Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Computer Hijacked Spyware, Slow Running, Trojans, ect...
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-27-2009, 11:41 AM   #1 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Addison IL
Posts: 59
OS: XP


Computer Hijacked Spyware, Slow Running, Trojans, ect...
ok, so within a day, literally my laptop has gone from just fine to BAM popups, can barely surf the internet(because it is SUPER slow) and i can't even get into safe mode when i try to system restore for a quick fix so i can operate it more efficiently. i don't believe i have a boot disk but i followed(last year) one of your team member's instructions through to the last point(this was the only time in a year i have needed help and i did in fact subscribe to the thread and stuck with it) and i have a "recovery console", i believe, option when restarting the computer. this i believe is from my prior engagement on this site. i have the new combofix up and ready for when you need me to run the scan and i'll have this thread subscribed. one again, pop ups continue to come up, trojans have been found via norton antivirus, and the computer is just a huge hassle to use. here are the posted/attached logs that you should need...

DDS (Ver_09-10-26.01) - NTFSx86
Run by Jeff Aue at 10:31:46.32 on Mon 10/26/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1255 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Feature Mode Utility\CTModUtl.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Creative\Feature Mode Utility\CTAPR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeff Aue\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Shell=Explorer.exe logon.exe
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster audigy 2\dvdaudio\CTDVDDET.EXE"
mRun: [CTSysVol] "c:\program files\creative\sound blaster audigy 2\surround mixer\CTSysVol.exe" /r
mRun: [CTFeatureModeUtility] c:\program files\creative\feature mode utility\CTModUtl.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [64325828] c:\docume~1\alluse~1\applic~1\64325828\64325828.exe
mRun: [datiketeh] Rundll32.exe "c:\windows\system32\gefutesu.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174977080031
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
AppInit_DLLs: wifahewe.dll c:\windows\system32\gefutesu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: hisugedug - {e2f070db-23a6-4203-bf26-3b79bb2e5b6c} - c:\windows\system32\gefutesu.dll
STS: gahurihor: {e2f070db-23a6-4203-bf26-3b79bb2e5b6c} - c:\windows\system32\gefutesu.dll
LSA: Notification Packages = scecli hujizera.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeffau~1\applic~1\mozilla\firefox\profiles\x928zlpb.default\
FF - prefs.js: browser.search.selectedEngine - MakeMeBabies - Baby Face Prediction Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-18 28544]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2008-7-26 20736]
R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2005-8-21 55808]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-9-3 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctmsfsyn.sys --> c:\windows\system32\drivers\ctmsfsyn.sys [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-1-4 44928]

=============== Created Last 30 ================

2009-10-26 04:55:53 26628 ----a-w- c:\windows\system32\logon.exe
2009-10-26 04:55:47 177152 --sh--w- c:\windows\system32\gefutesu.dll
2009-10-26 04:55:46 90624 --sh--w- c:\windows\system32\nedetege.dll
2009-10-26 04:55:46 0 --sh--w- c:\windows\system32\lurofozi.dll
2009-10-20 05:48:57 23880 ----a-w- c:\windows\system32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000008-20011102}.rfx
2009-10-20 05:48:57 23880 ----a-w- c:\windows\system32\BMXState-{00000004-00000000-00000000-00001102-00000008-20011102}.rfx
2009-10-18 17:51:51 4958588 ----a-w- c:\windows\{00000004-00000000-00000000-00001102-00000008-20011102}.CDF
2009-10-18 16:53:44 0 d-----w- c:\program files\Norton Internet Security
2009-10-18 16:53:20 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-18 16:53:20 82136 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-08 18:30:57 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-10-26 15:26:59 27414 ----a-w- c:\windows\system32\nvModes.dat
2009-10-22 15:44:20 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 18:48:45 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-06 18:48:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 04:55:30 111104 --sha-w- c:\windows\system32\genewaze.dll
2009-07-26 04:55:38 177152 --sha-w- c:\windows\system32\hejevafi.dll
2009-07-26 04:55:30 111104 --sha-w- c:\windows\system32\hujizera.dll
2009-07-26 04:55:38 1011753 --sha-w- c:\windows\system32\nadiyulo.exe
2009-07-26 04:55:30 111104 --sha-w- c:\windows\system32\wifahewe.dll
2009-07-26 04:55:38 90624 --sha-w- c:\windows\system32\wokunuti.dll

============= FINISH: 10:33:32.17 ===============
Attached Files
File Type: zip ark.zip (1.8 KB, 2 views)
File Type: zip Attach.zip (3.9 KB, 3 views)
radeonamd is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-29-2009, 02:58 PM   #2 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 169
OS: XP & Vista


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. The logs that you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Ares, BitTornado, LimeWire

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/...D-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

I would recommend that you uninstall Ares, BitTornado, LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Note:
If you have malware cleaned from your system by one of our Hjt Team/Malware Hunters and then later return with more infections....and these P2P programs are still installed, you maybe refused help.

==================


Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2009, 10:48 AM   #3 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Addison IL
Posts: 59
OS: XP


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
ok, thank you and subscribed. here are my combofix and hijack logs...

Jeff Aue - 09-10-31 11:37:52.46 Service Pack 3
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jeff Aue\My Documents\Games"

((((((((((((((((((((((((((((((( Files Created from 2009-09-31 to 2009-10-31 ))))))))))))))))))))))))))))))))))


2009-10-31 11:36 <DIR> d-------- C:\HJT
2009-10-31 00:23 37,888 ---hs---- C:\WINDOWS\system32\fihimemo.dll
2009-10-30 12:23 0 ---hs---- C:\WINDOWS\system32\domuboti.dll
2009-10-29 12:23 38,400 ---hs---- C:\WINDOWS\system32\hudetola.dll
2009-10-29 00:22 38,912 ---hs---- C:\WINDOWS\system32\yinesuyi.dll
2009-10-28 14:02 <DIR> d--h----- C:\$AVG
2009-10-28 14:01 360,584 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2009-10-28 14:01 333,192 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2009-10-28 14:01 28,424 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2009-10-28 14:01 12,464 --a------ C:\WINDOWS\system32\avgrsstx.dll
2009-10-28 14:01 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2009-10-28 14:01 <DIR> d-------- C:\Program Files\AVG
2009-10-28 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg9
2009-10-28 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-10-28 12:22 0 ---hs---- C:\WINDOWS\system32\rewahulo.dll
2009-10-27 12:21 51,200 ---hs---- C:\WINDOWS\system32\jigefuwi.dll
2009-10-26 12:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2009-10-26 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-25 23:55 26,628 --a------ C:\WINDOWS\system32\logon.exe
2009-10-25 23:55 0 ---hs---- C:\WINDOWS\system32\lurofozi.dll
2009-10-18 11:53 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2009-10-18 11:53 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2009-10-18 11:53 <DIR> d-------- C:\Program Files\Norton Internet Security
2009-10-17 21:34 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2009-10-17 21:33 <DIR> d-------- C:\Documents and Settings\Jeff Aue\Application Data\InstallShield


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2009-10-31 11:32 -------- d-------- C:\Program Files\Mozilla Firefox
2009-10-30 00:23 -------- d-------- C:\Program Files\Internet Explorer
2009-10-28 14:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2009-10-28 13:59 -------- d---s---- C:\Documents and Settings\Jeff Aue\Application Data\Microsoft
2009-10-28 02:50 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2009-10-27 15:54 56 -r-hs---- C:\WINDOWS\system32\2415D3EF41.sys
2009-10-27 15:54 1682 --ahsc--- C:\WINDOWS\system32\KGyGaAvL.sys
2009-10-20 00:18 -------- d-------- C:\Program Files\XBC
2009-10-18 11:54 -------- d-------- C:\Program Files\Symantec
2009-10-18 11:29 -------- d-------- C:\Program Files\Common Files
2009-10-17 21:34 -------- d-------- C:\Program Files\Common Files\Research In Motion
2009-10-17 19:28 -------- d-------- C:\Program Files\GameSpy Arcade
2009-10-14 11:21 -------- d-------- C:\Program Files\Java
2009-10-02 11:27 -------- d-------- C:\Documents and Settings\Jeff Aue\Application Data\Corel
2009-09-25 00:37 81920 --a------ C:\WINDOWS\system32\ieencode.dll
2009-09-11 09:18 136192 --a------ C:\WINDOWS\system32\msv1_0.dll
2009-09-06 14:28 -------- d-------- C:\Program Files\Creative
2009-09-06 14:22 -------- d-------- C:\Documents and Settings\Jeff Aue\Application Data\Creative
2009-09-06 14:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2009-09-06 13:48 444952 --a------ C:\WINDOWS\system32\wrap_oal.dll
2009-09-06 13:48 109080 --a------ C:\WINDOWS\system32\OpenAL32.dll
2009-09-04 16:03 58880 --a------ C:\WINDOWS\system32\msasn1.dll
2009-09-03 09:54 -------- d-------- C:\Program Files\Common Files\Creative Labs Shared
2009-09-03 00:45 -------- d-------- C:\Program Files\Yahoo!
2009-09-03 00:45 -------- d-------- C:\Program Files\WordPerfect Office 12
2009-09-03 00:45 -------- d-------- C:\Program Files\Windows Media Player
2009-09-03 00:45 -------- d-------- C:\Program Files\Winamp
2009-09-03 00:45 -------- d-------- C:\Program Files\QuickTime
2009-09-03 00:45 -------- d-------- C:\Program Files\Modem Helper
2009-09-03 00:45 -------- d-------- C:\Program Files\Ares
2009-09-03 00:24 -------- d-------- C:\Program Files\OpenAL
2009-08-26 03:00 247326 --a------ C:\WINDOWS\system32\strmdll.dll
2009-08-05 04:01 204800 --a------ C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 20:44 2189184 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2009-08-04 09:20 2066048 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2009-07-31 00:23 89088 --ahs---- C:\WINDOWS\system32\gepimihe.dll
2009-07-31 00:23 61440 --ahs---- C:\WINDOWS\system32\vijirego.dll
2009-07-31 00:23 37888 --ahs---- C:\WINDOWS\system32\sodewife.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\Quickset.exe"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"dscactivate"="\"C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe\""
"BlackBerryAutoUpdate"="C:\\Program Files\\Common Files\\Research In Motion\\Auto Update\\RIMAutoUpdate.exe /background"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"CTxfiHlp"="CTXFIHLP.EXE"
"CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="\"C:\\Program Files\\Creative\\Sound Blaster Audigy 2\\Surround Mixer\\CTSysVol.exe\" /r"
"CTFeatureModeUtility"="C:\\Program Files\\Creative\\Feature Mode Utility\\CTModUtl.exe"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"64325828"="C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\64325828\\64325828.exe"
"datiketeh"="Rundll32.exe \"c:\\windows\\system32\\hebebore.dll\",a"
"AVG9_TRAY"="C:\\PROGRA~1\\AVG\\AVG9\\avgtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://a980.ac-images.myspacecdn.com/images01/30/l_33990ffcdb88647d80ab95f84a00071b.jpg"
"SubscribedURL"="http://a980.ac-images.myspacecdn.com/images01/30/l_33990ffcdb88647d80ab95f84a00071b.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6f,01,00,00,35,00,00,00,1e,01,00,00,bc,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,6f,01,00,00,35,00,00,00,1e,01,00,00,bc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,14,04,41,c0,b4,74,d0,7a,61,05,68,de,14,04,20,6d,\
14,04,72,60,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://a183.ac-images.myspacecdn.com/images01/33/l_8aef0984b288b94fbf5082829434ccde.jpg"
"SubscribedURL"="http://a183.ac-images.myspacecdn.com/images01/33/l_8aef0984b288b94fbf5082829434ccde.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b6,00,00,00,c0,00,00,00,74,00,00,00,69,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,b6,00,00,00,c0,00,00,00,74,00,00,00,69,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,f8,06,41,c0,b4,74,b8,74,4c,02,68,de,f8,06,20,6d,\
f8,06,ec,8a,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="http://farm1.static.flickr.com/72/201475912_4b82aa2263_o.jpg"
"SubscribedURL"="http://farm1.static.flickr.com/72/201475912_4b82aa2263_o.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,e1,00,00,00,d4,02,00,00,5e,01,00,00,ab,01,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,c0,03,00,00,50,00,00,00,5e,01,00,00,ab,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,88,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,88,04,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,88,04,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e2f070db-23a6-4203-bf26-3b79bb2e5b6c}"="gahurihor"
"{7dd823f2-2131-4f58-b59d-c0ae28c7299a}"="jugezatag"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"HideStartupScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
"HonorAutoRunSetting"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"hisugedug"="{e2f070db-23a6-4203-bf26-3b79bb2e5b6c}"
"rojevefen"="{7dd823f2-2131-4f58-b59d-c0ae28c7299a}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
eapsvcs REG_MULTI_SZ eaphost\0\0
dot3svc REG_MULTI_SZ dot3svc\0\0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
napagent
hkmsvc


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\nlcdnvvc.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

Completion time: 09-10-31 11:42:23.28




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:22 AM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Feature Mode Utility\CTModUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTFeatureModeUtility] C:\Program Files\Creative\Feature Mode Utility\CTModUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [64325828] C:\DOCUME~1\ALLUSE~1\APPLIC~1\64325828\64325828.exe
O4 - HKLM\..\Run: [datiketeh] Rundll32.exe "c:\windows\system32\hebebore.dll",a
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174977080031
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5108/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\gefutesu.dll nijufagi.dll c:\windows\system32\hebebore.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: hisugedug - {e2f070db-23a6-4203-bf26-3b79bb2e5b6c} - c:\windows\system32\gefutesu.dll (file missing)
O21 - SSODL: rojevefen - {7dd823f2-2131-4f58-b59d-c0ae28c7299a} - c:\windows\system32\hebebore.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {e2f070db-23a6-4203-bf26-3b79bb2e5b6c} - c:\windows\system32\gefutesu.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {7dd823f2-2131-4f58-b59d-c0ae28c7299a} - c:\windows\system32\hebebore.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://a980.ac-images.myspacecdn.com...f84a00071b.jpg
O24 - Desktop Component 1: (no name) - http://a183.ac-images.myspacecdn.com...829434ccde.jpg
O24 - Desktop Component 2: (no name) - http://farm1.static.flickr.com/72/20...82aa2263_o.jpg

--
End of file - 17058 bytes
radeonamd is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2009, 05:44 PM   #4 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 169
OS: XP & Vista


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
You are using an outdated version of ComboFix. Please delete it from the folder
C:\Documents and Settings\Jeff Aue\My Documents\Games.

Next, please follow these instructions exactly:


Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
__________________
Last edited by Carolyn; 10-31-2009 at 05:45 PM.
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2009, 02:31 PM   #5 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Addison IL
Posts: 59
OS: XP


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
ok, installed new version of combofix. here is the log...

ComboFix 09-10-30.01 - Jeff Aue 11/01/2009 11:50.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1275 [GMT -6:00]
Running from: c:\documents and settings\Jeff Aue\My Documents\Games\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\Fonts\HL2MP(2).ttf
c:\windows\run.log
c:\windows\system32\domuboti.dll
c:\windows\system32\logon.exe
c:\windows\system32\loyuwisa.dll
c:\windows\system32\lurofozi.dll
c:\windows\system32\muwujebu.dll
c:\windows\system32\patadosu.dll
c:\windows\system32\rewahulo.dll
c:\windows\system32\rubuvefu.dll
c:\windows\system32\tihaduza.dll
c:\windows\system32\vebupefi.dll
c:\windows\system32\vuhihumo.dll
c:\windows\system32\yapefoga.dll
c:\windows\Tasks\nlcdnvvc.job

----- BITS: Possible infected sites -----

hxxp://82.98.231.98
hxxp://82.98.231.99
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-10-31 16:36 . 2009-10-31 16:37 -------- d-----w- C:\HJT
2009-10-31 05:23 . 2009-10-31 05:23 37888 --sh--w- c:\windows\system32\fihimemo.dll
2009-10-29 17:23 . 2009-10-29 17:23 38400 --sh--w- c:\windows\system32\hudetola.dll
2009-10-29 05:22 . 2009-10-29 05:22 38912 --sh--w- c:\windows\system32\yinesuyi.dll
2009-10-29 05:04 . 2009-11-01 13:23 0 ----a-w- c:\documents and settings\Jeff Aue\Local Settings\Application Data\prvlcl.dat
2009-10-28 19:05 . 2009-10-28 19:05 -------- d-----w- c:\documents and settings\Jeff Aue\Local Settings\Application Data\AVG Security Toolbar
2009-10-28 19:02 . 2009-10-28 19:34 -------- d-----w- C:\$AVG
2009-10-28 19:01 . 2009-10-28 19:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-28 19:01 . 2009-10-28 19:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-28 19:01 . 2009-10-28 19:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-28 19:01 . 2009-11-01 15:51 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-28 19:01 . 2009-10-28 19:01 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-28 19:01 . 2009-10-29 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-28 19:01 . 2009-10-28 19:01 -------- d-----w- c:\program files\AVG
2009-10-28 19:01 . 2009-10-28 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-27 17:21 . 2009-10-27 17:21 51200 --sh--w- c:\windows\system32\jigefuwi.dll
2009-10-26 17:48 . 2009-10-27 04:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-26 17:48 . 2009-10-27 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-18 16:53 . 2009-10-18 16:55 -------- d-----w- c:\program files\Norton Internet Security
2009-10-18 16:53 . 2003-08-15 23:22 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-18 16:53 . 2003-08-15 23:22 82136 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-18 16:40 . 2009-10-18 16:40 -------- d-s---w- c:\documents and settings\LocalService\UserData
2009-10-18 02:34 . 2009-10-18 02:34 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-18 02:33 . 2009-10-18 02:33 -------- d-----w- c:\documents and settings\Jeff Aue\Application Data\InstallShield
2009-10-08 18:30 . 2009-10-08 18:30 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 16:16 . 2005-08-10 18:20 27414 ----a-w- c:\windows\system32\nvModes.dat
2009-10-28 07:50 . 2005-08-10 18:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-27 20:54 . 2007-02-27 17:21 56 --sh--r- c:\windows\system32\2415D3EF41.sys
2009-10-27 20:54 . 2007-02-27 17:21 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-20 05:18 . 2005-08-18 00:18 -------- d-----w- c:\program files\XBC
2009-10-18 16:55 . 2005-08-10 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-18 16:54 . 2005-08-10 18:39 -------- d-----w- c:\program files\Symantec
2009-10-18 02:34 . 2009-04-11 15:20 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-18 02:24 . 2009-04-11 15:25 256 ----a-w- c:\windows\system32\pool.bin
2009-10-18 00:28 . 2005-08-18 02:41 -------- d-----w- c:\program files\GameSpy Arcade
2009-10-14 16:21 . 2005-08-10 18:27 -------- d-----w- c:\program files\Java
2009-10-02 16:27 . 2005-08-18 18:47 -------- d-----w- c:\documents and settings\Jeff Aue\Application Data\Corel
2009-09-25 05:37 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 19:28 . 2009-09-02 21:06 -------- d-----w- c:\program files\Creative
2009-09-06 19:22 . 2009-09-02 21:13 -------- d-----w- c:\documents and settings\Jeff Aue\Application Data\Creative
2009-09-06 19:01 . 2005-08-10 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 18:48 . 2009-09-03 05:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-06 18:48 . 2009-09-03 05:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:54 . 2009-09-03 14:54 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-09-03 14:19 . 2009-09-03 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-09-03 05:45 . 2005-08-19 04:26 -------- d-----w- c:\program files\Ares
2009-09-03 05:45 . 2009-05-17 16:30 -------- d-----w- c:\program files\QuickTime
2009-09-03 05:45 . 2005-08-10 18:31 -------- d-----w- c:\program files\Modem Helper
2009-09-03 05:45 . 2005-08-18 06:10 -------- d-----w- c:\program files\Winamp
2009-09-03 05:45 . 2005-08-10 18:38 -------- d-----w- c:\program files\WordPerfect Office 12
2009-09-03 05:45 . 2005-12-18 01:36 -------- d-----w- c:\program files\Yahoo!
2009-09-03 05:24 . 2009-09-03 05:24 -------- d-----w- c:\program files\OpenAL
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 19:06 . 2009-08-19 19:06 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2005-03-30 01:23 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-28 17:22 . 2009-07-28 17:22 89600 --sha-w- c:\windows\system32\bavobopu.dll
2009-08-01 17:24 . 2009-08-01 17:24 90112 --sha-w- c:\windows\system32\buhemubu.dll
2009-07-30 05:23 . 2009-07-30 05:23 89600 --sha-w- c:\windows\system32\gedogeye.dll
2009-07-31 05:23 . 2009-07-31 05:23 89088 --sha-w- c:\windows\system32\gepimihe.dll
2009-07-29 17:23 . 2009-07-29 17:23 38400 --sha-w- c:\windows\system32\jileyemu.dll
2009-07-30 17:23 . 2009-07-30 17:23 38400 --sha-w- c:\windows\system32\jitabine.dll
2009-07-31 17:24 . 2009-07-31 17:24 37888 --sha-w- c:\windows\system32\noyusoda.dll
2009-08-01 17:24 . 2009-08-01 17:24 38912 --sha-w- c:\windows\system32\nugeloba.dll
2009-07-29 17:23 . 2009-07-29 17:23 89600 --sha-w- c:\windows\system32\piragobo.dll
2009-07-29 05:22 . 2009-07-29 05:22 89088 --sha-w- c:\windows\system32\riyudegi.dll
2009-07-31 05:23 . 2009-07-31 05:23 37888 --sha-w- c:\windows\system32\sodewife.dll
2009-07-31 17:24 . 2009-07-31 17:24 89600 --sha-w- c:\windows\system32\towusozo.dll
2009-07-31 05:23 . 2009-07-31 05:23 61440 --sha-w- c:\windows\system32\vijirego.dll
2009-07-30 05:23 . 2009-07-30 05:23 37888 --sha-w- c:\windows\system32\yukosiji.dll
2009-07-29 05:22 . 2009-07-29 05:22 38912 --sha-w- c:\windows\system32\yunuvofu.dll
2009-07-27 17:21 . 2009-07-27 17:21 52224 --sha-w- c:\windows\system32\zabunego.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 17:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AIM"="c:\program files\AIM\aim.exe" [2004-06-07 61440]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-03-04 622592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"CTDVDDET"="c:\program files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTFeatureModeUtility"="c:\program files\Creative\Feature Mode Utility\CTModUtl.exe" [2005-01-10 81920]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-01-27 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-28 2010904]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2004-12-10 49152]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-16 1519616]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-3-13 40048]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-10 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-8-21 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-28 19:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\XBC\\neXBC.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/18/2008 10:19 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/28/2009 1:01 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/28/2009 1:01 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/28/2009 1:01 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/28/2009 1:01 PM 285392]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [7/26/2008 9:16 PM 20736]
R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [8/21/2005 3:31 AM 55808]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/3/2009 8:54 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctmsfsyn.sys --> c:\windows\system32\drivers\ctmsfsyn.sys [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [1/4/2008 12:03 PM 44928]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 15:09]

2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-31 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-08-17 23:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeff Aue\Application Data\Mozilla\Firefox\Profiles\x928zlpb.default\
FF - prefs.js: browser.search.selectedEngine - MakeMeBabies - Baby Face Prediction Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -

BHO-{4181791c-6c1c-404a-bd3e-96f086a6e34f} - dolivowa.dll
HKLM-Run-64325828 - c:\docume~1\ALLUSE~1\APPLIC~1\64325828\64325828.exe
HKLM-Run-datiketeh - c:\windows\system32\hebebore.dll
HKLM-Run-wipivimizi - tihaduza.dll
SharedTaskScheduler-{e2f070db-23a6-4203-bf26-3b79bb2e5b6c} - c:\windows\system32\gefutesu.dll
SharedTaskScheduler-{7dd823f2-2131-4f58-b59d-c0ae28c7299a} - c:\windows\system32\hebebore.dll
SSODL-hisugedug-{e2f070db-23a6-4203-bf26-3b79bb2e5b6c} - c:\windows\system32\gefutesu.dll
SSODL-rojevefen-{7dd823f2-2131-4f58-b59d-c0ae28c7299a} - c:\windows\system32\hebebore.dll
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 12:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(6064)
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\windows\system32\fxssvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Creative\Feature Mode Utility\CTAPR.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\bcmwltry.exe
.
**************************************************************************
.
Completion time: 2009-11-01 12:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 18:22
ComboFix2.txt 2009-10-31 16:42

Pre-Run: 23,458,082,816 bytes free
Post-Run: 22,942,560,256 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 23DCF40A28EAB9DC1EBDA03745264F54
radeonamd is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 02:01 PM   #6 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 169
OS: XP & Vista


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
Hello again,

I notice that there is more than one antivirus program installed on your computer. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. When you have more than one antivirus program installed at the same time, they conflict with each other rendering the computer vulnerable or unusable.

It is NOT safe to have more than one anti-virus installed on a system, and doing so not only does NOT provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes!

Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.

====================

Important:: Please disable your anti-malware programs before running Combofix!

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/426184-computer-hijacked-spyware-slow-running-trojans-ect.html#post2422997

Comment::
Random named dlls

KillAll::

File::
c:\documents and settings\Jeff Aue\Local Settings\Application Data\prvlcl.dat

Collect::
c:\windows\system32\fihimemo.dll
c:\windows\system32\hudetola.dll
c:\windows\system32\yinesuyi.dll
c:\windows\system32\jigefuwi.dll
c:\windows\system32\bavobopu.dll
c:\windows\system32\buhemubu.dll
c:\windows\system32\gedogeye.dll
c:\windows\system32\gepimihe.dll
c:\windows\system32\jileyemu.dll
c:\windows\system32\jitabine.dll
c:\windows\system32\noyusoda.dll
c:\windows\system32\nugeloba.dll
c:\windows\system32\piragobo.dll
c:\windows\system32\riyudegi.dll
c:\windows\system32\sodewife.dll
c:\windows\system32\towusozo.dll
c:\windows\system32\vijirego.dll
c:\windows\system32\yukosiji.dll
c:\windows\system32\yunuvofu.dll
c:\windows\system32\zabunego.dll

Registry::
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

Fixcset::
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

**When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
    A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.


====================

Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

====================
Please post the following in your next reply:
  • The new ComboFix log
  • The Kaspersky log
  • A description of how your computer is behaving.
__________________
Last edited by Carolyn; 11-02-2009 at 02:21 PM.
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 08:21 AM   #7 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Addison IL
Posts: 59
OS: XP


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
in terms of how my computer is running, i would say much smoother and internet surfing hasn't become a task. pop ups have become minimal so great progress so far thank you. here are the 2 logs...

ComboFix 09-10-30.01 - Jeff Aue 11/02/2009 23:56.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -6:00]
Running from: c:\documents and settings\Jeff Aue\My Documents\Games\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff Aue\My Documents\Games\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

FILE ::
"c:\documents and settings\Jeff Aue\Local Settings\Application Data\prvlcl.dat"

file zipped: c:\windows\system32\bavobopu.dll
file zipped: c:\windows\system32\buhemubu.dll
file zipped: c:\windows\system32\fihimemo.dll
file zipped: c:\windows\system32\gedogeye.dll
file zipped: c:\windows\system32\gepimihe.dll
file zipped: c:\windows\system32\hudetola.dll
file zipped: c:\windows\system32\jigefuwi.dll
file zipped: c:\windows\system32\jileyemu.dll
file zipped: c:\windows\system32\jitabine.dll
file zipped: c:\windows\system32\noyusoda.dll
file zipped: c:\windows\system32\nugeloba.dll
file zipped: c:\windows\system32\piragobo.dll
file zipped: c:\windows\system32\riyudegi.dll
file zipped: c:\windows\system32\sodewife.dll
file zipped: c:\windows\system32\towusozo.dll
file zipped: c:\windows\system32\vijirego.dll
file zipped: c:\windows\system32\yinesuyi.dll
file zipped: c:\windows\system32\yukosiji.dll
file zipped: c:\windows\system32\yunuvofu.dll
file zipped: c:\windows\system32\zabunego.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jeff Aue\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\bavobopu.dll
c:\windows\system32\buhemubu.dll
c:\windows\system32\fihimemo.dll
c:\windows\system32\gedogeye.dll
c:\windows\system32\gepimihe.dll
c:\windows\system32\hudetola.dll
c:\windows\system32\jigefuwi.dll
c:\windows\system32\jileyemu.dll
c:\windows\system32\jitabine.dll
c:\windows\system32\noyusoda.dll
c:\windows\system32\nugeloba.dll
c:\windows\system32\piragobo.dll
c:\windows\system32\riyudegi.dll
c:\windows\system32\sodewife.dll
c:\windows\system32\towusozo.dll
c:\windows\system32\vijirego.dll
c:\windows\system32\yinesuyi.dll
c:\windows\system32\yukosiji.dll
c:\windows\system32\yunuvofu.dll
c:\windows\system32\zabunego.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-10-31 16:36 . 2009-10-31 16:37 -------- d-----w- C:\HJT
2009-10-28 19:01 . 2009-10-28 19:01 -------- d-----w- c:\program files\AVG
2009-10-26 17:48 . 2009-10-27 04:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-26 17:48 . 2009-10-27 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-18 16:53 . 2009-10-18 16:55 -------- d-----w- c:\program files\Norton Internet Security
2009-10-18 16:53 . 2003-08-15 23:22 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-18 16:53 . 2003-08-15 23:22 82136 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-18 16:40 . 2009-10-18 16:40 -------- d-s---w- c:\documents and settings\LocalService\UserData
2009-10-18 02:34 . 2009-10-18 02:34 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-18 02:33 . 2009-10-18 02:33 -------- d-----w- c:\documents and settings\Jeff Aue\Application Data\InstallShield
2009-10-08 18:30 . 2009-10-08 18:30 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 05:38 . 2005-08-10 18:20 27414 ----a-w- c:\windows\system32\nvModes.dat
2009-11-02 16:06 . 2008-09-06 18:22 -------- d-----w- c:\program files\LimeWire
2009-10-28 07:50 . 2005-08-10 18:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-27 20:54 . 2007-02-27 17:21 56 --sh--r- c:\windows\system32\2415D3EF41.sys
2009-10-27 20:54 . 2007-02-27 17:21 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-20 05:18 . 2005-08-18 00:18 -------- d-----w- c:\program files\XBC
2009-10-18 16:55 . 2005-08-10 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-18 16:54 . 2005-08-10 18:39 -------- d-----w- c:\program files\Symantec
2009-10-18 02:34 . 2009-04-11 15:20 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-18 02:24 . 2009-04-11 15:25 256 ----a-w- c:\windows\system32\pool.bin
2009-10-18 00:28 . 2005-08-18 02:41 -------- d-----w- c:\program files\GameSpy Arcade
2009-10-14 16:21 . 2005-08-10 18:27 -------- d-----w- c:\program files\Java
2009-10-02 16:27 . 2005-08-18 18:47 -------- d-----w- c:\documents and settings\Jeff Aue\Application Data\Corel
2009-09-25 05:37 . 2006-03-04 03:33 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 19:28 . 2009-09-02 21:06 -------- d-----w- c:\program files\Creative
2009-09-06 19:22 . 2009-09-02 21:13 -------- d-----w- c:\documents and settings\Jeff Aue\Application Data\Creative
2009-09-06 19:01 . 2005-08-10 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 18:48 . 2009-09-03 05:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-06 18:48 . 2009-09-03 05:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 19:06 . 2009-08-19 19:06 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-01_18.02.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-03 06:04 . 2009-11-03 06:04 16384 c:\windows\temp\Perflib_Perfdata_494.dat
+ 2004-08-10 17:51 . 2009-11-01 18:08 61076 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-09-02 20:43 61076 c:\windows\system32\perfc009.dat
+ 2008-08-19 17:19 . 2009-11-02 05:50 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-08-19 17:19 . 2009-08-10 15:22 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-10 17:51 . 2009-11-01 18:08 405386 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-09-02 20:43 405386 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AIM"="c:\program files\AIM\aim.exe" [2004-06-07 61440]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-03-04 622592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"CTDVDDET"="c:\program files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTFeatureModeUtility"="c:\program files\Creative\Feature Mode Utility\CTModUtl.exe" [2005-01-10 81920]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-01-27 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2004-12-10 49152]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-16 1519616]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-3-13 40048]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-10 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-8-21 434176]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\XBC\\neXBC.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/18/2008 10:19 AM 28544]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [7/26/2008 9:16 PM 20736]
R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [8/21/2005 3:31 AM 55808]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/3/2009 8:54 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\ctmsfsyn.sys --> c:\windows\system32\drivers\ctmsfsyn.sys [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [1/4/2008 12:03 PM 44928]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 15:09]

2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-31 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-08-17 23:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeff Aue\Application Data\Mozilla\Firefox\Profiles\x928zlpb.default\
FF - prefs.js: browser.search.selectedEngine - MakeMeBabies - Baby Face Prediction Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 00:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(612)
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\fxssvc.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\rundll32.exe
c:\program files\Creative\Feature Mode Utility\CTAPR.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\system32\dwwin.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Completion time: 2009-11-03 0:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-03 06:12
ComboFix2.txt 2009-10-31 16:42

Pre-Run: 23,455,100,928 bytes free
Post-Run: 23,962,562,560 bytes free

- - End Of File - - AF330FC8F22B0877CBF9D302C1BF57CD



KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, November 3, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 03, 2009 06:00:47
Records in database: 3116911
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 90855
Threats found: 13
Infected objects found: 541
Suspicious objects found: 0
Scan duration: 01:53:26


File name / Threat / Threats count
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01680BD3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01922A9A.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\026D3B77 Infected: Trojan.Win32.Vilsel.ddg 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\03131BA3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06A9023D.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\08F54861.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\098B1448.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A346D9F.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B973B5D.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C2C5BC2.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D721DF9.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DBA1F2A.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\116C5100.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12F80899.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13DD1051.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\15C26C89.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\169750D5.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16EF08D5.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\171B3F10.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17557EDD.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17BB74E4.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17BC17C1.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17D74359.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\188860F4.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19921BA0.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\199A1289.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19BA430A.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D1D0702.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D944591.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2082198B.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20E80F92.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\20F83150.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23B226EB.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24181CF2.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24181CF2.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\255C6307.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25745364.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25B07510.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29711343.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\297155D3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A055873.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BC80A84.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2C125589.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E1A4B3F.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E6D231A.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FA858F1.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FA97BCD.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\300F71D5.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\30732224.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\30DB3B07.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\30DB3B07.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\339C06FF.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33D13703.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33E14AB4.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35FD1EC8.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\36941ED3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\37277261.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3827100F Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38B07378 Infected: Exploit.Win32.Pidief.ceh 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B3A37CC.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BA02DD3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3E0D7BDF.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3ED24BC6.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3FAE0235.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\417B309E.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43334D86.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\444E00D5.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45681659.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4808599A.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\494240A7.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4CF6254F.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4E073C23.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51272AD6.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\518D20DE.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51BB652A.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51F316E5.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51F316E5.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51F439C1.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\525067CA.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\53F2650B.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\53F2650B.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\550C080E.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5ABA3B8B.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5BE71656.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5CB766D5.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5D8352E4.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5E5E72E6.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F210386.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F7578BF.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5FE81711.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\628D4DEE.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64A87732.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\664A778A.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66B06D91.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69140EE2.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\697A04EA.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69E07AF2.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6B584F48.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6ED12FB9.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6EEC0B16.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6EFE43B0.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\703E3635.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71480C49.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71D66F68.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71DA1965.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72043B36.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\723B04F9.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72402990.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73DD032D.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\740E78F7.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74154CF0.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\742F1CD3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\743F6EC1.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74A44AE1.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74AE0247.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74C9522A.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\751417D7.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\757159CC.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75F812DC.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\761936B8.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\761C60B4.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\761F0AB1.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\762334AD.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\762908A6.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\762D32A2.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7633069B.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763C0023.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76402E8D.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76435889.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76470286.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\764A2C82.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\764D567F.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76712457.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\767B224C.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\767B224C.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\767E4C49.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76817645.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76A31907.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76D30FEB.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76F433C7.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7749776A.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77594958.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77594958.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77601D51.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7763474D.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77667149.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77691B46.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\777A6D34.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7780412D.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7780412D.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77836B29.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77871526.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\778A3F22.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\778D691E.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77943D17.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77943D17.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77976714.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79B276C3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79B84ACE.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79C248B1.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79C248B1.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79C572AD.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79C572AD.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79C91CA9.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79CC46A6.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79D96E97.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79E04290.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79E36C8D.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79E36C8D.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79E61689.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79E94086.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79F0147E.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79F33E7B.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79F33E7B.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79F66877.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A4F5616.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A520013.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A552A0F.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A58540B.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A58540B.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A5C7E08.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A5F2804.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A7323EF.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A7977E7.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A7977E7.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A7C21E4.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A7C21E4.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A804BE0.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A901DCE.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A9671C7.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A9671C7.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A9A1BC3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A9A7720.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A9D45C0.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AA06FBC.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AA319B9.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AA319B9.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AA743B5.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AAA6DB1.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AB141AA.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AB715A3.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AB715A3.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7ABA3FA0.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7ABA3FA0.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7ABE699C.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AD40F83.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AD8397F.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AD8397F.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7ADE0D78.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7ADE0D78.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AE23774.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AE56171.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B263841.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C662AC5.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D6B6F87.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E1C35E7.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E2633DC.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E2C07D5.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E2F31D2.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E2F31D2.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E335BCE.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7E3605CA.dll Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal\30732224.htm Infected: Packed.Win32.Katusha.g 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal\7E2F31D2.htm Infected: Packed.Win32.Katusha.g 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\logon.exe.vir Infected: Trojan.Win32.Vilsel.kga 1
C:\Qoobox\Quarantine\[4]-Submit_2009-11-02_23.56.12.zip Infected: Trojan.Win32.Monder.curl 1
C:\Qoobox\Quarantine\[4]-Submit_2009-11-02_23.56.12.zip Infected: Trojan.Win32.Monder.cusv 1
C:\Qoobox\Quarantine\[4]-Submit_2009-11-02_23.56.12.zip Infected: Trojan.Win32.Monder.cusg 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP395\A0113042.dll Infected: Trojan.Win32.Plapon.ux 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396\A0113050.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396\A0113051.dll Infected: Trojan.Win32.Monderb.beoo 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396\A0113052.dll Infected: Trojan.Win32.Monderb.beon 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396\A0113053.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0123301.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0124315.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0124317.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0127313.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP416\A0127314.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP418\A0133328.exe Infected: Packed.Win32.Krap.x 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133373.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133374.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133375.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133376.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133377.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133378.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133379.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133380.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133381.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133382.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133383.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133384.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133385.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133386.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133387.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133388.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133389.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133390.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133391.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133392.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133393.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133394.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133395.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133396.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133397.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133398.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133399.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133400.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133401.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133402.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133403.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133404.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133405.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133406.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133407.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133408.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133409.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133410.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133411.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133412.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133413.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133414.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133415.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133416.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133417.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133418.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133419.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133420.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133421.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133422.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133423.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133424.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133425.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133426.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133427.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133428.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133429.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133430.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133431.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133432.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133433.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133434.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133435.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133436.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133437.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133438.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133439.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133440.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133441.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133442.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133443.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133444.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133445.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133446.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133447.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133448.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133449.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133450.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133451.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133452.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133453.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133454.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133455.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133456.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133457.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133458.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133459.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133460.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133461.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133462.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133463.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133464.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133465.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133466.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133467.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133468.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133469.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133470.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133471.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133472.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133473.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133474.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133475.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133476.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133477.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133478.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133479.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133480.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133481.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133482.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133483.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133484.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133485.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133486.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133487.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133488.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133489.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133490.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133491.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133492.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133493.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133494.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133495.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133496.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133497.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133498.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133499.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133500.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133501.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133502.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133503.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133504.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133505.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133506.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133507.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133508.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133509.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133510.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133511.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133512.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133513.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133514.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133515.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133516.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133517.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133518.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133519.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133520.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133521.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133522.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133523.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133524.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133525.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133526.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133527.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP419\A0133528.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134584.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134585.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134586.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134587.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134588.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134589.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134590.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134591.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134592.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134593.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134594.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134595.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134596.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134597.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134598.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134599.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134600.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134601.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134602.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134603.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134604.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134605.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134606.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134607.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134608.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134609.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134610.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134611.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134612.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134613.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134614.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134615.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134616.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134617.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134618.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134619.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134620.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134621.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134622.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134623.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134624.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134625.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134626.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134627.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134628.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134629.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134630.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134631.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134632.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134633.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134634.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134635.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134636.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134637.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134638.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134639.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134640.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134641.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134642.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134643.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134644.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134645.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134646.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134647.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134648.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134649.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134650.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134651.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134652.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134653.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134654.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134655.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134656.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134657.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134658.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134659.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134660.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134661.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134662.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134663.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134664.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134665.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134666.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134667.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134668.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134669.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134670.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134671.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134672.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134673.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134674.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134675.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134676.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134677.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134678.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134679.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134680.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134681.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134682.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134683.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134684.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134685.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134686.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134687.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134688.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134689.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134690.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134691.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134692.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134693.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134694.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134695.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134696.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134697.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134698.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134699.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134700.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134701.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134702.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134703.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134704.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134705.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134706.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134707.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134708.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134709.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134710.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134711.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134712.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134713.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134714.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134715.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134716.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134717.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134718.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134719.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134720.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134721.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134722.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134723.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134724.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134725.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134726.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0134727.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0134849.dll Infected: Trojan.Win32.Monder.cusm 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0134870.exe Infected: Trojan.Win32.Vilsel.kga 1

Selected area has been scanned.
radeonamd is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 08:45 AM   #8 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 169
OS: XP & Vista


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
Delete Norton Quarantined Files
Open the Norton Control Panel
Click View | Quarantine.
Select the file or group of files.
Do one of the following:
  • Right click the file and choose Delete Permanently
  • Click the X Delete button.

Click Start Delete

==============

Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A report should pop open for you. Please post the contents in your next reply.
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 01:26 PM   #9 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Addison IL
Posts: 59
OS: XP


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
2009-11-03 06:11:14 . 2009-11-03 06:11:14 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2009-11-03 06:11:13 . 2009-11-03 06:11:13 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2009-11-03 05:56:54 . 2009-11-03 05:56:55 1,005,714 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2009-11-02_23.56.12.zip
2009-11-01 18:21:48 . 2009-11-01 18:21:48 830 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-WinPcapInst.reg.dat
2009-11-01 18:13:10 . 2009-11-01 18:13:10 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-rojevefen-{7dd823f2-2131-4f58-b59d-c0ae28c7299a}.reg.dat
2009-11-01 18:13:10 . 2009-11-01 18:13:10 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-hisugedug-{e2f070db-23a6-4203-bf26-3b79bb2e5b6c}.reg.dat
2009-11-01 18:13:08 . 2009-11-01 18:13:08 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{7dd823f2-2131-4f58-b59d-c0ae28c7299a}.reg.dat
2009-11-01 18:13:08 . 2009-11-01 18:13:08 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{e2f070db-23a6-4203-bf26-3b79bb2e5b6c}.reg.dat
2009-11-01 18:13:01 . 2009-11-01 18:13:01 129 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-wipivimizi.reg.dat
2009-11-01 18:12:58 . 2009-11-01 18:12:58 150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-datiketeh.reg.dat
2009-11-01 18:12:58 . 2009-11-01 18:12:58 151 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-64325828.reg.dat
2009-11-01 18:12:38 . 2009-11-01 18:12:38 351 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{4181791c-6c1c-404a-bd3e-96f086a6e34f}.reg.dat
2009-11-01 17:57:19 . 2009-11-03 06:00:59 13,715 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-11-01 17:48:56 . 2009-11-03 05:50:48 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-11-01 17:24:46 . 2009-11-01 17:24:46 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vebupefi.dll.vir
2009-11-01 17:24:46 . 2009-11-01 17:24:46 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yapefoga.dll.vir
2009-11-01 05:24:30 . 2009-11-01 05:24:30 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\muwujebu.dll.vir
2009-11-01 05:24:30 . 2009-11-01 05:24:30 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\patadosu.dll.vir
2009-10-31 17:24:14 . 2009-10-31 17:24:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rubuvefu.dll.vir
2009-10-31 17:24:14 . 2009-10-31 17:24:14 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vuhihumo.dll.vir
2009-10-31 05:23:54 . 2009-10-31 05:23:54 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fihimemo.dll.vir
2009-10-30 17:23:53 . 2009-10-30 17:23:53 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\domuboti.dll.vir
2009-10-29 17:23:13 . 2009-10-29 17:23:13 38,400 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hudetola.dll.vir
2009-10-29 05:22:51 . 2009-10-29 05:22:51 38,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yinesuyi.dll.vir
2009-10-29 05:04:40 . 2009-11-03 01:23:46 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeff Aue\Local Settings\Application Data\prvlcl.dat.vir
2009-10-28 17:22:30 . 2009-10-28 17:22:30 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rewahulo.dll.vir
2009-10-27 17:21:38 . 2009-10-27 17:21:38 51,200 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jigefuwi.dll.vir
2009-10-27 17:21:34 . 2009-11-01 17:00:00 296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\nlcdnvvc.job.vir
2009-10-26 04:55:53 . 2009-10-26 04:55:46 26,628 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\logon.exe.vir
2009-10-26 04:55:46 . 2009-10-26 04:55:46 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lurofozi.dll.vir
2009-08-17 17:42:24 . 2009-08-17 17:42:24 10 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\run.log.vir
2009-08-01 17:24:41 . 2009-08-01 17:24:41 90,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\buhemubu.dll.vir
2009-08-01 17:24:41 . 2009-08-01 17:24:41 38,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nugeloba.dll.vir
2009-07-31 17:24:09 . 2009-07-31 17:24:09 89,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\towusozo.dll.vir
2009-07-31 17:24:09 . 2009-07-31 17:24:09 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\noyusoda.dll.vir
2009-07-31 05:23:43 . 2009-07-31 05:23:43 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sodewife.dll.vir
2009-07-31 05:23:43 . 2009-07-31 05:23:43 89,088 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gepimihe.dll.vir
2009-07-31 05:23:43 . 2009-07-31 05:23:43 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vijirego.dll.vir
2009-07-30 17:23:39 . 2009-07-30 17:23:39 38,400 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jitabine.dll.vir
2009-07-30 05:23:28 . 2009-07-30 05:23:28 89,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gedogeye.dll.vir
2009-07-30 05:23:28 . 2009-07-30 05:23:28 37,888 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yukosiji.dll.vir
2009-07-29 17:23:05 . 2009-07-29 17:23:05 38,400 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jileyemu.dll.vir
2009-07-29 17:23:05 . 2009-07-29 17:23:05 89,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\piragobo.dll.vir
2009-07-29 05:22:46 . 2009-07-29 05:22:46 38,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yunuvofu.dll.vir
2009-07-29 05:22:46 . 2009-07-29 05:22:46 89,088 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\riyudegi.dll.vir
2009-07-28 17:22:18 . 2009-07-28 17:22:18 89,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bavobopu.dll.vir
2009-07-28 05:21:50 . 2009-07-28 05:21:50 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\loyuwisa.dll.vir
2009-07-27 17:22:11 . 2009-07-27 17:22:11 51,200 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tihaduza.dll.vir
2009-07-27 17:21:26 . 2009-07-27 17:21:26 52,224 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zabunego.dll.vir
2009-07-05 05:30:15 . 2009-07-05 05:30:15 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Fonts\HL2MP(2).ttf.vir
2008-12-21 07:57:52 . 2009-11-01 17:31:48 4,232 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2008-12-21 07:57:52 . 2009-11-01 17:31:48 5,384 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2005-08-18 00:18:27 . 2006-01-29 06:33:36 5,079 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPcap\INSTALL.LOG.vir
2005-08-18 00:18:27 . 2003-08-30 22:50:36 199,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPcap\Uninstall.exe.vir
2005-08-02 19:20:58 . 2005-08-02 19:20:58 7,168 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\WinPcap\NetMonInstaller.exe.vir
2005-08-02 19:20:04 . 2005-08-02 19:20:04 49,152 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\WinPcap\npf_mgm.exe.vir
2005-08-02 19:19:34 . 2005-08-02 19:19:34 49,152 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\WinPcap\daemon_mgm.exe.vir
2005-08-02 19:18:50 . 2005-08-02 19:18:50 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPcap\rpcapd.exe.vir
radeonamd is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 04:50 PM   #10 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 169
OS: XP & Vista


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
Please visit this site and follow the instructions for uploading the C:\Qoobox\Quarantine\[4]-Submit_2009-11-02_23.56.12.zip file.

Quote:
in terms of how my computer is running, i would say much smoother and internet surfing hasn't become a task. pop ups have become minimal so great progress so far thank you.
Are you still having pop-ups?
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 10:56 PM   #11 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Addison IL
Posts: 59
OS: XP


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
nope, no pop ups and i submitted the file
radeonamd is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2009, 09:40 AM   #12 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 169
OS: XP & Vista


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
Thank you.

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!
  • Delete ComboFix and Clean Up

    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall

    Please advise if this step is missed for any reason as it performs some important actions.

  • CleanUp! with OTC

    Download OTC by Old Timer and save it to your Desktop.
    • Double-click OTC.exe
    • Click the CleanUp! button
    • Select Yes when the Begin cleanup Process? Prompt appears
    • If you are prompted to Reboot during the cleanup, select Yes
    • The tool will delete itself once it finishes, if not delete it by yourself

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
  • Web of Trust
    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:
    Quote:
    Stop and Disable the DNS Client Service
    Go to Start, in the Start Search box type Run, when the run window opens type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
__________________
Carolyn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2009, 10:05 PM   #13 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Addison IL
Posts: 59
OS: XP


Re: Computer Hijacked Spyware, Slow Running, Trojans, ect...
thank you i did what was listed above and all is good
radeonamd is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:39 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85