2008-08-19 04:19 --------- d-----w C:\Program Files\Microsoft Works
2008-08-19 04:19 --------- d-----w C:\Program Files\Google
2008-08-19 04:19 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-08-19 04:19 --------- d-----w C:\Program Files\Common Files\aol
2008-08-18 01:14 --------- d-----w C:\PROGRA~2\WinZip
2008-08-16 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 01:11 --------- d-----w C:\Program Files\AOL 9.1
2008-08-16 00:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-02 09:42 --------- d-----w C:\Users\CC\AppData\Roaming\?潲?敔?慬整sAppData
2008-07-31 00:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-31 00:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-31 00:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-22 14:42 123,904 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-07-21 12:08 9,728 ----a-w C:\Windows\System32\RtNicProp32.dll
2008-07-18 18:34 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-16 08:05 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-07-15 00:04 --------- d-----w C:\Program Files\QuickTime
2008-07-15 00:04 --------- d-----w C:\Program Files\Bonjour
2008-07-13 14:56 --------- d-----w C:\PROGRA~2\LightScribe
2008-07-13 14:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-13 14:49 --------- d-----w C:\Users\CC\AppData\Roaming\CyberLink
2008-07-13 14:48 --------- d-----w C:\PROGRA~2\Nero
2008-07-13 14:41 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-07-13 14:40 --------- d-----w C:\Program Files\MSECACHE
2008-07-13 14:07 --------- d-----w C:\PROGRA~2\CyberLink
2008-07-13 10:56 --------- d-----w C:\Program Files\CyberLink
2008-06-29 09:18 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-06-27 14:44 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-27 14:44 --------- d-----w C:\Program Files\Common Files\Real
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-06 22:56 37,888 ----a-w C:\Windows\System32\rar.exe
2008-05-28 15:29 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 21:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 21:28 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 21:28 95800]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 02:31 630784]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 14:11 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-21 22:27 815104]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2007-01-16 17:13 106496]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-15 16:17 778240]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-02-26 21:32 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-02-26 21:32 33136]
"IFXSPMGT"="C:\Windows\system32\IFXSPMGT.exe" [2006-11-12 23:23 661024]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 14:48 479232]
"HostManager"="C:\Program Files\Common Files\AOL\1175767074\ee\AOLSoftware.exe" [2007-05-25 10:16 42032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"hpsjbmgr"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpsjbmgr.exe" [1999-06-25 02:00 61440]
"HP Lamp"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [1999-06-25 02:00 45056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-19 14:19 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-19 14:19 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-19 14:19 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-27 07:44 185896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-08-08 05:17 249856]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-11 17:20 1862144]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 18:47 51048]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2008-02-09 17:06 152952]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\PROGRA~1\AOL9~1.1\AOL.EXE" [2007-10-27 10:44 50528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-14 15:09:24 98304]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 15:48:42 2752512]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-10-30 12:50:41 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3281872642-3695587935-3009169695-1000]
"EnableNotificationsRef"=dword:0000000e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EF6F171B-3508-4FB1-865F-63D57A34A891}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{28E82A0E-3EB8-4DFE-9663-65090F127B89}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{4E42E426-425E-4030-9305-174572DC8FF4}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{0EAD24E9-8C65-430A-92CF-F86DBF372EC7}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{4D2469C1-0E7F-4885-BC59-9D69F248B699}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{24FAFA93-CE7F-4DBB-93BF-73A8D22460F1}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{B0E52FBF-C28A-48DD-BDB2-B11D437E1D38}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{ABE0E379-1FAD-4E20-818B-E6895E5D73E3}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{792FB959-9343-4BFA-A77D-0203149C0BE8}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{F1E71437-0B04-4437-BCC0-108FE1B4759D}"= UDP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{3E67E200-54EE-4D2E-93D5-8264EAB30DFC}"= TCP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{AA5A8B47-1CA9-458F-8E4D-834E2F3E6BA9}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{96B19B7E-9CD5-43E8-A280-A589A7C52E4D}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{0A959AF7-CC00-49E8-AB00-4E405621D927}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B2040402-F755-4980-9766-A6BC0A0160D2}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{9AB80625-6BE9-4A67-A00F-56CD2883DFCE}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{2E5C187F-820A-42F0-B403-6FA528E835DF}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{0F82E710-C02F-4CC5-A084-6AC6A4BD745D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6505F634-C376-445A-8F3F-1CE91C990F0C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D2D48CEB-4100-4BA5-BAAD-2749D555BEE5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{06A234AA-1339-44C4-87D1-C75CC4275259}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0FC7A6B4-5D4A-42C5-93F4-254A384DE843}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{F1AF43D7-9FFC-40F0-9FE9-21D7557131B6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3A2AF4B9-B2A4-4156-B276-9DC016786E96}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7FFF96AF-3024-439E-9125-A395FFADE7A0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{975FB4FC-258C-46E8-837D-31D6491E9821}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{94B877D7-8AFA-4B62-91A8-855444D376FE}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AD00282B-965C-4403-BBFA-87786F794CE4}"= UDP:C:\Program Files\Common Files\aol\1175767074\ee\aolsoftware.exe:AOL Shared Components
"{7EE9410A-17F4-46A6-84D5-D0B1B89A8112}"= TCP:C:\Program Files\Common Files\aol\1175767074\ee\aolsoftware.exe:AOL Shared Components
"{9C05A086-0255-48F8-B7D8-FA8F2B8785B3}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{5E9544DB-622C-42F6-8D24-6DA58D37E8A1}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{43F5F411-2C83-46C1-B04C-1A5AFEAF5DE6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4AD26D93-BDC4-487B-8C94-7C774BFDE8C2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{873F58D8-5807-4CB1-B2D4-ACF5453DFE4C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{7BA56DC0-169C-435B-BDEB-5CFA459D160D}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{8A07A450-3CDE-4C9C-8B71-B29B640B55BB}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"TCP Query User{F9D9BE16-275C-436B-982A-53068FE5FC48}C:\\emule\\emule.exe"= UDP:C:\emule\emule.exe:eMule
"UDP Query User{8E6BC235-DC58-43F5-AFFA-F6876F0F8E25}C:\\emule\\emule.exe"= TCP:C:\emule\emule.exe:eMule
"TCP Query User{22A1C7BE-EF98-4123-A2A8-7A6263B092E8}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{016E2B8A-87F5-4DAC-8069-F428AD35761A}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"{7366B457-7FF0-42F3-A182-CB37D8A4604E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{44DDE528-50BC-4FA6-9EA2-0B74D37F4998}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1C729D51-8D04-46ED-BA9D-FB0DBBC398CE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0D58C7B0-18DF-46E3-BEC4-0AF14196029B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{467BF672-D963-4D58-8427-EDBF52F5B755}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{020E1E54-1B52-472F-9A13-90F9D272D261}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{592863CF-2D08-43EE-BA58-A6D27C6893F4}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080818.001\IDSvix86.sys [2008-03-20 13:37]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-15 09:13]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2006-10-12 05:37]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 18:47]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 01:31]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-10 19:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 08:19]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-02 16:37]
S2 USBHSB;GeneLink File Transfer Driver;C:\Windows\system32\Drivers\usbhsb.sys [2001-12-17 17:42]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2008-01-18 23:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{971f54bc-fd8a-11db-a9ff-001a921bec20}]
\shell\AutoRun\command - G:\ntdelect.com
\shell\explore\Command - G:\ntdelect.com
\shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9582a0d-1f7f-11dd-839e-001a921bec20}]
\shell\AutoRun\command - G:\ntdelect.com
\shell\explore\Command - G:\ntdelect.com
\shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb9201ab-317d-11dc-8268-001a921bec20}]
\shell\AutoRun\command - G:\XAdeIect.com
\shell\explore\Command - G:\XAdeIect.com
\shell\open\Command - G:\XAdeIect.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-08-21 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - CC.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]

2008-08-23 C:\Windows\Tasks\User_Feed_Synchronization-{4BFB4E24-BA93-4AC3-9B3B-33114C0ECFBE}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitComet - C:\Program Files\BitComet\BitComet.exe
HKCU-Run-Time Zones for PCs - C:\Program Files\Digital Design Ltd\Time Zones for PCs\TZPC.EXE
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
HKLM-Run-zzzHPSETUP - E:\Setup.exe
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKU-Default-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
HKU-Default-RunOnce-IETI - C:\Program Files\Skype\Phone\IEPlugin\unins000.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\0z0vtdj2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.icq.com/
.
.
------- File Associations (Beta) -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 18:12:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\CC\AppData\Local\Temp\A36F.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Common Files\aol\acs\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\IFXTCS.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\IfxPsdSv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\WerFault.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-23 18:17:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 01:17:11

Pre-Run: 31,538,417,664 bytes free
Post-Run: 31,650,729,984 bytes free

1126 --- E O F --- 2008-08-21 1545



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:52 AM, on 8/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\aol\1175767074\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Users\CC\AppData\Roaming\m\flec006.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: XBTB02555 - {18274E1A-9C95-42a8-90B9-A8C94E86335A} - C:\PROGRA~1\CLICK1~1\click108.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Click108 μμ·L?u‥a|C - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Click108 μμ·L?u‥a|C\click108.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175767074\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsjbmgr] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpsjbmgr.exe"
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [Time Zones for PCs] C:\Program Files\Digital Design Ltd\Time Zones for PCs\TZPC.EXE
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Users\CC\AppData\Roaming\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk895MNUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3A177-4E71-4ACA-BF7F-C92329D11CE5}: NameServer = 192.168.1.220,168.95.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 15010 bytes


Please help and advise the next step ASAP!

Thanks very much!

Best Regards,
Christina

[Ried]

Quote:

I thought I have the antivirus program, so my vista should be fine. However, I do not know what happened to Norton Antivirus. It does not seem that it protected my vista. I will try to be very careful from now on.

No Anti Virus program will protect you from everything. Malware changes all the time. You must be wise in your choices when surfing the internet, as well as flash drives you insert into your computer.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------


Do you own the flash drive that is showing in this log as drive G: ?

If so, please insert it now.


Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/281660-malware-spyware-post1665874.html#post1665874

Suspect::
C:\Windows\System32\acovcnt.exe

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{971f54bc-fd8a-11db-a9ff-001a921bec20}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9582a0d-1f7f-11dd-839e-001a921bec20}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb9201ab-317d-11dc-8268-001a921bec20}]

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

Please return with the C:\Combofix.txt and a new HijackThis log. (The last HijackThis log you posted, was the same as the first log you posted--look at the dates of the scan :wink)

[CCHENG]

Hi, Ried:

I finished your instruction, However, When CF finishes running, the ComboFix log did not open along with a message box......


Here are new logs for Combo Fix and Hijack This.


ComboFix 08-08-23.01 - CC 2008-08-24 14:38:30.4 - NTFSx86

Running from: C:\Users\CC\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-23 18:04 . 2008-08-24 14:03 291,117,441 --a------ C:\Windows\MEMORY.DMP
2008-08-23 17:13 . 2008-08-23 17:13 <DIR> d-------- C:\Users\CC\AppData\Roaming\skypePM
2008-08-23 17:12 . 2008-08-23 17:12 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-21 09:47 . 2008-08-21 21:09 <DIR> d-------- C:\Program Files\Symantec
2008-08-21 09:47 . 2008-08-21 21:09 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-08-21 08:14 . 2008-08-21 08:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 07:47 . 2008-07-15 18:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-20 21:47 . 2008-06-26 18:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-20 21:47 . 2008-06-26 21:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-20 21:47 . 2008-04-17 22:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-20 21:46 . 2008-04-09 22:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-20 21:46 . 2008-06-18 20:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-20 21:24 . 2008-08-20 21:24 <DIR> d-------- C:\PROGRA~2\WinZipSE
2008-08-20 21:09 . 2008-08-20 21:09 <DIR> d-------- C:\Windows\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-08-20 20:51 . 2008-08-20 20:51 <DIR> d-------- C:\ie-spyad_zo
2008-08-20 20:43 . 2008-08-20 20:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-19 07:40 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-17 18:55 . 2008-08-17 18:55 <DIR> d-------- C:\Program Files\Panda Security
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Videos
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> d-------- C:\Users\CC_2\Saved Games
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Pictures
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Music
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Links
2008-08-16 17:01 . 2006-11-02 03:23 <DIR> dr------- C:\Users\CC_2\Downloads
2008-08-16 17:01 . 2006-11-02 06:02 <DIR> dr------- C:\Users\CC_2\Documents
2008-08-16 17:01 . 2006-11-02 04:18 <DIR> d--h----- C:\Users\CC_2\AppData
2008-08-16 17:01 . 2008-08-16 17:01 <DIR> d-------- C:\Users\CC_2
2008-08-16 15:52 . 2008-08-21 09:51 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-08-16 08:34 . 2008-08-16 08:34 <DIR> d-------- C:\Users\Guest.CC-PC\AppData\Roaming\Yahoo!
2008-08-16 08:29 . 2008-08-16 08:29 <DIR> d-------- C:\Users\Guest.CC-PC\AppData\Roaming\Infineon
2008-08-16 08:28 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Searches
2008-08-16 08:28 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Contacts
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Videos
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Saved Games
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Pictures
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Music
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Links
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> dr------- C:\Users\Guest.CC-PC\Downloads
2008-08-16 08:27 . 2008-08-16 08:30 <DIR> dr------- C:\Users\Guest.CC-PC\Documents
2008-08-16 08:27 . 2006-11-02 05:37 <DIR> d-------- C:\Users\Guest.CC-PC\AppData\Roaming\Media Center Programs
2008-08-16 08:27 . 2008-08-16 08:28 <DIR> d--h----- C:\Users\Guest.CC-PC\AppData
2008-08-16 08:27 . 2008-08-18 21:19 <DIR> d-------- C:\Users\Guest.CC-PC
2008-08-16 08:22 . 2008-08-16 08:22 <DIR> d-------- C:\PROGRA~2\WindowsSearch
2008-08-16 08:15 . 2008-08-23 17:56 <DIR> d-------- C:\Users\Guest
2008-08-15 21:03 . 2008-08-15 21:03 <DIR> d-------- C:\Windows\Sun
2008-08-11 16:18 . 2008-08-15 11:44 69 --a------ C:\Windows\NeroDigital.ini
2008-08-11 16:10 . 2008-08-20 21:24 <DIR> d-------- C:\Program Files\WinZip Self-Extractor
2008-08-08 00:30 . 2008-08-08 00:30 0 --a------ C:\Windows\tosOBEX.INI
2008-08-08 00:24 . 2008-08-08 00:24 335 --a------ C:\Windows\mozregistry.dat
2008-08-07 02:21 . 2008-08-07 02:21 <DIR> d-------- C:\Users\CC\AppData\Roaming\Syntrillium
2008-08-07 02:20 . 2008-08-07 02:43 <DIR> d-------- C:\Program Files\coolpro2
2008-08-05 02:44 . 2008-08-05 02:44 <DIR> d-------- C:\Program Files\iTunes
2008-08-05 02:44 . 2008-08-05 02:44 <DIR> d-------- C:\Program Files\iPod
2008-08-05 02:14 . 2008-08-05 03:10 <DIR> d-------- C:\Users\CC\AppData\Roaming\WinFF
2008-08-02 09:36 . 2008-08-02 09:36 <DIR> d-------- C:\Program Files\Samsung
2008-07-26 23:05 . 2008-05-26 21:59 106,605 --a------ C:\Windows\System32\StructuredQuerySchema.bin
2008-07-26 23:05 . 2008-05-26 22:17 34,816 --a------ C:\Windows\System32\msscb.dll
2008-07-26 23:05 . 2008-05-26 21:59 18,904 --a------ C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-07-26 23:05 . 2008-05-26 22:17 11,776 --a------ C:\Windows\System32\msshooks.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 21:35 --------- d---a-w C:\PROGRA~2\TEMP
2008-08-24 21:31 --------- d-----w C:\Program Files\Trillian
2008-08-24 21:06 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-24 21:04 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-08-24 05:55 --------- d-----w C:\Users\CC\AppData\Roaming\Skype
2008-08-24 00:12 --------- d-----w C:\Program Files\Skype
2008-08-24 00:11 --------- d-----w C:\PROGRA~2\Skype
2008-08-22 04:09 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-22 04:09 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-22 04:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-21 23:42 34,916 ----a-w C:\Users\CC\AppData\Roaming\nvModes.dat
2008-08-21 17:11 --------- d-----w C:\PROGRA~2\Symantec
2008-08-21 14:52 --------- d-----w C:\Program Files\Java
2008-08-21 14:49 --------- d-----w C:\Program Files\Apple Software Update
2008-08-21 14:48 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-08-21 06:17 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 04:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 04:19 --------- d-----w C:\Program Files\PowerForPhone
2008-08-19 04:19 --------- d-----w C:\Program Files\Microsoft Works
2008-08-19 04:19 --------- d-----w C:\Program Files\Google
2008-08-19 04:19 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-08-19 04:19 --------- d-----w C:\Program Files\Common Files\aol
2008-08-18 01:14 --------- d-----w C:\PROGRA~2\WinZip
2008-08-16 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 01:11 --------- d-----w C:\Program Files\AOL 9.1
2008-08-16 00:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-02 09:42 --------- d-----w C:\Users\CC\AppData\Roaming\?潲?敔?慬整sAppData
2008-07-31 00:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-31 00:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-31 00:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-22 14:42 123,904 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-07-21 12:08 9,728 ----a-w C:\Windows\System32\RtNicProp32.dll
2008-07-18 18:34 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-16 08:05 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-07-15 00:04 --------- d-----w C:\Program Files\QuickTime
2008-07-15 00:04 --------- d-----w C:\Program Files\Bonjour
2008-07-13 14:56 --------- d-----w C:\PROGRA~2\LightScribe
2008-07-13 14:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-13 14:49 --------- d-----w C:\Users\CC\AppData\Roaming\CyberLink
2008-07-13 14:48 --------- d-----w C:\PROGRA~2\Nero
2008-07-13 14:41 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-07-13 14:40 --------- d-----w C:\Program Files\MSECACHE
2008-07-13 14:07 --------- d-----w C:\PROGRA~2\CyberLink
2008-07-13 10:56 --------- d-----w C:\Program Files\CyberLink
2008-06-29 09:18 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-06-27 14:44 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-27 14:44 --------- d-----w C:\Program Files\Common Files\Real
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-06 22:56 37,888 ----a-w C:\Windows\System32\rar.exe
2008-05-28 15:29 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 21:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 21:28 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-23_18.15.54.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-24 01:04:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-24 21:04:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-24 01:04:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-24 21:04:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-24 01:11:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-24 2104 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-08-24 01:11:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-24 21:05:59 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-08-24 00:22:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-24 21:26:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-24 00:22:16 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-24 21:26:56 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-24 00:22:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-24 21:26:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-23 15:29:15 16,220 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3281872642-3695587935-3009169695-1000_UserData.bin
+ 2008-08-24 2124 16,220 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3281872642-3695587935-3009169695-1000_UserData.bin
- 2008-08-23 15:29:14 75,132 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-24 2123 75,234 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-23 15:29:11 68,842 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-24 15:42:02 68,850 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 21:28 95800]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 02:31 630784]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 14:11 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-21 22:27 815104]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2007-01-16 17:13 106496]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-15 16:17 778240]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-02-26 21:32 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-02-26 21:32 33136]
"IFXSPMGT"="C:\Windows\system32\IFXSPMGT.exe" [2006-11-12 23:23 661024]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 14:48 479232]
"HostManager"="C:\Program Files\Common Files\AOL\1175767074\ee\AOLSoftware.exe" [2007-05-25 10:16 42032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"hpsjbmgr"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpsjbmgr.exe" [1999-06-25 02:00 61440]
"HP Lamp"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [1999-06-25 02:00 45056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-19 14:19 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-19 14:19 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-19 14:19 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-27 07:44 185896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-08-08 05:17 249856]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-11 17:20 1862144]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 18:47 51048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\PROGRA~1\AOL9~1.1\AOL.EXE" [2007-10-27 10:44 50528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-14 15:09:24 98304]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 15:48:42 2752512]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-10-30 12:50:41 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3281872642-3695587935-3009169695-1000]
"EnableNotificationsRef"=dword:0000000e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EF6F171B-3508-4FB1-865F-63D57A34A891}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{28E82A0E-3EB8-4DFE-9663-65090F127B89}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{4E42E426-425E-4030-9305-174572DC8FF4}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{0EAD24E9-8C65-430A-92CF-F86DBF372EC7}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{4D2469C1-0E7F-4885-BC59-9D69F248B699}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{24FAFA93-CE7F-4DBB-93BF-73A8D22460F1}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{B0E52FBF-C28A-48DD-BDB2-B11D437E1D38}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{ABE0E379-1FAD-4E20-818B-E6895E5D73E3}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{792FB959-9343-4BFA-A77D-0203149C0BE8}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{F1E71437-0B04-4437-BCC0-108FE1B4759D}"= UDP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{3E67E200-54EE-4D2E-93D5-8264EAB30DFC}"= TCP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{AA5A8B47-1CA9-458F-8E4D-834E2F3E6BA9}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{96B19B7E-9CD5-43E8-A280-A589A7C52E4D}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{0A959AF7-CC00-49E8-AB00-4E405621D927}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B2040402-F755-4980-9766-A6BC0A0160D2}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{9AB80625-6BE9-4A67-A00F-56CD2883DFCE}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{2E5C187F-820A-42F0-B403-6FA528E835DF}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{0F82E710-C02F-4CC5-A084-6AC6A4BD745D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6505F634-C376-445A-8F3F-1CE91C990F0C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D2D48CEB-4100-4BA5-BAAD-2749D555BEE5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{06A234AA-1339-44C4-87D1-C75CC4275259}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0FC7A6B4-5D4A-42C5-93F4-254A384DE843}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{F1AF43D7-9FFC-40F0-9FE9-21D7557131B6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3A2AF4B9-B2A4-4156-B276-9DC016786E96}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7FFF96AF-3024-439E-9125-A395FFADE7A0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{975FB4FC-258C-46E8-837D-31D6491E9821}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{94B877D7-8AFA-4B62-91A8-855444D376FE}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AD00282B-965C-4403-BBFA-87786F794CE4}"= UDP:C:\Program Files\Common Files\aol\1175767074\ee\aolsoftware.exe:AOL Shared Components
"{7EE9410A-17F4-46A6-84D5-D0B1B89A8112}"= TCP:C:\Program Files\Common Files\aol\1175767074\ee\aolsoftware.exe:AOL Shared Components
"{9C05A086-0255-48F8-B7D8-FA8F2B8785B3}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{5E9544DB-622C-42F6-8D24-6DA58D37E8A1}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{43F5F411-2C83-46C1-B04C-1A5AFEAF5DE6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4AD26D93-BDC4-487B-8C94-7C774BFDE8C2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{873F58D8-5807-4CB1-B2D4-ACF5453DFE4C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{7BA56DC0-169C-435B-BDEB-5CFA459D160D}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{8A07A450-3CDE-4C9C-8B71-B29B640B55BB}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"TCP Query User{F9D9BE16-275C-436B-982A-53068FE5FC48}C:\\emule\\emule.exe"= UDP:C:\emule\emule.exe:eMule
"UDP Query User{8E6BC235-DC58-43F5-AFFA-F6876F0F8E25}C:\\emule\\emule.exe"= TCP:C:\emule\emule.exe:eMule
"TCP Query User{22A1C7BE-EF98-4123-A2A8-7A6263B092E8}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{016E2B8A-87F5-4DAC-8069-F428AD35761A}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"{7366B457-7FF0-42F3-A182-CB37D8A4604E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{44DDE528-50BC-4FA6-9EA2-0B74D37F4998}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1C729D51-8D04-46ED-BA9D-FB0DBBC398CE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0D58C7B0-18DF-46E3-BEC4-0AF14196029B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{467BF672-D963-4D58-8427-EDBF52F5B755}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{020E1E54-1B52-472F-9A13-90F9D272D261}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{592863CF-2D08-43EE-BA58-A6D27C6893F4}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080818.001\IDSvix86.sys [2008-03-20 13:37]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-15 09:13]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2006-10-12 05:37]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 18:47]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 01:31]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-10 19:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-01-19 08:19]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-02 16:37]
S2 USBHSB;GeneLink File Transfer Driver;C:\Windows\system32\Drivers\usbhsb.sys [2001-12-17 17:42]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2008-01-18 23:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{971f54bc-fd8a-11db-a9ff-001a921bec20}]
\shell\AutoRun\command - G:\ntdelect.com
\shell\explore\Command - G:\ntdelect.com
\shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9582a0d-1f7f-11dd-839e-001a921bec20}]
\shell\AutoRun\command - G:\ntdelect.com
\shell\explore\Command - G:\ntdelect.com
\shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb9201ab-317d-11dc-8268-001a921bec20}]
\shell\AutoRun\command - G:\XAdeIect.com
\shell\explore\Command - G:\XAdeIect.com
\shell\open\Command - G:\XAdeIect.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-08-21 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - CC.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]

2008-08-24 C:\Windows\Tasks\User_Feed_Synchronization-{4BFB4E24-BA93-4AC3-9B3B-33114C0ECFBE}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\0z0vtdj2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.icq.com/
.
.
------- File Associations (Beta) -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 14:40:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-24 14:42:41
ComboFix-quarantined-files.txt 2008-08-24 21:42:14
ComboFix2.txt 2008-08-24 21:15:49
ComboFix3.txt 2008-08-24 01:17:22

Pre-Run: 33,408,094,208 bytes free
Post-Run: 33,257,082,880 bytes free

350 --- E O F --- 2008-08-21 1545


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:38 PM, on 8/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\aol\1175767074\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Click108 μμ·L?u‥a|C - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Click108 μμ·L?u‥a|C\click108.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175767074\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsjbmgr] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpsjbmgr.exe"
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.1\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.1\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk895MNUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3A177-4E71-4ACA-BF7F-C92329D11CE5}: NameServer = 192.168.1.220,168.95.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13461 bytes


Thanks and Look forward to your new instruction soon!


Best Regards,
Christina

[Ried]

Hi Christina,

Open notepad and copy/paste the entire text in the quote box below: (don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{971f54bc-fd8a-11db-a9ff-001a921bec20}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9582a0d-1f7f-11dd-839e-001a921bec20}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb9201ab-317d-11dc-8268-001a921bec20}]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Now please run a new scan at Panda and post the results in your next reply, along with an update on your system's behavior.

[CCHENG]

Hi, Ried:

I finished your instruction again. My system seems to work fine now. Please view Panda result below.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-25 18:25:41
PROTECTIONS: 2
MALWARE: 41
SUSPECTS: 7
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3807.0 No Yes
Norton Antivirus 2008 15.5.0.23 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No c:\users\cc\favorites\health
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.trafficmp.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Mozilla\Profiles\default\ipm9n4wa.slt\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Mozilla\Profiles\default\ipm9n4wa.slt\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No D:\M2\M2 - My Downloaded Program\Nailfix.zip[Nailfix/Process.exe]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.clickbank.net/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@clickbank[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@www.myaffiliateprogram[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.yadro.ru/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Guest.CC-PC\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.ad.yieldmanager.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Mozilla\Profiles\default\ipm9n4wa.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Mozilla\Profiles\default\ipm9n4wa.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Mozilla\Profiles\default\ipm9n4wa.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.overture.com/]
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.questionmarket.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.go.com/]
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.valueclick.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@searchportal.information[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@did-it[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Netscape\NSB\Profiles\awspea0d.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Mozilla\Profiles\default\ipm9n4wa.slt\cookies.txt[.atwola.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\CC\AppData\Roaming\Microsoft\Windows\Cookies\cc@citi.bridgetrack[2].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\Windows\PSEXESVC.EXE
01650924 Application/MyWebSearch HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\73049511.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\73047483.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\72974178.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\72973445.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\58520873.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\58518502.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\58383779.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\43820821.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\326541.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\323046.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\293827.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\29312010.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\29296379.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\292018.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\290489.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\288913.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\261707.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\256871.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\254921.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\252160.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\250397.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\237495.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\222020.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\208354.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\207028.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\198090.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\193706.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\190180.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\185953.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\183160.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\180274.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\14781609.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\14770408.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\137234.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\131192472.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\116672960.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\116670604.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\102111374.exe.vir
02913360 W32/Bagle.SP.worm Virus/Worm No 1 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\145626.exe.vir
02913991 Trj/Maran.DY Virus/Trojan No 1 No No personal folders\deleted items\倒掉很可惜的\我要……我還要…….exe[personal folders\deleted items\σÇƵÄëσ╛êσÅ»µâ£τÜä\µêæΦªüΓǪΓǪµêæΘéäΦªüΓǪΓǪ.exe][lin1g.exe]
02913991 Trj/Maran.DY Virus/Trojan No 1 No No personal folders\deleted items\倒掉很可惜的\哇！好大啊.exe[personal folders\deleted items\σÇƵÄëσ╛êσÅ»µâ£τÜä\σôç∩╝üσÑ╜σñºσòè.exe][lin1g.exe]
02913991 Trj/Maran.DY Virus/Trojan No 1 No No personal folders\deleted items\倒掉很可惜的\我要……我還要…….exe[personal folders\deleted items\σÇƵÄëσ╛êσÅ»µâ£τÜä\µêæΦªüΓǪΓǪµêæΘéäΦªüΓǪΓǪ.exe][lin1g.exe]
02913991 Trj/Maran.DY Virus/Trojan No 1 No No personal folders\deleted items\到底在抽插甚麼呢???\抽插時沒了快感.bat[personal folders\deleted items\σê░σ║òσ£¿µè╜µÅÆτöÜΘ║╝σæó???\µè╜µÅƵÖéµ▓ÆΣ║åσ┐½µäƒ.bat][8.exe]
02913991 Trj/Maran.DY Virus/Trojan No 1 No No personal folders\deleted items\到底在抽插甚麼呢???\抽插時沒了快感.bat[personal folders\deleted items\σê░σ║òσ£¿µè╜µÅÆτöÜΘ║╝σæó???\µè╜µÅƵÖéµ▓ÆΣ║åσ┐½µäƒ.bat][8.exe]
02913991 Trj/Maran.DY Virus/Trojan No 1 No No personal folders\deleted items\倒掉很可惜的\哇！好大啊.exe[personal folders\deleted items\σÇƵÄëσ╛êσÅ»µâ£τÜä\σôç∩╝üσÑ╜σñºσòè.exe][lin1g.exe]
02994240 Application/FunWeb HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir
02994240 Application/FunWeb HackTools No 0 Yes No C:\QooBox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\72899719.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\58505210.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\58330817.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\43992359.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\43792382.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\29293493.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\29267300.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\231770.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\206810.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\205749.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\73023132.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\157732.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\14763185.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\131176295.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\131103.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\130588.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\123864.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\116655114.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\110167.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\102088692.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\87545811.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\186561.exe.vir
03471257 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Windows\System32\drivers\mdelk.exe.vir
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Speaking_Mailer_2.10.zip.vir[Speaking_Mailer_2.10.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Software_Midi_Keyboard_1.8.zip.vir[Software_Midi_Keyboard_1.8.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\United_States_ZIP_Code_Database_(Basic_Edition)_February_2007.zip.vir[United_States_ZIP_Code_Database_(Basic_Edition)_February_2007.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Softinvestor_1.2_[Crack].zip.vir[Softinvestor_1.2_[Crack].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Site_Popper_3.0.zip.vir[Site_Popper_3.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Single_State_Mapper_1.0.zip.vir[Single_State_Mapper_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Simple_Paint_1.5.zip.vir[Simple_Paint_1.5.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\SecrecyKeeper_2.0.0.246.zip.vir[SecrecyKeeper_2.0.0.246.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Scripter_plugin_1.0.1.zip.vir[Scripter_plugin_1.0.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Scholar's_Aid_Lite_4.zip.vir[Scholar's_Aid_Lite_4.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\SBE_WebSystem_1.6_(With_Crack).zip.vir[SBE_WebSystem_1.6_(With_Crack).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\RW_-_Read_&_Write_0.21.zip.vir[RW_-_Read_&_Write_0.21.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Rugby_Pro_2006_1.1.2684.29689_(With_Crack).zip.vir[Rugby_Pro_2006_1.1.2684.29689_(With_Crack).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Rise_of_Nations_Thrones_&_Patriots_Vietnam_map.zip.vir[Rise_of_Nations_Thrones_&_Patriots_Vietnam_map.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Reallusion_TalkingSlide_1.1_(Serial).zip.vir[Reallusion_TalkingSlide_1.1_(Serial).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\RankHigher_2.2.82_(Cracked).zip.vir[RankHigher_2.2.82_(Cracked).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Q-Tune_1.0.zip.vir[Q-Tune_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\ProGP-Mygale_LiteEdition_1.1.zip.vir[ProGP-Mygale_LiteEdition_1.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\PrecisionID_Code_3_of_9_Barcode_Fonts_3.0_Serial.zip.vir[PrecisionID_Code_3_of_9_Barcode_Fonts_3.0_Serial.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Pragma_Fortress_SSH_ClientSuite_4.zip.vir[Pragma_Fortress_SSH_ClientSuite_4.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\PopScan_4.63.zip.vir[PopScan_4.63.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Plasma_-_386_1.0_Crack.zip.vir[Plasma_-_386_1.0_Crack.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Personal_Organizer_4.5_Key+Serial.zip.vir[Personal_Organizer_4.5_Key+Serial.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\PDF_album_maker_1.01_[Cracked].zip.vir[PDF_album_maker_1.01_[Cracked].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\PathNames_1.71.zip.vir[PathNames_1.71.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Passage_Express_2.2.1.zip.vir[Passage_Express_2.2.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\ParaWorld_single-player_demo.zip.vir[ParaWorld_single-player_demo.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Painting_Pictures_1.0_(Key+Serial).zip.vir[Painting_Pictures_1.0_(Key+Serial).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Outlook_Cleaner_4.0.zip.vir[Outlook_Cleaner_4.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\OpenzUp_1.0_[Serial].zip.vir[OpenzUp_1.0_[Serial].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Norton.Antivirus.y.Norton.Internet.Security.2006.Espa簽ol.+.Serial.y.Activacion.zip.vir[Norton.Antivirus.y.Norton.Internet.Security.2006.Espa├▒ol.+.Serial.y.Activacion.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Norton.AntiVirus.2007.+.key.zip.vir[Norton.AntiVirus.2007.+.key.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\NewsRaider_1.25.zip.vir[NewsRaider_1.25.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\NetPeeker_2.83_KeyGen.zip.vir[NetPeeker_2.83_KeyGen.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\NetJaxer_2.0.6.zip.vir[NetJaxer_2.0.6.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\NaturePainter_Digital_Canvas_1.1.zip.vir[NaturePainter_Digital_Canvas_1.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Specrem_6.2.zip.vir[Specrem_6.2.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Staff_Tracker_In-Out_Board_3.0.zip.vir[Staff_Tracker_In-Out_Board_3.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Ulead_DVD_Workshop_2.0_[KeyGen].zip.vir[Ulead_DVD_Workshop_2.0_[KeyGen].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Type_Library_Documentor_1.0.zip.vir[Type_Library_Documentor_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\TreeMap_1.0.3_[With_Crack].zip.vir[TreeMap_1.0.3_[With_Crack].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\MyClock_1.7.zip.vir[MyClock_1.7.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Multi-Edit_2006_10.03.zip.vir[Multi-Edit_2006_10.03.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\MorphVOX_Classic_Voice_Changer_2.0.zip.vir[MorphVOX_Classic_Voice_Changer_2.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Mini_MP3_Recorder_1.0.zip.vir[Mini_MP3_Recorder_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Military_Helicopters_Screensaver_1.2.zip.vir[Military_Helicopters_Screensaver_1.2.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\MikeAndPetra_Toolbar_4.5.147.0.zip.vir[MikeAndPetra_Toolbar_4.5.147.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Memory_Booster_3.1.zip.vir[Memory_Booster_3.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Total_MP3_Converter_1.01.zip.vir[Total_MP3_Converter_1.01.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Mac_clock_1.0.zip.vir[Mac_clock_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\T.A.S._Weather_Station_2.4.4.zip.vir[T.A.S._Weather_Station_2.4.4.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\LearnWords_Windows_4.2_(Crack).zip.vir[LearnWords_Windows_4.2_(Crack).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Kaspersky_Security_for_MS_Exchange_Server_2003_5.5.zip.vir[Kaspersky_Security_for_MS_Exchange_Server_2003_5.5.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Janotech_2.0.zip.vir[Janotech_2.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Jack_Black_Screensaver.zip.vir[Jack_Black_Screensaver.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\iPod_Video_Converter_+_DVD_to_iPod_Suite_3.16.3.29.zip.vir[iPod_Video_Converter_+_DVD_to_iPod_Suite_3.16.3.29.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Inzomia_Image_Encrypt_1.0_With_Crack.zip.vir[Inzomia_Image_Encrypt_1.0_With_Crack.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Internet_Model_Optimizer_1.5.zip.vir[Internet_Model_Optimizer_1.5.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\HP0-093_Practice_Exam_Testing_Engine_Software_1.0_Key+Serial.zip.vir[HP0-093_Practice_Exam_Testing_Engine_Software_1.0_Key+Serial.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\High_School_Sports_Online_toolbar_for_Firefox_1.5.0.4.zip.vir[High_School_Sports_Online_toolbar_for_Firefox_1.5.0.4.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Help_Desk_CDQuotations_for_Access_3.2.3.zip.vir[Help_Desk_CDQuotations_for_Access_3.2.3.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Halloween_Garden_Party_Screensaver_1.0_[KeyGen].zip.vir[Halloween_Garden_Party_Screensaver_1.0_[KeyGen].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\GuardMax_1.9.zip.vir[GuardMax_1.9.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Graph_Digitizer_2.1.zip.vir[Graph_Digitizer_2.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\GraphicsExplorer_1.0.zip.vir[GraphicsExplorer_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\GolfChart_2.02.zip.vir[GolfChart_2.02.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Gem_Slider_Deluxe_1.zip.vir[Gem_Slider_Deluxe_1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\GAlert_2.5.8.0.zip.vir[GAlert_2.5.8.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\File_Name_Converter_3.1.zip.vir[File_Name_Converter_3.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\FFT_Properties_3.5.zip.vir[FFT_Properties_3.5.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Fast_Query_Builder_for_Delphi_7_1.03_[Serial].zip.vir[Fast_Query_Builder_for_Delphi_7_1.03_[Serial].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Excel_Bulk_Mailer_3.01.zip.vir[Excel_Bulk_Mailer_3.01.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Embird_Alphabet_7_1.0_Patch.zip.vir[Embird_Alphabet_7_1.0_Patch.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\EmailValidator_1.zip.vir[EmailValidator_1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\eGenie_0.4.16.zip.vir[eGenie_0.4.16.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Easy_FLV_to_AVI_Converter_1.0.1.zip.vir[Easy_FLV_to_AVI_Converter_1.0.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Easy_3D_Creator_3.0.0.2i.zip.vir[Easy_3D_Creator_3.0.0.2i.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\DrStopSpam_2.3.1_Key+Serial.zip.vir[DrStopSpam_2.3.1_Key+Serial.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Download_Druid_2.2_Build_22041118_[Key+Serial].zip.vir[Download_Druid_2.2_Build_22041118_[Key+Serial].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Disk_and_Registry_Alert_2.39_(KeyGen).zip.vir[Disk_and_Registry_Alert_2.39_(KeyGen).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\DigitByte_MPEG_Joiner_2.0.0381_Key.zip.vir[DigitByte_MPEG_Joiner_2.0.0381_Key.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\DataHouse_4.01_(With_Crack).zip.vir[DataHouse_4.01_(With_Crack).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Cryptosystem_ME6_7.67.zip.vir[Cryptosystem_ME6_7.67.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Crib_3000_1.0.zip.vir[Crib_3000_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\ColorBtn_7.0.zip.vir[ColorBtn_7.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\ClickZap_1.0.zip.vir[ClickZap_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\CESLogFile_1.0.zip.vir[CESLogFile_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\BrickShooter_Puzzle.zip.vir[BrickShooter_Puzzle.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Blaze_Composer_Lite_3.0.zip.vir[Blaze_Composer_Lite_3.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Auto_Expenses_5.0_[Crack].zip.vir[Auto_Expenses_5.0_[Crack].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Auction_Business_Manager_1.0.zip.vir[Auction_Business_Manager_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Arliweb_Folders.zip.vir[Arliweb_Folders.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\AniGif_Lite_ActiveX_Control_2.0_KeyGen.zip.vir[AniGif_Lite_ActiveX_Control_2.0_KeyGen.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Analog_CPU_&_MEM_Display_1.6.1.zip.vir[Analog_CPU_&_MEM_Display_1.6.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\AM_Lightning_Messenger_3.0.zip.vir[AM_Lightning_Messenger_3.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Amro_Mousa's_AMBackup_3.01.zip.vir[Amro_Mousa's_AMBackup_3.01.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\AmericanPictures_1.0.zip.vir[AmericanPictures_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Adrian_Browser_2.0.zip.vir[Adrian_Browser_2.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\AddTime_1.0.01.zip.vir[AddTime_1.0.01.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\ACA_Capture_Pro_5.2.zip.vir[ACA_Capture_Pro_5.2.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\ABC_Image_Browser_4.8.7.zip.vir[ABC_Image_Browser_4.8.7.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\123_Cleaner_4.10.zip.vir[123_Cleaner_4.10.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\.netshrink_1.0.zip.vir[.netshrink_1.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes No C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\[Appz_ITA].AVG.Antivirus.Pro.7.0.zip.vir[[Appz_ITA].AVG.Antivirus.Pro.7.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\ZebZip_1.2_Beta.zip.vir[ZebZip_1.2_Beta.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Zap_HTML_Compressor_2.0.zip.vir[Zap_HTML_Compressor_2.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\XP_Firewall_Logger_2.01a_[Key].zip.vir[XP_Firewall_Logger_2.01a_[Key].exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\X-Wing_Alliance_Patch_2.02.zip.vir[X-Wing_Alliance_Patch_2.02.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Writer's_Blocks_3.0.zip.vir[Writer's_Blocks_3.0.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Word_Wizard_Deluxe_2.2.zip.vir[Word_Wizard_Deluxe_2.2.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Word_to_PDF_Converter_3.zip.vir[Word_to_PDF_Converter_3.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\WinXMedia_CD_Extractor_1.0.91_(With_Crack).zip.vir[WinXMedia_CD_Extractor_1.0.91_(With_Crack).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\WinFlash_Educator_9.0.01.zip.vir[WinFlash_Educator_9.0.01.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Web_Weaver_2005_(Crack).zip.vir[Web_Weaver_2005_(Crack).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\WebPrint_Plus_1.0_(Crack).zip.vir[WebPrint_Plus_1.0_(Crack).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Webcam_Watcher_3.1.zip.vir[Webcam_Watcher_3.1.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Web2Pop_Standard_1.0.3.8.zip.vir[Web2Pop_Standard_1.0.3.8.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Warcraft_III_-_Isildur's_Death_map.zip.vir[Warcraft_III_-_Isildur's_Death_map.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Wallpaper_Sequencer_Standard_4.6.2.449.zip.vir[Wallpaper_Sequencer_Standard_4.6.2.449.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\VOX_for_Skype_0.9.5_Beta.zip.vir[VOX_for_Skype_0.9.5_Beta.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Videoraptor_1.5.45.0_(Patch).zip.vir[Videoraptor_1.5.45.0_(Patch).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\VB_Project_Eye_3.0.5.zip.vir[VB_Project_Eye_3.0.5.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\VBScodePrint_1.2.73_Key+Serial.zip.vir[VBScodePrint_1.2.73_Key+Serial.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\USBTrace_2.0_Serial.zip.vir[USBTrace_2.0_Serial.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\LogIt_2.02_(With_Crack).zip.vir[LogIt_2.02_(With_Crack).exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\data.oct.vir
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Crows_Perch_CTF_map.zip.vir[Unreal_Tournament_2003_-_Crows_Perch_CTF_map.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\TimeRecorder_4.25.3.zip.vir[TimeRecorder_4.25.3.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\MarknDial_0.7.zip.vir[MarknDial_0.7.exe]
03511331 W32/Bagle.KV.worm Virus No 1 Yes Yes C:\QooBox\Quarantine\C\Users\CC\AppData\Roaming\m\shared\Tightwad_Personal_Budget_1.2_Cracked.zip.vir[Tightwad_Personal_Budget_1.2_Cracked.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location &�b����s5�
;===================================================================================================================================================================================
No C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir &�b����s5�
No C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\137670.exe.vir &�b����s5�
No C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\168059.exe.vir &�b����s5�
No C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\189400.exe.vir &�b����s5�
No C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\204548.exe.vir &�b����s5�
No C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\232301.exe.vir &�b����s5�
No C:\Users\CC\Desktop\ComboFix.exe &�b����s5�
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description &�b����s5�
;===================================================================================================================================================================================
;===================================================================================================================================================================================


Thanks and look forward to hearing from you again soon!

Best Regards,
Christina

[CCHENG]

Hi, Ried:

How does my last Panda report look? Am I finished cleaning my system? Is there anything I need to do? Please advise.

Thanks!

Best Regards,
Christina

[Ried]

Hi Christina,

Delete the following:

c:\users\cc\favorites\health
D:\M2\M2 - My Downloaded Program\Nailfix.zip

----------------------------------------------------------

Clear your Netscape cookies. Launch the browser and go to Tools>Cookie Manager>Manage Stored Cookies.

Click Remove All Cookies.

----------------------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

The intent of this free service performed by volunteers is to help remove malware from your machine, educate you on how it may have happened, and how to prevent that from happening again.

To this end, we provide links to articles and tools which should make your visit to the HijackThis Log Help section of TSF a one time event. In the future, please be more careful of the sites you visit, and what you download.

[CCHENG]

Hi, Ried:

Noted and will do.

Thank you very, very much for your help!


Best Regards,
Christina

[Ried]

You're welcome.

Take care, Christina.