Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Need help - Followed all directions - Please see thread

This is a discussion on Need help - Followed all directions - Please see thread within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I'm hoping you will be able to solve our problem. One of our work computers was affected with this


 
 
Thread Tools Search this Thread
Old 12-28-2007, 09:02 AM   #1
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



Hello, I'm hoping you will be able to solve our problem. One of our work computers was affected with this what I would say is a virus. The following is happening:
1. Cannot adjust background, which is stuck at a black screen that says Spyware was found on the computer.
2. Constant popups for PCSecuritylab.com
3. Notifications from something that is acting like windows security center.
4. Cannot use Task Manager

Following and attached is the information you asked for in the threads I read. Thank you and I hope you can help.

**I did not use word wrap, but it appears to be spreading out the text anyways for some reason.

PANDASCAN---------------

Incident Status Location

Adware:Adware/VirusAlarma Not disinfected c:\windows\winshow .exe
Adware:Adware/SpyAway Not disinfected C:\WINDOWS\system32\egmulhxk.dll
Adware:Adware/Diocleaner Not disinfected C:\WINDOWS\system32\lpcywinp.exe
Virus:trj/rirat.f Disinfected Operating system
Adware:adware/eshopper Not disinfected c:\windows\system32\ESHOPEE.exe
Adware:adware/popuper Not disinfected c:\windows\system32\msole32.exe
Adware:adware/searchaid Not disinfected c:\windows\winshow.exe
Potentially unwanted tool:application/activitymon Not disinfected c:\program files\amsys
Adware:adware/activshopper Not disinfected c:\program files\e-zshopper
Adware:adware/adbars Not disinfected Windows Registry
Dialer:dialer.xd Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
Adware:adware/activesearch Not disinfected Windows Registry
Adware:adware/deskwizz Not disinfected Windows Registry
Adware:adware/404search Not disinfected Windows Registry
Adware:adware/adblaster Not disinfected Windows Registry
Adware:adware/adsincontext Not disinfected Windows Registry
Virus:trj/qhost.gen Disinfected Operating system
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-587b5d86-36e94c67.zip[Dummy.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[BaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[VaaaaaaaBaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Dvnny.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Baaaaa.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Dex.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Dix.class]
Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-569f7380.zip[Dux.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jamie\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jamie\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\jamie\Desktop\SmitfraudFix.zip[SmitfraudFix/Reboot.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\jamie\Desktop\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Virus:W32/Sober.V.worm!CME-456 Disinfected Personal Folders\Inbox\mailing error\error-mail_info.zip[Winzipped-Text_Data.txt .pif]
Virus:Trj/Agent.CRF Disinfected C:\Documents and Settings\jamie\Local Settings\Temp\16890\explorer.exe
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\jamie\Local Settings\Temp\17142\2236.exe
Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\17569\explorer.exe
Adware:Adware/VideoCach Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\20691\acexe.exe
Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\29894\explorer.exe
Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\TMP54.tmp
Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\TMP59.tmp
Possible Virus. Not disinfected C:\Documents and Settings\jamie\Local Settings\Temp\TMP5A.tmp
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\jamie\wn0032.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1701480028-924270953-3461926640-1108\Dc1\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\RECYCLER\S-1-5-21-1701480028-924270953-3461926640-1108\Dc1\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\RECYCLER\S-1-5-21-1701480028-924270953-3461926640-1108\Dc1\SmitfraudFix\restart.exe
Adware:Adware/SpyAway Not disinfected C:\WINDOWS\fkwggshm.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu1000106.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu77.exe
Adware:Adware/Diocleaner Not disinfected C:\WINDOWS\SYSTEM32\0.8225672.exe
Virus:Trj/Downloader.PLF

MAIN.TXT-----------------------------------------------

Deckard's System Scanner v20071014.68
Run by jamie on 2007-12-28 11:45:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2007-12-28 16:45:35 UTC - RP917 - Deckard's System Scanner Restore Point
61: 2007-12-27 21:27:27 UTC - RP916 - Removed Windows Defender
60: 2007-12-27 19:37:38 UTC - RP915 - Windows Defender Checkpoint
59: 2007-12-27 17:16:30 UTC - RP914 - Windows Defender Checkpoint
58: 2007-12-27 16:36:52 UTC - RP913 - Last known good configuration


-- First Restore Point --
1: 2007-12-27 16:35:39 UTC - RP856 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-28 11:47:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\SYSTEM32\lpcywinp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\WINDOWS\SYSTEM32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer.exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxpers .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe
C:\WINDOWS\winshow .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\SYSTEM32\zstatus.exe
C:\WINDOWS\winshow .exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spruce\X_Spruce.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\jamie\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
F0 - win.ini: load=C:\WINDOWS\system32\pmkjk.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\SYSTEM32\mljkjkj.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\SYSTEM32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {DE30CEA0-163F-4000-91B2-C7EBB901C3AC} - (no file)
O2 - BHO: (no name) - {E4773465-E0E3-483E-910F-F324A66E0B65} - C:\WINDOWS\SYSTEM32\pmkjk.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [xqdwp] C:\WINDOWS\system32\rrxvxiqpr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Explorer 2238] C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe
O4 - HKLM\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow .exe"
O4 - HKLM\..\RunServices: [xqdwp] C:\WINDOWS\system32\rrxvxiqpr.exe
O4 - HKLM\..\RunServices: [tutcdchk2] c:\windows\system32\tutcdchk2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe
O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - https://walbridgehome.biz/pw/mpsPwLc7.CAB
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - https://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\Software\..\Telephony: DomainName = weyoderinc.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = weyoderinc.com
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: mljkjkj - C:\WINDOWS\system32\mljkjkj.dll
O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe (file missing)
O22 - SharedTaskScheduler: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe


--
End of file - 11161 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 core - c:\windows\system32\drivers\core.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S2 driverpp (Plug and Play Support Driver) - c:\windows\system32\msdrives\driverpp.sys (file missing)
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-06-22 06:01:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-28 and 2007-12-28 -----------------------------

2007-12-28 10:31:30 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; PandaŽ Antivirus>
2007-12-28 10:29:32 8576 --a------ C:\WINDOWS\system32\drivers\bwivqljpuvbd.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-28 1058 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 1053 0 d-------- C:\WINDOWS\LastGood
2007-12-28 10:05:10 35840 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-28 09:31:27 6797 --ahs---- C:\WINDOWS\system32\kjkmp.ini2
2007-12-28 09:31:04 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-27 16:50:34 9984 --a------ C:\WINDOWS\system32\msole32.exe
2007-12-27 16:50:32 27648 --a------ C:\WINDOWS\system32\ace16win.dll
2007-12-27 16:45:30 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-27 16:35:59 3280 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 16:27:55 0 d-------- C:\WINDOWS\system32\appmgmt
2007-12-27 16:27:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 16:16:59 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-27 16:12:48 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-27 16:11:49 27904 --a------ C:\WINDOWS\iexplorr23.dll
2007-12-27 16:11:47 15104 --a------ C:\WINDOWS\system32\wml.exe
2007-12-27 16:11:44 0 d-------- C:\Program Files\3721
2007-12-27 16:10:38 0 d-------- C:\Program Files\Accoona
2007-12-27 15:33:42 18944 --a------ C:\WINDOWS\kvnab.exe
2007-12-27 15:33:42 16640 --a------ C:\WINDOWS\kvnab.dll
2007-12-27 15:33:41 32256 --a------ C:\WINDOWS\wbeInst$.exe
2007-12-27 15:33:41 30976 --a------ C:\WINDOWS\wbeCheck.exe
2007-12-27 15:33:41 29440 --a------ C:\WINDOWS\settn.dll
2007-12-27 15:33:41 28416 --a------ C:\WINDOWS\pbsysie.dll
2007-12-27 15:33:41 12544 --a------ C:\WINDOWS\kvnab$.exe
2007-12-27 15:33:41 15360 --a------ C:\WINDOWS\hcwprn.exe
2007-12-27 15:33:31 12800 --a------ C:\WINDOWS\vxddsk.exe
2007-12-27 15:33:27 24832 --a------ C:\WINDOWS\7search.dll
2007-12-27 15:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 14:38:35 18432 --a------ C:\WINDOWS\fkwggshm.exe <Not Verified; Microsoft Corp.; Project1>
2007-12-27 14:21:03 15104 --a------ C:\WINDOWS\xadbrk.dll
2007-12-27 14:21:03 11264 --a------ C:\WINDOWS\liqui.dll
2007-12-27 14:21:02 22016 --a------ C:\WINDOWS\kkcomp.dll
2007-12-27 14:21:01 29952 --a------ C:\WINDOWS\liqad.dll
2007-12-27 14:20:47 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-27 13:54:01 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-27 12:13:15 212992 --a------ C:\WINDOWS\troy44 .exe <Not Verified; ; troy44>
2007-12-27 12:13:12 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-27 11:43:53 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-27 11:35:56 348160 --a------ C:\WINDOWS\system32\pmkjk.exe
2007-12-27 11:35:17 344576 -----n--- C:\WINDOWS\system32\pmkjk.dll
2007-12-27 11:33:39 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-12-27 11:31:41 17152 --a------ C:\WINDOWS\eventlowg.dll
2007-12-27 11:31:41 22528 --a------ C:\WINDOWS\daxtime.dll
2007-12-27 11:31:37 12544 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-12-27 11:31:37 10752 --a------ C:\WINDOWS\liqui.exe
2007-12-27 11:31:37 23296 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-12-27 11:31:37 15872 --a------ C:\WINDOWS\fhfmm.exe
2007-12-27 11:31:36 25856 --a------ C:\WINDOWS\xadbrk_.exe
2007-12-27 11:31:36 14336 --a------ C:\WINDOWS\xadbrk.exe
2007-12-27 11:31:36 9984 --a------ C:\WINDOWS\kkcomp.exe
2007-12-27 11:31:35 26624 --a------ C:\WINDOWS\liqad.exe
2007-12-27 11:31:35 29184 --a------ C:\WINDOWS\liqad$.exe
2007-12-27 11:31:35 28160 --a------ C:\WINDOWS\kkcomp$.exe
2007-12-27 11:31:34 9472 --a------ C:\WINDOWS\cbinst$.exe
2007-12-27 11:31:30 23296 --a------ C:\WINDOWS\adbar.dll
2007-12-27 11:31:28 11264 --a------ C:\WINDOWS\jd2002.dll
2007-12-27 11:31:27 16384 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2007-12-27 11:31:27 11776 --a------ C:\WINDOWS\spredirect.dll
2007-12-27 11:31:27 0 d-------- C:\Program Files\e-zshopper
2007-12-27 11:31:25 0 d-------- C:\Program Files\amsys
2007-12-27 11:31:23 11008 --a------ C:\WINDOWS\aconti.exe
2007-12-27 11:31:21 0 d-------- C:\WINDOWS\system32\acespy
2007-12-27 11:31:21 11264 --a------ C:\WINDOWS\ie_32.exe
2007-12-27 11:31:19 11776 --a------ C:\WINDOWS\xxxvideo.exe
2007-12-27 11:31:19 26368 --a------ C:\WINDOWS\ngd.dll
2007-12-27 11:31:19 20992 --a------ C:\WINDOWS\hotporn.exe
2007-12-27 11:31:19 20992 --a------ C:\WINDOWS\dp0.dll
2007-12-27 11:31:16 0 d-------- C:\Program Files\p2pnetworks
2007-12-27 11:31:15 0 d-------- C:\Program Files\akl
2007-12-27 11:31:14 27392 --a------ C:\WINDOWS\wml.exe
2007-12-27 11:31:14 12800 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-12-27 11:31:12 30464 --a------ C:\WINDOWS\flt.dll
2007-12-27 11:31:11 31744 --a------ C:\WINDOWS\pbar.dll
2007-12-27 11:31:11 28416 --a------ C:\WINDOWS\764.exe
2007-12-27 11:30:51 0 d-------- C:\Program Files\WinAble
2007-12-27 11:26:06 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-12-27 11:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-27 11:25:51 0 d-------- C:\Program Files\Spruce
2007-12-27 11:25:33 108551 --a------ C:\WINDOWS\system32\lpcywinp.exe <Not Verified; Microsoft; _>
2007-12-27 11:25:33 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-12-27 11:24:23 2 --a------ C:\WINDOWS\system32\wapiisv32.exe
2007-12-27 11:24:20 0 d-------- C:\Program Files\Common Files\?dobe
2007-12-27 11:23:52 39936 --a------ C:\WINDOWS\mrofinu77.exe
2007-12-27 11:23:32 39936 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-12-27 11:23:25 0 d--hs---- C:\WINDOWS\SmFtaWVT
2007-12-27 11:23:14 39936 --a------ C:\WINDOWS\system32\mljkjkj.dll
2007-12-27 11:23:08 80640 -----n--- C:\WINDOWS\system32\drivers\core.sys
2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\to9
2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\dj2
2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\bbc9
2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\b1
2007-12-27 11:23:00 0 d-------- C:\WINDOWS\system32\ardCo02
2007-12-27 11:23:00 0 d-------- C:\Temp
2007-12-27 11:22:48 386048 --a------ C:\WINDOWS\winshow.exe <Not Verified; ; winshow>
2007-12-25 05:55:00 53760 --a------ C:\WINDOWS\b122.exe
2007-12-10 12:01:35 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2007-12-28 11:13:24 0 d-------- C:\Program Files\iTunes
2007-12-28 11:12:34 0 d-------- C:\Program Files\Google
2007-12-28 11:10:57 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-28 10:05:20 0 d-------- C:\Program Files\QuickTime
2007-12-28 10:05:18 0 d-------- C:\Program Files\hp LaserJet 1000
2007-12-28 10:05:15 0 d-------- C:\Program Files\Messenger
2007-12-28 10:04:20 463872 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-28 10:04:19 427008 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-28 10:04:18 443392 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-27 16:27:47 0 d-------- C:\Program Files\Windows Defender
2007-12-27 15:32:37 0 d-------- C:\Program Files\RegistryFix
2007-12-27 13:55:44 0 d-------- C:\Program Files\Common Files
2007-12-27 11:32:52 0 d-------- C:\Program Files\Common Files\?dobe
2007-11-08 12:27:43 0 d-------- C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 11:11:56 0 d-------- C:\Program Files\AutoCAD LT 2006
2007-11-08 11:11:04 0 d-------- C:\Program Files\AnswerWorks 4.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}]
12/27/2007 11:23 AM 39936 --a------ C:\WINDOWS\system32\mljkjkj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]
12/27/2007 11:25 AM 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE7259-C729-45B1-BBD8-4BE9B5BD8248}]
11/29/2007 10:28 AM 401408 --a------ C:\Program Files\Spruce\Spruce.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE30CEA0-163F-4000-91B2-C7EBB901C3AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4773465-E0E3-483E-910F-F324A66E0B65}]
12/27/2007 11:35 AM 344576 --------- C:\WINDOWS\system32\pmkjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [12/28/2007 10:04 AM]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [12/28/2007 10:04 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [12/28/2007 10:04 AM]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [12/28/2007 10:05 AM]
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [12/28/2007 10:04 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/28/2007 10:04 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/28/2007 10:04 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/28/2007 10:04 AM]
"rock"="rock.exe" []
"xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/28/2007 10:04 AM]
"Explorer 2238"="C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe" []
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [12/28/2007 10:05 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/28/2007 10:04 AM]
"winshow"="C:\WINDOWS\winshow .exe" [12/28/2007 10:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/28/2007 10:04 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"xqdwp"=C:\WINDOWS\system32\rrxvxiqpr.exe
"tutcdchk2"=c:\windows\system32\tutcdchk2.exe

C:\Documents and Settings\jamie\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]
Spruce - Auto Update.lnk - C:\Program Files\Spruce\Spruce.exe [12/27/2007 11:25:40 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [7/20/2004 1:31:51 PM]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [4/22/2004 8:13:12 AM]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [3/5/2005 8:18:22 AM]
DESKTOP.INI [9/3/2002 1:36:04 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [3/24/2006 2:59:13 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"= C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}"= C:\WINDOWS\system32\mljkjkj.dll [12/27/2007 11:23 AM 39936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DCOM Server 2238"= {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkjkj]
mljkjkj.dll 12/27/2007 11:23 AM 39936 C:\WINDOWS\SYSTEM32\mljkjkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{895fb503-53c3-11db-9c9b-000cf1df667d}]
Explore\command- explorer.exe /n,/e ,.
Launch\command- E:\portablevaultaes.exe

*Newly Created Service* - BWIVQLJPUVBD
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.trendmicro.com
127.0.0.1 downloads1.kaspersky-labs.com


-- End of Deckard's System Scanner: finished at 2007-12-28 11:49:11 ------------
Attached Files
File Type: txt extra.txt (12.3 KB, 17 views)
weyoder is offline  
Sponsored Links
Advertisement
 
Old 12-29-2007, 07:01 PM   #2
TSF Team, Emeritus
 
Join Date: Oct 2006
Posts: 4,582
OS: Vista



Hi, welcome to TSF!

I edited your email because there are some bots around which harvests email addresses for them to spam and I'm sure you do not want that to happen.

Your machine is badly infected and one reason is that because you don't have an antivirus present in your system. I'll provide instructions for you to download one later.

Download combofix.exe
  • Save it to your desktop.
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:
  • In case you already used Combofix previously, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • Do not post the ComboFix-quarantined-files.txt - unless I ask you to.
  • If your Antivirus software is detecting combofix or a part of it as a virus, please choose to ignore it as Antivirus products cannot determine the good/bad use of some softwares embedded in combofix.
_____


Download RenV.exe

1. Download & double click to run it
2. a log file will be created. Please post all the contents of that log to your next reply.
Angelfire777 is offline  
Old 12-31-2007, 06:14 AM   #3
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



ComboFix 07-12-31.4 - jamie 2007-12-31 8:51:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.204 [GMT -5:00]
Running from: C:\Documents and Settings\jamie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\jamie\Application Data\macromedia\Flash Player\#SharedObjects\SPDG95EY\www.broadcaster.com
C:\Documents and Settings\jamie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\jamie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\jamie\wn0032.exe
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\hp LaserJet 1000\fwdl.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spruce
C:\Program Files\Spruce\Spruce.dll
C:\Program Files\Spruce\Spruce.dll.intermediate.manifest
C:\Program Files\Spruce\Spruce.exe
C:\Program Files\Spruce\Spruce.info
C:\Program Files\Spruce\Spruce.original
C:\Program Files\Spruce\SpruceRg.dll
C:\Program Files\Spruce\un_SpruceSetup_17737.exe
C:\Program Files\Spruce\un_SpruceSetup_17737.txt
C:\Program Files\Spruce\X_Spruce.exe
C:\Program Files\Spruce\X_Spruce.log
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu77.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\search_res.txt
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\egmulhxk.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SYSTEM32\igfxpers.exe
C:\WINDOWS\SYSTEM32\igfxtray.exe
C:\WINDOWS\system32\imas3r
C:\WINDOWS\SYSTEM32\kjkmp.ini
C:\WINDOWS\SYSTEM32\kjkmp.ini2
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\system32\mljkjkj.dll
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\pmkjk.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wapiisv32.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DRIVERPP
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\driverpp


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-31 08:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 08:41 . 2007-12-31 08:41 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX2B.tmp
2007-12-31 08:41 . 2007-12-31 08:41 35,840 --a------ C:\WINDOWS\winshow .exe
2007-12-28 11:45 . 2007-12-28 11:45 <DIR> d-------- C:\Deckard
2007-12-28 10:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-28 10:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bwivqljpuvbd.sys
2007-12-28 10:07 . 2007-12-28 10:26 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-28 10:07 . 2007-12-28 10:26 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-28 10:07 . 2007-12-28 10:26 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-28 10:06 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-27 16:44 . 2007-12-27 16:44 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX31.tmp
2007-12-27 16:35 . 2007-12-27 16:50 3,280 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-27 16:27 . 2007-12-27 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01 . 2007-12-28 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 14:38 . 2007-12-28 16:25 18,432 --a------ C:\WINDOWS\fkwggshm.exe
2007-12-27 14:19 . 2007-12-27 14:19 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX35.tmp
2007-12-27 13:53 . 2007-12-27 13:53 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX34.tmp
2007-12-27 12:13 . 2007-12-27 12:13 365,056 --a------ C:\WINDOWS\SYSTEM32\OLD76.tmp
2007-12-27 12:13 . 2007-12-27 12:13 212,992 --a------ C:\WINDOWS\troy44 .exe
2007-12-27 12:12 . 2007-12-27 12:12 348,160 --a------ C:\WINDOWS\SYSTEM32\RCX37.tmp
2007-12-27 11:43 . 2007-12-31 08:41 114,688 --a------ C:\WINDOWS\SYSTEM32\igfxpers .exe
2007-12-27 11:43 . 2007-12-31 08:41 94,208 --a------ C:\WINDOWS\SYSTEM32\igfxtray .exe
2007-12-27 11:43 . 2007-12-31 08:41 77,824 --a------ C:\WINDOWS\SYSTEM32\hkcmd .exe
2007-12-27 11:42 . 2007-12-28 09:30 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-27 11:26 . 2007-12-27 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-27 11:25 . 2007-12-27 11:25 4 --a------ C:\WINDOWS\SYSTEM32\jpewocmz.ini
2007-12-27 11:23 . 2007-12-27 12:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\to9
2007-12-27 11:23 . 2007-12-27 12:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\dj2
2007-12-27 11:23 . 2007-12-27 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\bbc9
2007-12-27 11:23 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo02
2007-12-27 11:23 . 2007-12-27 11:41 <DIR> d--hs---- C:\WINDOWS\SmFtaWVT
2007-12-27 11:23 . 2007-12-27 11:23 <DIR> d-------- C:\Temp\cEeer12
2007-12-27 11:23 . 2007-12-31 09:01 <DIR> d-------- C:\Temp
2007-12-27 11:23 . 2007-12-27 11:42 389,120 --a------ C:\WINDOWS\mrofinu77.exe.tmp
2007-12-10 12:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2007-11-08 11:11 . 2007-11-08 12:27 <DIR> d-------- C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 11:10 . 2007-11-08 11:11 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2007-11-08 11:08 . 2007-11-08 11:11 <DIR> d-------- C:\Program Files\AutoCAD LT 2006
2007-11-08 11:08 . 2007-11-08 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 13:59 --------- d-----w C:\Program Files\QuickTime
2007-12-31 13:58 --------- d-----w C:\Program Files\iTunes
2007-12-31 13:58 --------- d-----w C:\Program Files\hp LaserJet 1000
2007-12-28 16:12 --------- d-----w C:\Program Files\Google
2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 21:27 --------- d-----w C:\Program Files\Windows Defender
2007-12-27 20:32 --------- d-----w C:\Program Files\RegistryFix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-04-30 00:50 3,050 ----a-w C:\Program Files\secure32.html.tcf
2006-03-25 00:38 147,456 ----a-w C:\Documents and Settings\jamie\mbpopup.dll
2006-03-24 21:12 49 ----a-w C:\Documents and Settings\jamie\MktPatchT.bat
2006-03-24 21:12 36,864 ----a-w C:\Documents and Settings\jamie\VersAct.dll
2006-03-24 20:30 2,391 ----a-w C:\Documents and Settings\jamie\qbbackup.sys
2006-03-24 20:25 823,296 ----a-w C:\Documents and Settings\jamie\EfpOfxGen.DLL
2006-03-24 20:25 299,008 ----a-w C:\Documents and Settings\jamie\EfpOfxDao.DLL
2006-03-24 19:59 10,108 ----a-w C:\Documents and Settings\jamie\reboot.bat
2003-10-25 21:20 795,568 ----a-w C:\Documents and Settings\jamie\ecredit.dll
2003-10-25 21:20 316,336 ----a-w C:\Documents and Settings\jamie\qbprefs.dll
2003-10-25 21:20 2,700,208 ----a-w C:\Documents and Settings\jamie\qbw32.exe
2003-10-25 21:20 160,696 ----a-w C:\Documents and Settings\jamie\NAAuthTool.dll
2003-10-25 09:04 974,848 ----a-w C:\Documents and Settings\jamie\QBSetupUtil.dll
2003-10-25 09:04 917,504 ----a-w C:\Documents and Settings\jamie\Prefs.dll
2003-10-25 09:04 905,216 ----a-w C:\Documents and Settings\jamie\qbform32.DLL
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\StatusRequestHandler.dll
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\ShoeBox.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxmlrp.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxladin.dll
2003-10-25 09:04 774,144 ----a-w C:\Documents and Settings\jamie\Qbconv32.dll
2003-10-25 09:04 729,088 ----a-w C:\Documents and Settings\jamie\AppCore.dll
2003-10-25 09:04 720,896 ----a-w C:\Documents and Settings\jamie\txncore.dll
2003-10-25 09:04 7,680 ----a-w C:\Documents and Settings\jamie\qbmfct32.dll
2003-10-25 09:04 69,685 ----a-w C:\Documents and Settings\jamie\QBConnectorBridge.dll
2003-10-25 09:04 684,032 ----a-w C:\Documents and Settings\jamie\Qbstyl32.dll
2003-10-25 09:04 581,632 ----a-w C:\Documents and Settings\jamie\skucore.dll
2003-10-25 09:04 540,672 ----a-w C:\Documents and Settings\jamie\qbbrow32.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\TaxAlertsECL.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\featuremgr.dll
2003-10-25 09:04 520,192 ----a-w C:\Documents and Settings\jamie\QBSDKNotify.dll
2003-10-25 09:04 495,616 ----a-w C:\Documents and Settings\jamie\tracking.dll
2003-10-25 09:04 49,152 ----a-w C:\Documents and Settings\jamie\PM.DLL
2003-10-25 09:04 413,696 ----a-w C:\Documents and Settings\jamie\qbmsintg.dll
2003-10-25 09:04 4,886,528 ----a-w C:\Documents and Settings\jamie\payres.dll
2003-10-25 09:04 4,386,816 ----a-w C:\Documents and Settings\jamie\qbwfls32.dll
2003-10-25 09:04 385,024 ----a-w C:\Documents and Settings\jamie\Qbwpr32.dll
2003-10-25 09:04 36,864 ----a-w C:\Documents and Settings\jamie\excelpayrolldatasource.dll
2003-10-25 09:04 356,352 ----a-w C:\Documents and Settings\jamie\payutil.dll
2003-10-25 09:04 352,256 ----a-w C:\Documents and Settings\jamie\sdkutil.dll
2003-10-25 09:04 331,776 ----a-w C:\Documents and Settings\jamie\ADR.DLL
2003-10-25 09:04 327,680 ----a-w C:\Documents and Settings\jamie\qbinstal.dll
2003-10-25 09:04 323,584 ----a-w C:\Documents and Settings\jamie\Qbqwut32.dll
2003-10-25 09:04 315,392 ----a-w C:\Documents and Settings\jamie\SendError.dll
2003-10-25 09:04 307,200 ----a-w C:\Documents and Settings\jamie\tiupload.dll
2003-10-25 09:04 3,584,000 ----a-w C:\Documents and Settings\jamie\Qbwin32.dll
2003-10-25 09:04 3,473,408 ----a-w C:\Documents and Settings\jamie\sdkdatabind.dll
2003-10-25 09:04 3,420,160 ----a-w C:\Documents and Settings\jamie\Qbwrpt32.dll
2003-10-25 09:04 3,211,264 ----a-w C:\Documents and Settings\jamie\sdkqbimpl.dll
2003-10-25 09:04 294,912 ----a-w C:\Documents and Settings\jamie\qbot.dll
2003-10-25 09:04 28,718 ----a-w C:\Documents and Settings\jamie\QBCMIAddin.dll
2003-10-25 09:04 278,528 ----a-w C:\Documents and Settings\jamie\ElCore.dll
2003-10-25 09:04 270,336 ----a-w C:\Documents and Settings\jamie\SendForms.dll
2003-10-25 09:04 25,088 ----a-w C:\Documents and Settings\jamie\sdkevent.dll
2003-10-25 09:04 225,280 ----a-w C:\Documents and Settings\jamie\payxsgen.dll
2003-10-25 09:04 204,849 ----a-w C:\Documents and Settings\jamie\QBSetupWizard.dll
2003-10-25 09:04 204,800 ----a-w C:\Documents and Settings\jamie\MsgDBAddin.dll
2003-10-25 09:04 2,306,048 ----a-w C:\Documents and Settings\jamie\Features.dll
2003-10-25 09:04 2,215,936 ----a-w C:\Documents and Settings\jamie\Qbonli32.dll
2003-10-25 09:04 2,031,616 ----a-w C:\Documents and Settings\jamie\qboesd32.dll
2003-10-25 09:04 172,032 ----a-w C:\Documents and Settings\jamie\Utilities.dll
2003-10-25 09:04 172,032 ----a-w C:\Documents and Settings\jamie\Qba32.dll
2003-10-25 09:04 155,648 ----a-w C:\Documents and Settings\jamie\NetworkAdapterManager.dll
2003-10-25 09:04 143,360 ----a-w C:\Documents and Settings\jamie\RcvPmtRequestHandler.dll
2003-10-25 09:04 14,848 ----a-w C:\Documents and Settings\jamie\ESHELL.DLL
2003-10-25 09:04 139,264 ----a-w C:\Documents and Settings\jamie\QBSyncUI.dll
2003-10-25 09:04 135,168 ----a-w C:\Documents and Settings\jamie\qbci32.dll
2003-10-25 09:04 135,168 ----a-w C:\Documents and Settings\jamie\QBAttr32.dll
2003-10-25 09:04 122,880 ----a-w C:\Documents and Settings\jamie\sdkcore.dll
2003-10-25 09:04 114,688 ----a-w C:\Documents and Settings\jamie\Qbinbox.dll
2003-10-25 09:04 11,776 ----a-w C:\Documents and Settings\jamie\UM.DLL
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\QBSyncBridge.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\qbitools.DLL
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\PRLoader.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\merchantcard.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\icwrapper.dll
2003-10-25 09:04 1,724,416 ----a-w C:\Documents and Settings\jamie\TxnForm.dll
2003-10-25 09:04 1,687,552 ----a-w C:\Documents and Settings\jamie\Qbintr32.dll
2003-10-25 09:04 1,605,632 ----a-w C:\Documents and Settings\jamie\payserv.dll
2003-10-25 09:04 1,445,888 ----a-w C:\Documents and Settings\jamie\tej32.dll
2003-10-25 09:04 1,417,216 ----a-w C:\Documents and Settings\jamie\qbchao32.dll
2003-10-25 09:04 1,335,296 ----a-w C:\Documents and Settings\jamie\qblist32.DLL
2003-10-25 09:04 1,277,952 ----a-w C:\Documents and Settings\jamie\paycore.dll
2003-10-25 09:04 1,273,856 ----a-w C:\Documents and Settings\jamie\qbtool32.DLL
2003-10-25 09:04 1,224,704 ----a-w C:\Documents and Settings\jamie\qbtxn32.dll
2003-10-25 09:04 1,093,632 ----a-w C:\Documents and Settings\jamie\ui.dll
2003-10-25 09:03 544,768 ----a-w C:\Documents and Settings\jamie\ACE.DLL
2003-10-25 09:03 27,136 ----a-w C:\Documents and Settings\jamie\ACM.DLL
2003-10-25 09:03 1,114,112 ----a-w C:\Documents and Settings\jamie\ABMAPI.DLL
2003-10-25 08:35 483,328 ----a-w C:\Documents and Settings\jamie\Techhelp.exe
2003-10-25 07:49 73,728 ----a-w C:\Documents and Settings\jamie\regqb.exe
2003-10-25 07:33 86,016 ----a-w C:\Documents and Settings\jamie\autobackupexe.exe
2003-10-09 17:38 12,221 ------w C:\Documents and Settings\jamie\regqb.dat
.
Code:
----a-w            69,632 2007-12-31 13:41:06  C:\Program Files\Common Files\Dell\EUSW\Support .exe
----a-w           180,269 2007-12-31 13:41:27  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           155,648 2007-12-31 13:41:01  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           204,800 2007-12-31 13:41:05  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w            36,864 2007-12-31 13:41:09  C:\Program Files\hp LaserJet 1000\fwdl .exe
----a-w           221,184 2007-12-31 13:40:59  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           257,088 2007-12-31 13:41:37  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-31 13:41:49  C:\Program Files\Messenger\msmsgs .exe
----a-w         1,460,560 2007-12-28 14:31:39  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           866,584 2007-12-27 21:16:59  C:\Program Files\Windows Defender\MSASCui .exe
----a-w           212,992 2007-12-27 17:13:15  C:\WINDOWS\troy44 .exe
----a-w            35,840 2007-12-31 13:41:41  C:\WINDOWS\winshow          .exe
----a-w            15,360 2007-12-28 14:30:13  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w            77,824 2007-12-31 13:41:17  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           114,688 2007-12-31 13:41:20  C:\WINDOWS\SYSTEM32\igfxpers .exe
----a-w            94,208 2007-12-31 13:41:13  C:\WINDOWS\SYSTEM32\igfxtray .exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ]
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"rock"="rock.exe" []
"xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [ ]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]

C:\Documents and Settings\jamie\Start Menu\Programs\Startup\
Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-27 11:25:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{895fb503-53c3-11db-9c9b-000cf1df667d}]
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-06-22 11:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-12-31 09:05:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 9:11:09 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 14:11:06
.
2007-12-20 19:15:03 --- E O F ---



NEW HIJACK THIS LOG------------------>

Deckard's System Scanner v20071014.68
Run by jamie on 2007-12-31 09:16:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-31 09:17:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\SYSTEM32\zstatus.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jamie\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [xqdwp] C:\WINDOWS\system32\rrxvxiqpr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [xqdwp] C:\WINDOWS\system32\rrxvxiqpr.exe
O4 - HKLM\..\RunServices: [tutcdchk2] c:\windows\system32\tutcdchk2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe
O4 - Startup: Spruce - Auto Update.lnk = C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - https://walbridgehome.biz/pw/mpsPwLc7.CAB
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - https://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\Software\..\Telephony: DomainName = weyoderinc.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = weyoderinc.com
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe


--
End of file - 7327 bytes

-- Files created between 2007-11-30 and 2007-12-31 -----------------------------

2007-12-31 08:41:40 35840 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
2007-12-28 10:31:30 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; PandaŽ Antivirus>
2007-12-28 10:29:32 8576 --a------ C:\WINDOWS\system32\drivers\bwivqljpuvbd.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-28 1058 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-27 16:35:59 3280 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 16:27:55 0 d-------- C:\WINDOWS\system32\appmgmt
2007-12-27 16:27:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 14:38:35 18432 --a------ C:\WINDOWS\fkwggshm.exe <Not Verified; Microsoft Corp.; Project1>
2007-12-27 12:13:15 212992 --a------ C:\WINDOWS\troy44 .exe <Not Verified; ; troy44>
2007-12-27 11:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-27 11:23:25 0 d--hs---- C:\WINDOWS\SmFtaWVT
2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\to9
2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\dj2
2007-12-27 11:23:07 0 d-------- C:\WINDOWS\system32\bbc9
2007-12-27 11:23:00 0 d-------- C:\WINDOWS\system32\ardCo02
2007-12-27 11:23:00 0 d-------- C:\Temp
2007-12-10 12:01:35 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2007-12-31 09:01:45 0 d-------- C:\Program Files\Common Files
2007-12-31 08:59:16 0 d-------- C:\Program Files\QuickTime
2007-12-31 08:58:47 0 d-------- C:\Program Files\Messenger
2007-12-31 08:58:45 0 d-------- C:\Program Files\iTunes
2007-12-31 08:58:40 0 d-------- C:\Program Files\hp LaserJet 1000
2007-12-28 11:12:34 0 d-------- C:\Program Files\Google
2007-12-28 11:10:57 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-27 16:27:47 0 d-------- C:\Program Files\Windows Defender
2007-12-27 15:32:37 0 d-------- C:\Program Files\RegistryFix
2007-11-08 12:27:43 0 d-------- C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 11:11:56 0 d-------- C:\Program Files\AutoCAD LT 2006
2007-11-08 11:11:04 0 d-------- C:\Program Files\AnswerWorks 4.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" []
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" []
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" []
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" []
"rock"="rock.exe" []
"xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"xqdwp"=C:\WINDOWS\system32\rrxvxiqpr.exe
"tutcdchk2"=c:\windows\system32\tutcdchk2.exe

C:\Documents and Settings\jamie\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 13:36:04]
Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-27 11:25:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
DESKTOP.INI [2002-09-03 13:36:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{895fb503-53c3-11db-9c9b-000cf1df667d}]
Explore\command- explorer.exe /n,/e ,.
Launch\command- E:\portablevaultaes.exe




-- End of Deckard's System Scanner: finished at 2007-12-31 09:17:37 ------------




RENV.EXE---------------------------------->

Code:
Ran on 2007-12-31 -  9:18:26.62

----a-w            69,632 2007-12-31 13:41:06  C:\Program Files\Common Files\Dell\EUSW\Support .exe
----a-w           180,269 2007-12-31 13:41:27  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           155,648 2007-12-31 13:41:01  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           204,800 2007-12-31 13:41:05  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w            36,864 2007-12-31 13:41:09  C:\Program Files\hp LaserJet 1000\fwdl .exe
----a-w           221,184 2007-12-31 13:40:59  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           257,088 2007-12-31 13:41:37  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-31 13:41:49  C:\Program Files\Messenger\msmsgs .exe
----a-w         1,460,560 2007-12-28 14:31:39  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           866,584 2007-12-27 21:16:59  C:\Program Files\Windows Defender\MSASCui .exe
----a-w           212,992 2007-12-27 17:13:15  C:\WINDOWS\troy44 .exe
----a-w            35,840 2007-12-31 13:41:41  C:\WINDOWS\winshow          .exe
----a-w            15,360 2007-12-28 14:30:13  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w            77,824 2007-12-31 13:41:17  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           114,688 2007-12-31 13:41:20  C:\WINDOWS\SYSTEM32\igfxpers .exe
----a-w            94,208 2007-12-31 13:41:13  C:\WINDOWS\SYSTEM32\igfxtray .exe

 Entries:               16  (16)
 Directories:            0  Files:            16
 Bytes:          5,697,749  Blocks:       11,131
weyoder is offline  
Sponsored Links
Advertisement
 
Old 12-31-2007, 06:30 AM   #4
TSF Team, Emeritus
 
Join Date: Oct 2006
Posts: 4,582
OS: Vista



Hi weyoder,

Since it's new year's eve tonight in my country, I'll have to enjoy the fireworks first.

Don't worry, I'll check your log tomorrow morning.

Happy New Year!
Angelfire777 is offline  
Old 12-31-2007, 05:56 PM   #5
TSF Team, Emeritus
 
Join Date: Oct 2006
Posts: 4,582
OS: Vista



Hi,

Please attach this file: C:\Combofix.txt in your next post.

It will be easier for me to read the log because the board software may have stripped some characters in it.
Angelfire777 is offline  
Old 01-02-2008, 05:31 AM   #6
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



Attached is the file requested.
Attached Files
File Type: txt ComboFix.txt (23.8 KB, 20 views)
weyoder is offline  
Old 01-02-2008, 05:59 AM   #7
TSF Team, Emeritus
 
Join Date: Oct 2006
Posts: 4,582
OS: Vista



Hi, please delete your combofix.exe and download the new version from the same link I gave you.

It has been updated again and I want to see how it will do with the infection you have there.

Attach the log again after running the new version of combofix..
Angelfire777 is offline  
Old 01-02-2008, 08:40 AM   #8
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



I attached Combofix.exe and log.txt


FYI The virus isn't active right now. Everything is acting normal. I'm assuming that is because the combofix shut down the processes that were causing the virus to work and that the virus is still on the computer. I'm not sure if that helps you at all, but I figured I'd let you know.

Thanks for your help.
Attached Files
File Type: txt Log.txt (15.9 KB, 19 views)
weyoder is offline  
Old 01-02-2008, 08:43 AM   #9
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



It won't let me attach the combofix file for some reason. It is saying I already attached it. Here is the text...

ComboFix 08-01-02.1 - jamie 2008-01-02 11:38:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.241 [GMT -5:00]
Running from: C:\Documents and Settings\jamie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\RCX2B.tmp
C:\WINDOWS\system32\RCX31.tmp
C:\WINDOWS\system32\RCX34.tmp
C:\WINDOWS\system32\RCX35.tmp
C:\WINDOWS\system32\RCX37.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2007-12-31 08:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 08:41 . 2007-12-31 08:41 35,840 --a------ C:\WINDOWS\winshow .exe
2007-12-28 11:45 . 2007-12-28 11:45 <DIR> d-------- C:\Deckard
2007-12-28 10:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-28 10:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bwivqljpuvbd.sys
2007-12-28 10:07 . 2007-12-28 10:26 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-28 10:07 . 2007-12-28 10:26 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-28 10:07 . 2007-12-28 10:26 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-28 10:06 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-27 16:35 . 2007-12-27 16:50 3,280 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-27 16:27 . 2007-12-27 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01 . 2007-12-28 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 14:38 . 2007-12-28 16:25 18,432 --a------ C:\WINDOWS\fkwggshm.exe
2007-12-27 12:13 . 2007-12-27 12:13 365,056 --a------ C:\WINDOWS\SYSTEM32\OLD76.tmp
2007-12-27 12:13 . 2007-12-27 12:13 212,992 --a------ C:\WINDOWS\troy44 .exe
2007-12-27 11:43 . 2007-12-31 08:41 114,688 --a------ C:\WINDOWS\SYSTEM32\igfxpers .exe
2007-12-27 11:43 . 2007-12-31 08:41 94,208 --a------ C:\WINDOWS\SYSTEM32\igfxtray .exe
2007-12-27 11:43 . 2007-12-31 08:41 77,824 --a------ C:\WINDOWS\SYSTEM32\hkcmd .exe
2007-12-27 11:42 . 2007-12-28 09:30 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-27 11:26 . 2007-12-27 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-27 11:25 . 2007-12-27 11:25 4 --a------ C:\WINDOWS\SYSTEM32\jpewocmz.ini
2007-12-27 11:23 . 2007-12-27 12:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\to9
2007-12-27 11:23 . 2007-12-27 12:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\dj2
2007-12-27 11:23 . 2007-12-27 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\bbc9
2007-12-27 11:23 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo02
2007-12-27 11:23 . 2007-12-27 11:41 <DIR> d--hs---- C:\WINDOWS\SmFtaWVT
2007-12-27 11:23 . 2007-12-27 11:23 <DIR> d-------- C:\Temp\cEeer12
2007-12-27 11:23 . 2007-12-31 09:01 <DIR> d-------- C:\Temp
2007-12-27 11:23 . 2007-12-27 11:42 389,120 --a------ C:\WINDOWS\mrofinu77.exe.tmp
2007-12-10 12:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 13:59 --------- d-----w C:\Program Files\QuickTime
2007-12-31 13:58 --------- d-----w C:\Program Files\iTunes
2007-12-31 13:58 --------- d-----w C:\Program Files\hp LaserJet 1000
2007-12-28 16:12 --------- d-----w C:\Program Files\Google
2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 21:27 --------- d-----w C:\Program Files\Windows Defender
2007-12-27 20:32 --------- d-----w C:\Program Files\RegistryFix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 17:27 --------- d-----w C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-08 16:11 --------- d-----w C:\Program Files\AutoCAD LT 2006
2007-11-08 16:11 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2006-04-30 00:50 3,050 ----a-w C:\Program Files\secure32.html.tcf
2006-03-25 00:38 147,456 ----a-w C:\Documents and Settings\jamie\mbpopup.dll
2006-03-24 21:12 49 ----a-w C:\Documents and Settings\jamie\MktPatchT.bat
2006-03-24 21:12 36,864 ----a-w C:\Documents and Settings\jamie\VersAct.dll
2006-03-24 20:30 2,391 ----a-w C:\Documents and Settings\jamie\qbbackup.sys
2006-03-24 20:25 823,296 ----a-w C:\Documents and Settings\jamie\EfpOfxGen.DLL
2006-03-24 20:25 299,008 ----a-w C:\Documents and Settings\jamie\EfpOfxDao.DLL
2006-03-24 19:59 10,108 ----a-w C:\Documents and Settings\jamie\reboot.bat
2003-10-25 21:20 795,568 ----a-w C:\Documents and Settings\jamie\ecredit.dll
2003-10-25 21:20 316,336 ----a-w C:\Documents and Settings\jamie\qbprefs.dll
2003-10-25 21:20 2,700,208 ----a-w C:\Documents and Settings\jamie\qbw32.exe
2003-10-25 21:20 160,696 ----a-w C:\Documents and Settings\jamie\NAAuthTool.dll
2003-10-25 09:04 974,848 ----a-w C:\Documents and Settings\jamie\QBSetupUtil.dll
2003-10-25 09:04 917,504 ----a-w C:\Documents and Settings\jamie\Prefs.dll
2003-10-25 09:04 905,216 ----a-w C:\Documents and Settings\jamie\qbform32.DLL
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\StatusRequestHandler.dll
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\ShoeBox.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxmlrp.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxladin.dll
2003-10-25 09:04 774,144 ----a-w C:\Documents and Settings\jamie\Qbconv32.dll
2003-10-25 09:04 729,088 ----a-w C:\Documents and Settings\jamie\AppCore.dll
2003-10-25 09:04 720,896 ----a-w C:\Documents and Settings\jamie\txncore.dll
2003-10-25 09:04 7,680 ----a-w C:\Documents and Settings\jamie\qbmfct32.dll
2003-10-25 09:04 69,685 ----a-w C:\Documents and Settings\jamie\QBConnectorBridge.dll
2003-10-25 09:04 684,032 ----a-w C:\Documents and Settings\jamie\Qbstyl32.dll
2003-10-25 09:04 581,632 ----a-w C:\Documents and Settings\jamie\skucore.dll
2003-10-25 09:04 540,672 ----a-w C:\Documents and Settings\jamie\qbbrow32.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\TaxAlertsECL.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\featuremgr.dll
2003-10-25 09:04 520,192 ----a-w C:\Documents and Settings\jamie\QBSDKNotify.dll
2003-10-25 09:04 495,616 ----a-w C:\Documents and Settings\jamie\tracking.dll
2003-10-25 09:04 49,152 ----a-w C:\Documents and Settings\jamie\PM.DLL
2003-10-25 09:04 413,696 ----a-w C:\Documents and Settings\jamie\qbmsintg.dll
2003-10-25 09:04 4,886,528 ----a-w C:\Documents and Settings\jamie\payres.dll
2003-10-25 09:04 4,386,816 ----a-w C:\Documents and Settings\jamie\qbwfls32.dll
2003-10-25 09:04 385,024 ----a-w C:\Documents and Settings\jamie\Qbwpr32.dll
2003-10-25 09:04 36,864 ----a-w C:\Documents and Settings\jamie\excelpayrolldatasource.dll
2003-10-25 09:04 356,352 ----a-w C:\Documents and Settings\jamie\payutil.dll
2003-10-25 09:04 352,256 ----a-w C:\Documents and Settings\jamie\sdkutil.dll
2003-10-25 09:04 331,776 ----a-w C:\Documents and Settings\jamie\ADR.DLL
2003-10-25 09:04 327,680 ----a-w C:\Documents and Settings\jamie\qbinstal.dll
2003-10-25 09:04 323,584 ----a-w C:\Documents and Settings\jamie\Qbqwut32.dll
2003-10-25 09:04 315,392 ----a-w C:\Documents and Settings\jamie\SendError.dll
2003-10-25 09:04 307,200 ----a-w C:\Documents and Settings\jamie\tiupload.dll
2003-10-25 09:04 3,584,000 ----a-w C:\Documents and Settings\jamie\Qbwin32.dll
2003-10-25 09:04 3,473,408 ----a-w C:\Documents and Settings\jamie\sdkdatabind.dll
2003-10-25 09:04 3,420,160 ----a-w C:\Documents and Settings\jamie\Qbwrpt32.dll
2003-10-25 09:04 3,211,264 ----a-w C:\Documents and Settings\jamie\sdkqbimpl.dll
2003-10-25 09:04 294,912 ----a-w C:\Documents and Settings\jamie\qbot.dll
2003-10-25 09:04 28,718 ----a-w C:\Documents and Settings\jamie\QBCMIAddin.dll
2003-10-25 09:04 278,528 ----a-w C:\Documents and Settings\jamie\ElCore.dll
2003-10-25 09:04 270,336 ----a-w C:\Documents and Settings\jamie\SendForms.dll
2003-10-25 09:04 25,088 ----a-w C:\Documents and Settings\jamie\sdkevent.dll
2003-10-25 09:04 225,280 ----a-w C:\Documents and Settings\jamie\payxsgen.dll
2003-10-25 09:04 204,849 ----a-w C:\Documents and Settings\jamie\QBSetupWizard.dll
2003-10-25 09:04 204,800 ----a-w C:\Documents and Settings\jamie\MsgDBAddin.dll
2003-10-25 09:04 2,306,048 ----a-w C:\Documents and Settings\jamie\Features.dll
2003-10-25 09:04 2,215,936 ----a-w C:\Documents and Settings\jamie\Qbonli32.dll
.
Code:
----a-w            69,632 2007-12-31 13:41:06  C:\Program Files\Common Files\Dell\EUSW\Support .exe
----a-w           180,269 2007-12-31 13:41:27  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           155,648 2007-12-31 13:41:01  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           204,800 2007-12-31 13:41:05  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w            36,864 2007-12-31 13:41:09  C:\Program Files\hp LaserJet 1000\fwdl .exe
----a-w           221,184 2007-12-31 13:40:59  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           257,088 2007-12-31 13:41:37  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-31 13:41:49  C:\Program Files\Messenger\msmsgs .exe
----a-w         1,460,560 2007-12-28 14:31:39  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           866,584 2007-12-27 21:16:59  C:\Program Files\Windows Defender\MSASCui .exe
----a-w           212,992 2007-12-27 17:13:15  C:\WINDOWS\troy44 .exe
----a-w            35,840 2007-12-31 13:41:41  C:\WINDOWS\winshow          .exe
----a-w            15,360 2007-12-28 14:30:13  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w            77,824 2007-12-31 13:41:17  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           114,688 2007-12-31 13:41:20  C:\WINDOWS\SYSTEM32\igfxpers .exe
----a-w            94,208 2007-12-31 13:41:13  C:\WINDOWS\SYSTEM32\igfxtray .exe

((((((((((((((((((((((((((((( [email protected]_ 9.10.52.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 16:04:54 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-31 14:09:18 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-11-08 16:04:54 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-31 14:09:18 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ]
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"rock"="rock.exe" []
"xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [ ]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]

C:\Documents and Settings\jamie\Start Menu\Programs\Startup\
Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-27 11:25:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{895fb503-53c3-11db-9c9b-000cf1df667d}]
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-06-22 11:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-01-02 11:40:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 11:41:54
ComboFix-quarantined-files.txt 2008-01-02 16:41:21
ComboFix2.txt 2007-12-31 14:11:09
.
2007-12-20 19:15:03 --- E O F ---
weyoder is offline  
Old 01-03-2008, 09:03 AM   #10
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



Will the information provided allow you to take the next step? Thanks.
weyoder is offline  
Old 01-04-2008, 06:23 AM   #11
TSF Team, Emeritus
 
Join Date: Oct 2006
Posts: 4,582
OS: Vista



Hi,

Quote:
Will the information provided allow you to take the next step? Thanks.
Yes.

Open NOTEPAD and copy/paste the text in the codebox below into it:

Code:
C:\Program Files\Common Files\Dell\EUSW\Support .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\hp LaserJet 1000\fwdl .exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxpers .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
Save this as Log.txt



Refering to the picture above, drag Log.txt into RenV.exe

When finished, it shall produce a new log for you. Post that log in your next reply.
_____

Combofix Deletions
  • Open notepad.
  • Copy and paste the text inside the code box below to notepad
Code:
File::
C:\WINDOWS\winshow .exe
C:\WINDOWS\SYSTEM32\pavas.ico
C:\WINDOWS\SYSTEM32\Uninstall.ico
C:\WINDOWS\SYSTEM32\Help.ico
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\SYSTEM32\OLD76.tmp
C:\WINDOWS\troy44 .exe
C:\WINDOWS\SYSTEM32\jpewocmz.ini
C:\WINDOWS\mrofinu77.exe.tmp
C:\Program Files\secure32.html.tcf
C:\WINDOWS\winshow          .exe
C:\WINDOWS\troy44 .exe
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\Documents and Settings\jamie\Start Menu\Programs\Startup\Spruce - Auto Update.lnk

Folder::
C:\WINDOWS\SYSTEM32\to9
C:\WINDOWS\SYSTEM32\dj2
C:\WINDOWS\SYSTEM32\bbc9
C:\WINDOWS\SYSTEM32\ardCo02
C:\WINDOWS\SmFtaWVT
C:\Temp\cEeer12
C:\Temp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tutcdchk2"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rock"=-
"xqdwp"=-
"tutcdchk2"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"xqdwp"=-
"tutcdchk2"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{895fb503-53c3-11db-9c9b-000cf1df667d}]
  • Save and Name it as "CFScript"
  • Drag and drop CFScript.txt to your copy of combofix.
  • You can take a look at the image below if you're unsure on how to do it.
  • Combofix wil restart your machine then it will produce a log afterwards.
  • Please post the contents of that log along with a fresh HijackThis log.
_______

Please do an online scan with Kaspersky WebScanner

Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

On your next reply, please include a
  • Fresh HijackThis log.
  • kaspersky scan log
  • combofix log
  • RenV log
Angelfire777 is offline  
Old 01-04-2008, 11:26 AM   #12
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



Code:
Ran on 2008-01-04 - 11:30:12.48

----a-w           212,992 2007-12-27 17:13:15  C:\WINDOWS\troy44 .exe
----a-w            35,840 2007-12-31 13:41:41  C:\WINDOWS\winshow          .exe
----a-w            15,360 2007-12-28 14:30:13  C:\WINDOWS\SYSTEM32\ctfmon .exe

 Entries:                3  (3)
 Directories:            0  Files:             3
 Bytes:            264,192  Blocks:          516

ComboFix 08-01-02.1 - jamie 2008-01-02 11:38:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.241 [GMT -5:00]
Running from: C:\Documents and Settings\jamie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\RCX2B.tmp
C:\WINDOWS\system32\RCX31.tmp
C:\WINDOWS\system32\RCX34.tmp
C:\WINDOWS\system32\RCX35.tmp
C:\WINDOWS\system32\RCX37.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2007-12-31 08:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 08:41 . 2007-12-31 08:41 35,840 --a------ C:\WINDOWS\winshow .exe
2007-12-28 11:45 . 2007-12-28 11:45 <DIR> d-------- C:\Deckard
2007-12-28 10:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-28 10:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bwivqljpuvbd.sys
2007-12-28 10:07 . 2007-12-28 10:26 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-28 10:07 . 2007-12-28 10:26 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-28 10:07 . 2007-12-28 10:26 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-28 10:06 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-27 16:35 . 2007-12-27 16:50 3,280 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-27 16:27 . 2007-12-27 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01 . 2007-12-28 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 14:38 . 2007-12-28 16:25 18,432 --a------ C:\WINDOWS\fkwggshm.exe
2007-12-27 12:13 . 2007-12-27 12:13 365,056 --a------ C:\WINDOWS\SYSTEM32\OLD76.tmp
2007-12-27 12:13 . 2007-12-27 12:13 212,992 --a------ C:\WINDOWS\troy44 .exe
2007-12-27 11:43 . 2007-12-31 08:41 114,688 --a------ C:\WINDOWS\SYSTEM32\igfxpers .exe
2007-12-27 11:43 . 2007-12-31 08:41 94,208 --a------ C:\WINDOWS\SYSTEM32\igfxtray .exe
2007-12-27 11:43 . 2007-12-31 08:41 77,824 --a------ C:\WINDOWS\SYSTEM32\hkcmd .exe
2007-12-27 11:42 . 2007-12-28 09:30 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-27 11:26 . 2007-12-27 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-27 11:25 . 2007-12-27 11:25 4 --a------ C:\WINDOWS\SYSTEM32\jpewocmz.ini
2007-12-27 11:23 . 2007-12-27 12:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\to9
2007-12-27 11:23 . 2007-12-27 12:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\dj2
2007-12-27 11:23 . 2007-12-27 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\bbc9
2007-12-27 11:23 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo02
2007-12-27 11:23 . 2007-12-27 11:41 <DIR> d--hs---- C:\WINDOWS\SmFtaWVT
2007-12-27 11:23 . 2007-12-27 11:23 <DIR> d-------- C:\Temp\cEeer12
2007-12-27 11:23 . 2007-12-31 09:01 <DIR> d-------- C:\Temp
2007-12-27 11:23 . 2007-12-27 11:42 389,120 --a------ C:\WINDOWS\mrofinu77.exe.tmp
2007-12-10 12:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 13:59 --------- d-----w C:\Program Files\QuickTime
2007-12-31 13:58 --------- d-----w C:\Program Files\iTunes
2007-12-31 13:58 --------- d-----w C:\Program Files\hp LaserJet 1000
2007-12-28 16:12 --------- d-----w C:\Program Files\Google
2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 21:27 --------- d-----w C:\Program Files\Windows Defender
2007-12-27 20:32 --------- d-----w C:\Program Files\RegistryFix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 17:27 --------- d-----w C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-08 16:11 --------- d-----w C:\Program Files\AutoCAD LT 2006
2007-11-08 16:11 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2006-04-30 00:50 3,050 ----a-w C:\Program Files\secure32.html.tcf
2006-03-25 00:38 147,456 ----a-w C:\Documents and Settings\jamie\mbpopup.dll
2006-03-24 21:12 49 ----a-w C:\Documents and Settings\jamie\MktPatchT.bat
2006-03-24 21:12 36,864 ----a-w C:\Documents and Settings\jamie\VersAct.dll
2006-03-24 20:30 2,391 ----a-w C:\Documents and Settings\jamie\qbbackup.sys
2006-03-24 20:25 823,296 ----a-w C:\Documents and Settings\jamie\EfpOfxGen.DLL
2006-03-24 20:25 299,008 ----a-w C:\Documents and Settings\jamie\EfpOfxDao.DLL
2006-03-24 19:59 10,108 ----a-w C:\Documents and Settings\jamie\reboot.bat
2003-10-25 21:20 795,568 ----a-w C:\Documents and Settings\jamie\ecredit.dll
2003-10-25 21:20 316,336 ----a-w C:\Documents and Settings\jamie\qbprefs.dll
2003-10-25 21:20 2,700,208 ----a-w C:\Documents and Settings\jamie\qbw32.exe
2003-10-25 21:20 160,696 ----a-w C:\Documents and Settings\jamie\NAAuthTool.dll
2003-10-25 09:04 974,848 ----a-w C:\Documents and Settings\jamie\QBSetupUtil.dll
2003-10-25 09:04 917,504 ----a-w C:\Documents and Settings\jamie\Prefs.dll
2003-10-25 09:04 905,216 ----a-w C:\Documents and Settings\jamie\qbform32.DLL
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\StatusRequestHandler.dll
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\ShoeBox.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxmlrp.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxladin.dll
2003-10-25 09:04 774,144 ----a-w C:\Documents and Settings\jamie\Qbconv32.dll
2003-10-25 09:04 729,088 ----a-w C:\Documents and Settings\jamie\AppCore.dll
2003-10-25 09:04 720,896 ----a-w C:\Documents and Settings\jamie\txncore.dll
2003-10-25 09:04 7,680 ----a-w C:\Documents and Settings\jamie\qbmfct32.dll
2003-10-25 09:04 69,685 ----a-w C:\Documents and Settings\jamie\QBConnectorBridge.dll
2003-10-25 09:04 684,032 ----a-w C:\Documents and Settings\jamie\Qbstyl32.dll
2003-10-25 09:04 581,632 ----a-w C:\Documents and Settings\jamie\skucore.dll
2003-10-25 09:04 540,672 ----a-w C:\Documents and Settings\jamie\qbbrow32.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\TaxAlertsECL.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\featuremgr.dll
2003-10-25 09:04 520,192 ----a-w C:\Documents and Settings\jamie\QBSDKNotify.dll
2003-10-25 09:04 495,616 ----a-w C:\Documents and Settings\jamie\tracking.dll
2003-10-25 09:04 49,152 ----a-w C:\Documents and Settings\jamie\PM.DLL
2003-10-25 09:04 413,696 ----a-w C:\Documents and Settings\jamie\qbmsintg.dll
2003-10-25 09:04 4,886,528 ----a-w C:\Documents and Settings\jamie\payres.dll
2003-10-25 09:04 4,386,816 ----a-w C:\Documents and Settings\jamie\qbwfls32.dll
2003-10-25 09:04 385,024 ----a-w C:\Documents and Settings\jamie\Qbwpr32.dll
2003-10-25 09:04 36,864 ----a-w C:\Documents and Settings\jamie\excelpayrolldatasource.dll
2003-10-25 09:04 356,352 ----a-w C:\Documents and Settings\jamie\payutil.dll
2003-10-25 09:04 352,256 ----a-w C:\Documents and Settings\jamie\sdkutil.dll
2003-10-25 09:04 331,776 ----a-w C:\Documents and Settings\jamie\ADR.DLL
2003-10-25 09:04 327,680 ----a-w C:\Documents and Settings\jamie\qbinstal.dll
2003-10-25 09:04 323,584 ----a-w C:\Documents and Settings\jamie\Qbqwut32.dll
2003-10-25 09:04 315,392 ----a-w C:\Documents and Settings\jamie\SendError.dll
2003-10-25 09:04 307,200 ----a-w C:\Documents and Settings\jamie\tiupload.dll
2003-10-25 09:04 3,584,000 ----a-w C:\Documents and Settings\jamie\Qbwin32.dll
2003-10-25 09:04 3,473,408 ----a-w C:\Documents and Settings\jamie\sdkdatabind.dll
2003-10-25 09:04 3,420,160 ----a-w C:\Documents and Settings\jamie\Qbwrpt32.dll
2003-10-25 09:04 3,211,264 ----a-w C:\Documents and Settings\jamie\sdkqbimpl.dll
2003-10-25 09:04 294,912 ----a-w C:\Documents and Settings\jamie\qbot.dll
2003-10-25 09:04 28,718 ----a-w C:\Documents and Settings\jamie\QBCMIAddin.dll
2003-10-25 09:04 278,528 ----a-w C:\Documents and Settings\jamie\ElCore.dll
2003-10-25 09:04 270,336 ----a-w C:\Documents and Settings\jamie\SendForms.dll
2003-10-25 09:04 25,088 ----a-w C:\Documents and Settings\jamie\sdkevent.dll
2003-10-25 09:04 225,280 ----a-w C:\Documents and Settings\jamie\payxsgen.dll
2003-10-25 09:04 204,849 ----a-w C:\Documents and Settings\jamie\QBSetupWizard.dll
2003-10-25 09:04 204,800 ----a-w C:\Documents and Settings\jamie\MsgDBAddin.dll
2003-10-25 09:04 2,306,048 ----a-w C:\Documents and Settings\jamie\Features.dll
2003-10-25 09:04 2,215,936 ----a-w C:\Documents and Settings\jamie\Qbonli32.dll
.
Code:
----a-w            69,632 2007-12-31 13:41:06  C:\Program Files\Common Files\Dell\EUSW\Support .exe
----a-w           180,269 2007-12-31 13:41:27  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           155,648 2007-12-31 13:41:01  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           204,800 2007-12-31 13:41:05  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w            36,864 2007-12-31 13:41:09  C:\Program Files\hp LaserJet 1000\fwdl .exe
----a-w           221,184 2007-12-31 13:40:59  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           257,088 2007-12-31 13:41:37  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-31 13:41:49  C:\Program Files\Messenger\msmsgs .exe
----a-w         1,460,560 2007-12-28 14:31:39  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           866,584 2007-12-27 21:16:59  C:\Program Files\Windows Defender\MSASCui .exe
----a-w           212,992 2007-12-27 17:13:15  C:\WINDOWS\troy44 .exe
----a-w            35,840 2007-12-31 13:41:41  C:\WINDOWS\winshow          .exe
----a-w            15,360 2007-12-28 14:30:13  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w            77,824 2007-12-31 13:41:17  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           114,688 2007-12-31 13:41:20  C:\WINDOWS\SYSTEM32\igfxpers .exe
----a-w            94,208 2007-12-31 13:41:13  C:\WINDOWS\SYSTEM32\igfxtray .exe

((((((((((((((((((((((((((((( [email protected]_ 9.10.52.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 16:04:54 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-31 14:09:18 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-11-08 16:04:54 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-31 14:09:18 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ]
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"rock"="rock.exe" []
"xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"xqdwp"="C:\WINDOWS\system32\rrxvxiqpr.exe" [ ]
"tutcdchk2"="c:\windows\system32\tutcdchk2.exe" [ ]

C:\Documents and Settings\jamie\Start Menu\Programs\Startup\
Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-27 11:25:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{895fb503-53c3-11db-9c9b-000cf1df667d}]
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-06-22 11:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-01-02 11:40:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 11:41:54
ComboFix-quarantined-files.txt 2008-01-02 16:41:21
ComboFix2.txt 2007-12-31 14:11:09
.
2007-12-20 19:15:03 --- E O F ---




ComboFix 08-01-02.1 - jamie 2008-01-04 11:32:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.238 [GMT -5:00]
Running from: C:\Documents and Settings\jamie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jamie\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\jamie\Start Menu\Programs\Startup\Spruce - Auto Update.lnk
C:\Program Files\secure32.html.tcf
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\mrofinu77.exe.tmp
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\Help.ico
C:\WINDOWS\SYSTEM32\jpewocmz.ini
C:\WINDOWS\SYSTEM32\OLD76.tmp
C:\WINDOWS\SYSTEM32\pavas.ico
C:\WINDOWS\SYSTEM32\Uninstall.ico
C:\WINDOWS\troy44 .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\jamie\Start Menu\Programs\Startup\Spruce - Auto Update.lnk
C:\Program Files\secure32.html.tcf
C:\Temp
C:\Temp\cEeer12\skAt.log
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\mrofinu77.exe.tmp
C:\WINDOWS\SmFtaWVT
C:\WINDOWS\SYSTEM32\ardCo02
C:\WINDOWS\SYSTEM32\bbc9
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\dj2
C:\WINDOWS\SYSTEM32\Help.ico
C:\WINDOWS\SYSTEM32\jpewocmz.ini
C:\WINDOWS\SYSTEM32\OLD76.tmp
C:\WINDOWS\SYSTEM32\pavas.ico
C:\WINDOWS\SYSTEM32\to9
C:\WINDOWS\SYSTEM32\Uninstall.ico
C:\WINDOWS\troy44 .exe
C:\WINDOWS\winshow .exe

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2007-12-31 08:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-28 11:45 . 2007-12-28 11:45 <DIR> d-------- C:\Deckard
2007-12-28 10:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-28 10:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bwivqljpuvbd.sys
2007-12-28 10:06 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-27 16:35 . 2007-12-27 16:50 3,280 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-27 16:27 . 2007-12-27 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01 . 2007-12-28 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 11:26 . 2007-12-27 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-10 12:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 16:30 --------- d-----w C:\Program Files\Windows Defender
2008-01-04 16:30 --------- d-----w C:\Program Files\iTunes
2008-01-04 16:30 --------- d-----w C:\Program Files\hp LaserJet 1000
2007-12-31 13:59 --------- d-----w C:\Program Files\QuickTime
2007-12-28 16:12 --------- d-----w C:\Program Files\Google
2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 20:32 --------- d-----w C:\Program Files\RegistryFix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 17:27 --------- d-----w C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-08 16:11 --------- d-----w C:\Program Files\AutoCAD LT 2006
2007-11-08 16:11 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2006-03-25 00:38 147,456 ----a-w C:\Documents and Settings\jamie\mbpopup.dll
2006-03-24 21:12 49 ----a-w C:\Documents and Settings\jamie\MktPatchT.bat
2006-03-24 21:12 36,864 ----a-w C:\Documents and Settings\jamie\VersAct.dll
2006-03-24 20:30 2,391 ----a-w C:\Documents and Settings\jamie\qbbackup.sys
2006-03-24 20:25 823,296 ----a-w C:\Documents and Settings\jamie\EfpOfxGen.DLL
2006-03-24 20:25 299,008 ----a-w C:\Documents and Settings\jamie\EfpOfxDao.DLL
2006-03-24 19:59 10,108 ----a-w C:\Documents and Settings\jamie\reboot.bat
2003-10-25 21:20 795,568 ----a-w C:\Documents and Settings\jamie\ecredit.dll
2003-10-25 21:20 316,336 ----a-w C:\Documents and Settings\jamie\qbprefs.dll
2003-10-25 21:20 2,700,208 ----a-w C:\Documents and Settings\jamie\qbw32.exe
2003-10-25 21:20 160,696 ----a-w C:\Documents and Settings\jamie\NAAuthTool.dll
2003-10-25 09:04 974,848 ----a-w C:\Documents and Settings\jamie\QBSetupUtil.dll
2003-10-25 09:04 917,504 ----a-w C:\Documents and Settings\jamie\Prefs.dll
2003-10-25 09:04 905,216 ----a-w C:\Documents and Settings\jamie\qbform32.DLL
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\StatusRequestHandler.dll
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\ShoeBox.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxmlrp.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxladin.dll
2003-10-25 09:04 774,144 ----a-w C:\Documents and Settings\jamie\Qbconv32.dll
2003-10-25 09:04 729,088 ----a-w C:\Documents and Settings\jamie\AppCore.dll
2003-10-25 09:04 720,896 ----a-w C:\Documents and Settings\jamie\txncore.dll
2003-10-25 09:04 7,680 ----a-w C:\Documents and Settings\jamie\qbmfct32.dll
2003-10-25 09:04 69,685 ----a-w C:\Documents and Settings\jamie\QBConnectorBridge.dll
2003-10-25 09:04 684,032 ----a-w C:\Documents and Settings\jamie\Qbstyl32.dll
2003-10-25 09:04 581,632 ----a-w C:\Documents and Settings\jamie\skucore.dll
2003-10-25 09:04 540,672 ----a-w C:\Documents and Settings\jamie\qbbrow32.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\TaxAlertsECL.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\featuremgr.dll
2003-10-25 09:04 520,192 ----a-w C:\Documents and Settings\jamie\QBSDKNotify.dll
2003-10-25 09:04 495,616 ----a-w C:\Documents and Settings\jamie\tracking.dll
2003-10-25 09:04 49,152 ----a-w C:\Documents and Settings\jamie\PM.DLL
2003-10-25 09:04 413,696 ----a-w C:\Documents and Settings\jamie\qbmsintg.dll
2003-10-25 09:04 4,886,528 ----a-w C:\Documents and Settings\jamie\payres.dll
2003-10-25 09:04 4,386,816 ----a-w C:\Documents and Settings\jamie\qbwfls32.dll
2003-10-25 09:04 385,024 ----a-w C:\Documents and Settings\jamie\Qbwpr32.dll
2003-10-25 09:04 36,864 ----a-w C:\Documents and Settings\jamie\excelpayrolldatasource.dll
2003-10-25 09:04 356,352 ----a-w C:\Documents and Settings\jamie\payutil.dll
2003-10-25 09:04 352,256 ----a-w C:\Documents and Settings\jamie\sdkutil.dll
2003-10-25 09:04 331,776 ----a-w C:\Documents and Settings\jamie\ADR.DLL
2003-10-25 09:04 327,680 ----a-w C:\Documents and Settings\jamie\qbinstal.dll
2003-10-25 09:04 323,584 ----a-w C:\Documents and Settings\jamie\Qbqwut32.dll
2003-10-25 09:04 315,392 ----a-w C:\Documents and Settings\jamie\SendError.dll
2003-10-25 09:04 307,200 ----a-w C:\Documents and Settings\jamie\tiupload.dll
2003-10-25 09:04 3,584,000 ----a-w C:\Documents and Settings\jamie\Qbwin32.dll
2003-10-25 09:04 3,473,408 ----a-w C:\Documents and Settings\jamie\sdkdatabind.dll
2003-10-25 09:04 3,420,160 ----a-w C:\Documents and Settings\jamie\Qbwrpt32.dll
2003-10-25 09:04 3,211,264 ----a-w C:\Documents and Settings\jamie\sdkqbimpl.dll
2003-10-25 09:04 294,912 ----a-w C:\Documents and Settings\jamie\qbot.dll
2003-10-25 09:04 28,718 ----a-w C:\Documents and Settings\jamie\QBCMIAddin.dll
2003-10-25 09:04 278,528 ----a-w C:\Documents and Settings\jamie\ElCore.dll
2003-10-25 09:04 270,336 ----a-w C:\Documents and Settings\jamie\SendForms.dll
2003-10-25 09:04 25,088 ----a-w C:\Documents and Settings\jamie\sdkevent.dll
2003-10-25 09:04 225,280 ----a-w C:\Documents and Settings\jamie\payxsgen.dll
2003-10-25 09:04 204,849 ----a-w C:\Documents and Settings\jamie\QBSetupWizard.dll
2003-10-25 09:04 204,800 ----a-w C:\Documents and Settings\jamie\MsgDBAddin.dll
2003-10-25 09:04 2,306,048 ----a-w C:\Documents and Settings\jamie\Features.dll
2003-10-25 09:04 2,215,936 ----a-w C:\Documents and Settings\jamie\Qbonli32.dll
2003-10-25 09:04 2,031,616 ----a-w C:\Documents and Settings\jamie\qboesd32.dll
.

((((((((((((((((((((((((((((( [email protected]_ 9.10.52.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 16:04:54 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-31 14:09:18 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-11-08 16:04:54 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-31 14:09:18 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ]
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]


.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 11:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-01-04 11:33:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 11:34:28
ComboFix-quarantined-files.txt 2008-01-04 16:33:55
ComboFix2.txt 2007-12-31 14:11:09
.
2007-12-20 19:15:03 --- E O F ---




ComboFix 08-01-02.1 - jamie 2008-01-04 11:32:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.238 [GMT -5:00]
Running from: C:\Documents and Settings\jamie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jamie\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\jamie\Start Menu\Programs\Startup\Spruce - Auto Update.lnk
C:\Program Files\secure32.html.tcf
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\mrofinu77.exe.tmp
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\Help.ico
C:\WINDOWS\SYSTEM32\jpewocmz.ini
C:\WINDOWS\SYSTEM32\OLD76.tmp
C:\WINDOWS\SYSTEM32\pavas.ico
C:\WINDOWS\SYSTEM32\Uninstall.ico
C:\WINDOWS\troy44 .exe
C:\WINDOWS\winshow .exe
C:\WINDOWS\winshow .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\jamie\Start Menu\Programs\Startup\Spruce - Auto Update.lnk
C:\Program Files\secure32.html.tcf
C:\Temp
C:\Temp\cEeer12\skAt.log
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\mrofinu77.exe.tmp
C:\WINDOWS\SmFtaWVT
C:\WINDOWS\SYSTEM32\ardCo02
C:\WINDOWS\SYSTEM32\bbc9
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\dj2
C:\WINDOWS\SYSTEM32\Help.ico
C:\WINDOWS\SYSTEM32\jpewocmz.ini
C:\WINDOWS\SYSTEM32\OLD76.tmp
C:\WINDOWS\SYSTEM32\pavas.ico
C:\WINDOWS\SYSTEM32\to9
C:\WINDOWS\SYSTEM32\Uninstall.ico
C:\WINDOWS\troy44 .exe
C:\WINDOWS\winshow .exe

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2007-12-31 08:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-28 11:45 . 2007-12-28 11:45 <DIR> d-------- C:\Deckard
2007-12-28 10:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-28 10:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bwivqljpuvbd.sys
2007-12-28 10:06 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-27 16:35 . 2007-12-27 16:50 3,280 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-27 16:27 . 2007-12-27 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01 . 2007-12-28 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 11:26 . 2007-12-27 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-10 12:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 16:30 --------- d-----w C:\Program Files\Windows Defender
2008-01-04 16:30 --------- d-----w C:\Program Files\iTunes
2008-01-04 16:30 --------- d-----w C:\Program Files\hp LaserJet 1000
2007-12-31 13:59 --------- d-----w C:\Program Files\QuickTime
2007-12-28 16:12 --------- d-----w C:\Program Files\Google
2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 20:32 --------- d-----w C:\Program Files\RegistryFix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 17:27 --------- d-----w C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-08 16:11 --------- d-----w C:\Program Files\AutoCAD LT 2006
2007-11-08 16:11 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2006-03-25 00:38 147,456 ----a-w C:\Documents and Settings\jamie\mbpopup.dll
2006-03-24 21:12 49 ----a-w C:\Documents and Settings\jamie\MktPatchT.bat
2006-03-24 21:12 36,864 ----a-w C:\Documents and Settings\jamie\VersAct.dll
2006-03-24 20:30 2,391 ----a-w C:\Documents and Settings\jamie\qbbackup.sys
2006-03-24 20:25 823,296 ----a-w C:\Documents and Settings\jamie\EfpOfxGen.DLL
2006-03-24 20:25 299,008 ----a-w C:\Documents and Settings\jamie\EfpOfxDao.DLL
2006-03-24 19:59 10,108 ----a-w C:\Documents and Settings\jamie\reboot.bat
2003-10-25 21:20 795,568 ----a-w C:\Documents and Settings\jamie\ecredit.dll
2003-10-25 21:20 316,336 ----a-w C:\Documents and Settings\jamie\qbprefs.dll
2003-10-25 21:20 2,700,208 ----a-w C:\Documents and Settings\jamie\qbw32.exe
2003-10-25 21:20 160,696 ----a-w C:\Documents and Settings\jamie\NAAuthTool.dll
2003-10-25 09:04 974,848 ----a-w C:\Documents and Settings\jamie\QBSetupUtil.dll
2003-10-25 09:04 917,504 ----a-w C:\Documents and Settings\jamie\Prefs.dll
2003-10-25 09:04 905,216 ----a-w C:\Documents and Settings\jamie\qbform32.DLL
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\StatusRequestHandler.dll
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\ShoeBox.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxmlrp.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxladin.dll
2003-10-25 09:04 774,144 ----a-w C:\Documents and Settings\jamie\Qbconv32.dll
2003-10-25 09:04 729,088 ----a-w C:\Documents and Settings\jamie\AppCore.dll
2003-10-25 09:04 720,896 ----a-w C:\Documents and Settings\jamie\txncore.dll
2003-10-25 09:04 7,680 ----a-w C:\Documents and Settings\jamie\qbmfct32.dll
2003-10-25 09:04 69,685 ----a-w C:\Documents and Settings\jamie\QBConnectorBridge.dll
2003-10-25 09:04 684,032 ----a-w C:\Documents and Settings\jamie\Qbstyl32.dll
2003-10-25 09:04 581,632 ----a-w C:\Documents and Settings\jamie\skucore.dll
2003-10-25 09:04 540,672 ----a-w C:\Documents and Settings\jamie\qbbrow32.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\TaxAlertsECL.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\featuremgr.dll
2003-10-25 09:04 520,192 ----a-w C:\Documents and Settings\jamie\QBSDKNotify.dll
2003-10-25 09:04 495,616 ----a-w C:\Documents and Settings\jamie\tracking.dll
2003-10-25 09:04 49,152 ----a-w C:\Documents and Settings\jamie\PM.DLL
2003-10-25 09:04 413,696 ----a-w C:\Documents and Settings\jamie\qbmsintg.dll
2003-10-25 09:04 4,886,528 ----a-w C:\Documents and Settings\jamie\payres.dll
2003-10-25 09:04 4,386,816 ----a-w C:\Documents and Settings\jamie\qbwfls32.dll
2003-10-25 09:04 385,024 ----a-w C:\Documents and Settings\jamie\Qbwpr32.dll
2003-10-25 09:04 36,864 ----a-w C:\Documents and Settings\jamie\excelpayrolldatasource.dll
2003-10-25 09:04 356,352 ----a-w C:\Documents and Settings\jamie\payutil.dll
2003-10-25 09:04 352,256 ----a-w C:\Documents and Settings\jamie\sdkutil.dll
2003-10-25 09:04 331,776 ----a-w C:\Documents and Settings\jamie\ADR.DLL
2003-10-25 09:04 327,680 ----a-w C:\Documents and Settings\jamie\qbinstal.dll
2003-10-25 09:04 323,584 ----a-w C:\Documents and Settings\jamie\Qbqwut32.dll
2003-10-25 09:04 315,392 ----a-w C:\Documents and Settings\jamie\SendError.dll
2003-10-25 09:04 307,200 ----a-w C:\Documents and Settings\jamie\tiupload.dll
2003-10-25 09:04 3,584,000 ----a-w C:\Documents and Settings\jamie\Qbwin32.dll
2003-10-25 09:04 3,473,408 ----a-w C:\Documents and Settings\jamie\sdkdatabind.dll
2003-10-25 09:04 3,420,160 ----a-w C:\Documents and Settings\jamie\Qbwrpt32.dll
2003-10-25 09:04 3,211,264 ----a-w C:\Documents and Settings\jamie\sdkqbimpl.dll
2003-10-25 09:04 294,912 ----a-w C:\Documents and Settings\jamie\qbot.dll
2003-10-25 09:04 28,718 ----a-w C:\Documents and Settings\jamie\QBCMIAddin.dll
2003-10-25 09:04 278,528 ----a-w C:\Documents and Settings\jamie\ElCore.dll
2003-10-25 09:04 270,336 ----a-w C:\Documents and Settings\jamie\SendForms.dll
2003-10-25 09:04 25,088 ----a-w C:\Documents and Settings\jamie\sdkevent.dll
2003-10-25 09:04 225,280 ----a-w C:\Documents and Settings\jamie\payxsgen.dll
2003-10-25 09:04 204,849 ----a-w C:\Documents and Settings\jamie\QBSetupWizard.dll
2003-10-25 09:04 204,800 ----a-w C:\Documents and Settings\jamie\MsgDBAddin.dll
2003-10-25 09:04 2,306,048 ----a-w C:\Documents and Settings\jamie\Features.dll
2003-10-25 09:04 2,215,936 ----a-w C:\Documents and Settings\jamie\Qbonli32.dll
2003-10-25 09:04 2,031,616 ----a-w C:\Documents and Settings\jamie\qboesd32.dll
.

((((((((((((((((((((((((((((( [email protected]_ 9.10.52.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 16:04:54 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-31 14:09:18 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-11-08 16:04:54 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-31 14:09:18 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ]
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]


.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 11:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-01-04 11:33:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 11:34:28
ComboFix-quarantined-files.txt 2008-01-04 16:33:55
ComboFix2.txt 2007-12-31 14:11:09
.
2007-12-20 19:15:03 --- E O F ---
weyoder is offline  
Old 01-04-2008, 11:29 AM   #13
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



I think I accidently pasted two of the same log. Here is the Kaspersky log:

Kaspersky Online ScannerWelcome to the Kaspersky Online Scanner! Use it to
scan your PC for viruses and other malware for free
Warning: if you have installed Kaspersky Online Scanner Pro, please
manually uninstall it using "Add/Remove Programs" before installing this
version! Otherwise this version will not function correctly.

Benefits:


Kaspersky Anti-Virus exceptional detection rates and thorough scanning
Hourly AV database updates available each time the Online Scanner is
launched
Heuristic analysis to detect unknown viruses
Simple installation (just click on a link)

Requirements and limitations:


When using this service for the first time, you have to run with
Administrator privileges in order to install the product. Also, you will
need to download and install files about 400 KB in size followed by 9 MB
of virus definitions.
However, if you use the Online Scanner again, you will only need to
download the files that have been updated since your last scan.
The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX
technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner
work only with MS Internet Explorer 6.0 or higher.
We cannot guarantee that the Online Scanner will function correctly if you
are using any other browser or any Internet Explorer extensions (such as
AvantBrowser). If you use a different browser, you can use the Kaspersky
File Scanner to scan individual files.
The free Kaspersky Online Scanner does not scan boot sectors and MBRs, so
it cannot detect malicious code located in these areas.
Please note: The free Kaspersky Online Scanner does not protect against
malicious code, and cannot prevent future infections. It only detects
malware that has already penetrated your computer. We strongly recommend
that you install a full antivirus solution to protect your system.

Privacy statement:

The Kaspersky Online Scanner will collect information about the malicious
programs found on your computer during the scanning process. The
information will be sent to the Kaspersky Virus Lab for statistical
purposes. No personal information about you or specific information about
your system will be collected or transmitted to Kaspersky Lab.











Select: All, None, Suspicious Selected objects: 0




Scan settings:
Here you can configure the scanning process.

Scan using the following antivirus database:
standard - detect viruses, worms, Trojans,
rootkits
extended - protect your computer from Spyware,
adware, dialers and potentially dangerous
software such as remote access utilities, prank
programs and jokes. We do not recommend this
option to beginners or inexperienced users.

Scan options:
Scan Archives - scan files inside archives
Note: affects all targets except 'A
File...' scan target.
Scan Mail Bases - scan e-mails/attachments
inside mail base files
Note: affects all targets except 'My
Email' and 'A File...' scan targets.







Initialize Kaspersky Online Scanner
(downloading and installing Kaspersky Online
Scanner ActiveX from the server into your
computer)





Update Kaspersky Anti-Virus Databases [100%]:
(downloading and installing the latest Kaspersky
Anti-Virus Databases)





Please wait to update the virus definitions...
Downloading from url:
https://downloads2.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: kavset.xml
Downloading remote file: soft.xml
Downloading remote file: updcfg.xml
Downloading remote file: kernel.avc
Downloading remote file: krnunp.avc
Downloading remote file: krnexe.avc
Downloading remote file: krnmacro.avc
Downloading remote file: krnjava.avc
Downloading remote file: krndos.avc
Downloading remote file: krn001.avc
Downloading remote file: krn002.avc
Downloading remote file: krn003.avc
Downloading remote file: krn004.avc
Downloading remote file: krn005.avc
Downloading remote file: krnexe32.avc
Downloading remote file: krnengn.avc
Downloading remote file: smart.avc
Downloading remote file: ocr.avc
Downloading remote file: chuka.avc
Downloading remote file: fa001.avc
Downloading remote file: base001c.avc
Downloading remote file: base002c.avc
Downloading remote file: base003c.avc
Downloading remote file: base004c.avc
Downloading remote file: base005c.avc
Downloading remote file: base006c.avc
Downloading remote file: base007c.avc
Downloading remote file: base008c.avc
Downloading remote file: base009c.avc
Downloading remote file: base010c.avc
Downloading remote file: base011c.avc
Downloading remote file: base012c.avc
Downloading remote file: base013c.avc
Downloading remote file: base014c.avc
Downloading remote file: base015c.avc
Downloading remote file: base016c.avc
Downloading remote file: base017c.avc
Downloading remote file: base018c.avc
Downloading remote file: base019c.avc
Downloading remote file: base020c.avc
Downloading remote file: base021c.avc
Downloading remote file: base022c.avc
Downloading remote file: base023c.avc
Downloading remote file: base024c.avc
Downloading remote file: base025c.avc
Downloading remote file: base026c.avc
Downloading remote file: base027c.avc
Downloading remote file: base028c.avc
Downloading remote file: base029c.avc
Downloading remote file: base030c.avc
Downloading remote file: base031c.avc
Downloading remote file: base032c.avc
Downloading remote file: base033c.avc
Downloading remote file: base034c.avc
Downloading remote file: base035c.avc
Downloading remote file: base036c.avc
Downloading remote file: base037c.avc
Downloading remote file: base038c.avc
Downloading remote file: base039c.avc
Downloading remote file: base040c.avc
Downloading remote file: base041c.avc
Downloading remote file: base042c.avc
Downloading remote file: base043c.avc
Downloading remote file: base044c.avc
Downloading remote file: base045c.avc
Downloading remote file: base046c.avc
Downloading remote file: base047c.avc
Downloading remote file: base048c.avc
Downloading remote file: base049c.avc
Downloading remote file: base050c.avc
Downloading remote file: base051c.avc
Downloading remote file: base052c.avc
Downloading remote file: base053c.avc
Downloading remote file: base054c.avc
Downloading remote file: base055c.avc
Downloading remote file: base056c.avc
Downloading remote file: base057c.avc
Downloading remote file: base058c.avc
Downloading remote file: base059c.avc
Downloading remote file: base060c.avc
Downloading remote file: base061c.avc
Downloading remote file: base062c.avc
Downloading remote file: base063c.avc
Downloading remote file: base064c.avc
Downloading remote file: base065c.avc
Downloading remote file: base066c.avc
Downloading remote file: base067c.avc
Downloading remote file: base068c.avc
Downloading remote file: base069c.avc
Downloading remote file: base070c.avc
Downloading remote file: base071c.avc
Downloading remote file: base072c.avc
Downloading remote file: base073c.avc
Downloading remote file: base074c.avc
Downloading remote file: base075c.avc
Downloading remote file: base076c.avc
Downloading remote file: base077c.avc
Downloading remote file: base078c.avc
Downloading remote file: base079c.avc
Downloading remote file: dailyc.avc
Downloading remote file: ext001c.avc
Downloading remote file: ext002c.avc
Downloading remote file: ext003c.avc
Downloading remote file: ext004c.avc
Downloading remote file: ext005c.avc
Downloading remote file: ext006c.avc
Downloading remote file: ext007c.avc
Downloading remote file: ext008c.avc
Downloading remote file: daily-ec.avc
Downloading remote file: base001.avc
Downloading remote file: base002.avc
Downloading remote file: base003.avc
Downloading remote file: base004.avc
Downloading remote file: base005.avc
Downloading remote file: base006.avc
Downloading remote file: base007.avc
Downloading remote file: base008.avc
Downloading remote file: base009.avc
Downloading remote file: base010.avc
Downloading remote file: base011.avc
Downloading remote file: base012.avc
Downloading remote file: base013.avc
Downloading remote file: base014.avc
Downloading remote file: base015.avc
Downloading remote file: base016.avc
Downloading remote file: base017.avc
Downloading remote file: base018.avc
Downloading remote file: base019.avc
Downloading remote file: base020.avc
Downloading remote file: base021.avc
Downloading remote file: base022.avc
Downloading remote file: base023.avc
Downloading remote file: base024.avc
Downloading remote file: base025.avc
Downloading remote file: base026.avc
Downloading remote file: base027.avc
Downloading remote file: base028.avc
Downloading remote file: base029.avc
Downloading remote file: base030.avc
Downloading remote file: base031.avc
Downloading remote file: base032.avc
Downloading remote file: base033.avc
Downloading remote file: base034.avc
Downloading remote file: base035.avc
Downloading remote file: base036.avc
Downloading remote file: base037.avc
Downloading remote file: base038.avc
Downloading remote file: base039.avc
Downloading remote file: base040.avc
Downloading remote file: base041.avc
Downloading remote file: base042.avc
Downloading remote file: base043.avc
Downloading remote file: base044.avc
Downloading remote file: base045.avc
Downloading remote file: base046.avc
Downloading remote file: base047.avc
Downloading remote file: base048.avc
Downloading remote file: base049.avc
Downloading remote file: base050.avc
Downloading remote file: base051.avc
Downloading remote file: base052.avc
Downloading remote file: base053.avc
Downloading remote file: base054.avc
Downloading remote file: base055.avc
Downloading remote file: base056.avc
Downloading remote file: base057.avc
Downloading remote file: base058.avc
Downloading remote file: base059.avc
Downloading remote file: base060.avc
Downloading remote file: base061.avc
Downloading remote file: base062.avc
Downloading remote file: base063.avc
Downloading remote file: base064.avc
Downloading remote file: base065.avc
Downloading remote file: base066.avc
Downloading remote file: base067.avc
Downloading remote file: base068.avc
Downloading remote file: base069.avc
Downloading remote file: base070.avc
Downloading remote file: base071.avc
Downloading remote file: base072.avc
Downloading remote file: base073.avc
Downloading remote file: base074.avc
Downloading remote file: base075.avc
Downloading remote file: base076.avc
Downloading remote file: base077.avc
Downloading remote file: base078.avc
Downloading remote file: base079.avc
Downloading remote file: base080.avc
Downloading remote file: base081.avc
Downloading remote file: base082.avc
Downloading remote file: base083.avc
Downloading remote file: base084.avc
Downloading remote file: base085.avc
Downloading remote file: base086.avc
Downloading remote file: base087.avc
Downloading remote file: base088.avc
Downloading remote file: base089.avc
Downloading remote file: base090.avc
Downloading remote file: base091.avc
Downloading remote file: base092.avc
Downloading remote file: base093.avc
Downloading remote file: base094.avc
Downloading remote file: base095.avc
Downloading remote file: base096.avc
Downloading remote file: base097.avc
Downloading remote file: base098.avc
Downloading remote file: base099.avc
Downloading remote file: base100.avc
Downloading remote file: base101.avc
Downloading remote file: base102.avc
Downloading remote file: base103.avc
Downloading remote file: base104.avc
Downloading remote file: base105.avc
Downloading remote file: base106.avc
Downloading remote file: base107.avc
Downloading remote file: base108.avc
Downloading remote file: base109.avc
Downloading remote file: base110.avc
Downloading remote file: base111.avc
Downloading remote file: base112.avc
Downloading remote file: base113.avc
Downloading remote file: base114.avc
Downloading remote file: base115.avc
Downloading remote file: base116.avc
Downloading remote file: base117.avc
Downloading remote file: base118.avc
Downloading remote file: base119.avc
Downloading remote file: base120.avc
Downloading remote file: base121.avc
Downloading remote file: base122.avc
Downloading remote file: base123.avc
Downloading remote file: base124.avc
Downloading remote file: base125.avc
Downloading remote file: base126.avc
Downloading remote file: base127.avc
Downloading remote file: base128.avc
Downloading remote file: base129.avc
Downloading remote file: base130.avc
Downloading remote file: base131.avc
Downloading remote file: base132.avc
Downloading remote file: base133.avc
Downloading remote file: base134.avc
Downloading remote file: base135.avc
Downloading remote file: base136.avc
Downloading remote file: base137.avc
Downloading remote file: base138.avc
Downloading remote file: base139.avc
Downloading remote file: base140.avc
Downloading remote file: base141.avc
Downloading remote file: base142.avc
Downloading remote file: base143.avc
Downloading remote file: base144.avc
Downloading remote file: base145.avc
Downloading remote file: base146.avc
Downloading remote file: base147.avc
Downloading remote file: base148.avc
Downloading remote file: base149.avc
Downloading remote file: base150.avc
Downloading remote file: base151.avc
Downloading remote file: base152.avc
Downloading remote file: base153.avc
Downloading remote file: base154.avc
Downloading remote file: base155.avc
Downloading remote file: base156.avc
Downloading remote file: base157.avc
Downloading remote file: base158.avc
Downloading remote file: base159.avc
Downloading remote file: base160.avc
Downloading remote file: base161.avc
Downloading remote file: base162.avc
Downloading remote file: base999.avc
Downloading remote file: unp000.avc
Downloading remote file: unp001.avc
Downloading remote file: unp002.avc
Downloading remote file: unp003.avc
Downloading remote file: unp004.avc
Downloading remote file: unp005.avc
Downloading remote file: unp006.avc
Downloading remote file: unp007.avc
Downloading remote file: unp008.avc
Downloading remote file: unp009.avc
Downloading remote file: unp010.avc
Downloading remote file: unp011.avc
Downloading remote file: unp012.avc
Downloading remote file: unp013.avc
Downloading remote file: unp014.avc
Downloading remote file: unp015.avc
Downloading remote file: unp016.avc
Downloading remote file: unp017.avc
Downloading remote file: unp018.avc
Downloading remote file: unp019.avc
Downloading remote file: unp020.avc
Downloading remote file: unp021.avc
Downloading remote file: unp022.avc
Downloading remote file: unp023.avc
Downloading remote file: unp024.avc
Downloading remote file: unp025.avc
Downloading remote file: unp026.avc
Downloading remote file: unp027.avc
Downloading remote file: unp028.avc
Downloading remote file: unp029.avc
Downloading remote file: unp030.avc
Downloading remote file: unp031.avc
Downloading remote file: unp032.avc
Downloading remote file: unp033.avc
Downloading remote file: unp034.avc
Downloading remote file: unp035.avc
Downloading remote file: unp036.avc
Downloading remote file: unp037.avc
Downloading remote file: unp038.avc
Downloading remote file: unp039.avc
Downloading remote file: daily.avc
Downloading remote file: daily-ex.avc
Downloading remote file: urgent.avc
Downloading remote file: mail.avc
Downloading remote file: ext001.avc
Downloading remote file: ext002.avc
Downloading remote file: ext003.avc
Downloading remote file: ext004.avc
Downloading remote file: ext005.avc
Downloading remote file: ext006.avc
Downloading remote file: ext007.avc
Downloading remote file: ext008.avc
Downloading remote file: ext009.avc
Downloading remote file: ext999.avc
Downloading remote file: gen001.avc
Downloading remote file: gen002.avc
Downloading remote file: gen003.avc
Downloading remote file: gen004.avc
Downloading remote file: gen005.avc
Downloading remote file: gen999.avc
Downloading remote file: ca.avc
Downloading remote file: fa.avc
Downloading remote file: eicar.avc
Downloading remote file: verdicts.ini
Downloading remote file: engine.dt
Downloading remote file: engine.cfg
Downloading remote file: avcmhk5.mhk
Downloading remote file: black.lst
Downloading remote file: avp.set
Downloading remote file: avp_ext.set
Downloading remote file: avp_x.set
Downloading remote file: avp.vnd
Downloading remote file: avp.klb
Downloading remote file: soft.ver
Update finished. Ready to scan.
Next
Please select a target to scan:
You can configure the scanning process by
pressing "Scan Settings" button.



Critical Areas
scan critical areas of your hard disks
specified in %windir% and %tmp% system variables
Memory
scan disk modules of running processes
My Computer
scan all your hard and mapped disks
My Email
scan all your hard and mapped disks only for the
following extensions: *.PST; *.MSG; *.OST;
*.MDB; *.DBX; *.EML; *.MBS
Folders...
scan selected folders
A File...
scan a one file





Warning: The Kaspersky Online Scanner may not
run successfully while any other Anti-Virus
software is running. If you have Anti-Virus
software installed, please disable your AV
protection before running the Kaspersky Online
Scanner.
Selected target: My Computer
Source: A:\; C:\; M:\; R:\; S:\; U:\; Y:\;


Report is empty.
Please note: The free Kaspersky Online Scanner
does not provide comprehensive protection and
cannot prevent future infections. It only
detects malware that has already penetrated your
storage devices. We strongly recommend that you
use a fully-functional antivirus solution to
protect your computer at all times.

Please wait, this process may take a long time
depending on the selected target. If you want to
continue browsing, open a new window.

Scan Progress [45%]:







Total number of scanned objects:74577
Number of viruses found:26
Number of infected objects:419
Number of suspicious objects:4
Duration of the scan process:00:59:12
Stop Scan








Get a Free Trial


Buy Kaspersky Anti-Virus


Help


Virus Encyclopedia


Kaspersky Lab






Product Info
You have Kaspersky Online Scanner version 5.0.98.0
installed. The current anti-virus database was
released on 2008-01-04 and contains 502526
records.

System Info
Operating System: Microsoft Windows XP
Professional, Service Pack 2 (Build 2600)Please
wait while the Kaspersky Online Scanner is
initializing and updating...








Copyright (C) Kaspersky Lab 1997 - 2007
Portions Copyright (C) Lan Crypto
weyoder is offline  
Old 01-04-2008, 12:46 PM   #14
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



I believe there was a problem with the Kaspersky File I pasted into the previous post. Here is the correct one:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-04 15:46
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/01/2008
Kaspersky Anti-Virus database records: 502545
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
M:\
R:\
S:\
U:\
Y:\

Scan Statistics:
Total number of scanned objects: 74754
Number of viruses found: 26
Number of infected objects: 366
Number of suspicious objects: 4
Duration of the scan process: 01:03:34

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\20691\acexe.exe Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX36.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX3B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX3E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX40.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX41.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX43.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX46.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX47.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX4A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX4C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX4D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX4F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX50.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX52.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX53.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX55.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX58.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX5D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX60.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX62.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX65.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX72.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX75.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX7B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX87.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX8A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX8D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX90.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\20071231091319\backup\DOCUME~1\jamie\LOCALS~1\Temp\RCX96.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak14.zip/kvnab$.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak14.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak3.zip/wbeInst$.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-1dabbca-59c71ae8.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-41819583-78c3df14.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-4a350b78-68d7d17d.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-a8e31bf-6ba6bdb1.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\jamie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\History\History.IE5\MSHist012008010420080105\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DFEA28.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DFEA78.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jamie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jamie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\JamieS\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\JamieS\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\DOCUME~1\jamie\LOCALS~1\Temp\14310\explorer.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Documents and Settings\jamie\wn0032.exe.vir Infected: not-virus:Hoax.Win32.Renos.gk skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Dell\EUSW\Support.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Sonic\Update Manager\sgtray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Dell\Media Experience\PCMService.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\hp LaserJet 1000\fwdl.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Intel\Modem Event Monitor\IntelMEM.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\secure32.html.tcf.vir Infected: Trojan.Win32.Harnig.a skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Backdoor.Win32.Agobot.amp skipped
C:\QooBox\Quarantine\C\WINDOWS\fkwggshm.exe.vir Infected: Trojan.Win32.VB.azo skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu77.exe.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu77.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\egmulhxk.dll.vir Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hkcmd.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\igfxpers.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\igfxtray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lpcywinp.exe.vir Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\OLD76.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pmkjk.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX2B.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX31.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX34.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX35.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX37.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\winshow.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\catchme2007-12-31_ 90513.73.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped
C:\QooBox\Quarantine\catchme2007-12-31_ 90513.73.zip/mljkjkj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped
C:\QooBox\Quarantine\catchme2007-12-31_ 90513.73.zip/pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\QooBox\Quarantine\catchme2007-12-31_ 90513.73.zip ZIP: infected - 3 skipped
C:\secure32.html.tcf Infected: Trojan.Win32.Harnig.a skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP911\A0102109.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102119.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102121.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102122.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102138.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP912\A0102140.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102143.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102145.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102152.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102154.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102156.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102157.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102158.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102159.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102160.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102161.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102162.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102164.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102166.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102167.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102168.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102169.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102170.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102171.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102183.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102185.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102186.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102188.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102189.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102190.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102191.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102192.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102194.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102195.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102196.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102197.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102198.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102199.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102200.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102203.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102328.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102331.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102332.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102333.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102335.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102336.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102337.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102339.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102340.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102341.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102342.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102343.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102344.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102345.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102348.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102349.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102363.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102364.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP913\A0102365.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102370.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102399.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102401.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102403.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102404.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102405.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102406.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102407.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102408.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102409.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102410.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102411.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102412.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102413.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102414.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102415.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102431.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102439.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102439.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102440.exe Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102442.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102459.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102462.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102463.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102464.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102465.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102466.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102467.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102468.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102469.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102470.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102471.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102472.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102473.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102474.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP914\A0102491.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102515.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102521.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102523.exe Infected: Trojan.Win32.Agent.crf skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102528.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102532.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102533.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102534.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102535.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102536.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102537.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102538.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102539.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102541.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102542.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102543.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102544.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102547.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102548.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102550.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102586.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102596.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102598.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102600.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102601.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102602.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102603.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102604.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102605.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102606.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102607.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102608.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102610.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102611.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102612.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102613.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP915\A0102614.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102640.rbf Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102663.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102667.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102669.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102671.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102672.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102673.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102674.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102675.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102676.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102677.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102678.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102679.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102680.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102681.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102682.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102692.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102695.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102696.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102697.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102698.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102699.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102700.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102701.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102702.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102703.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102704.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102706.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102707.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102709.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102723.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102755.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102758.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102759.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102761.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102762.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102763.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102765.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102767.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102768.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102769.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102770.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102771.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102772.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102775.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102777.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102778.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102798.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102836.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102841.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102844.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102845.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102846.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102847.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102848.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102849.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102850.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102851.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102852.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102853.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102854.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102855.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102856.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102876.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102878.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP916\A0102879.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102900.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102909.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102912.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102913.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102914.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102915.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102916.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102917.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102918.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102919.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102921.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102923.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102925.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP917\A0102930.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102942.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102944.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102945.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102946.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102947.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102948.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102949.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102950.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102951.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102952.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102954.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP918\A0102955.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102958.exe Infected: not-virus:Hoax.Win32.Renos.gk skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102959.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102960.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102962.exe Infected: Backdoor.Win32.Agobot.amp skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102964.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102965.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102966.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102967.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102968.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102969.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102970.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102971.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102972.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102973.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102974.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102975.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102976.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102977.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102978.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102979.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102980.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102981.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102982.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102983.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102984.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102985.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102986.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102987.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102988.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102989.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102990.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102991.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102992.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102993.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102994.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102995.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102996.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102997.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102998.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0102999.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0103070.exe Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0103071.dll Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0103076.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP919\A0103077.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP923\A0103186.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP923\A0103193.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP923\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\0.8225672.exe Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\00003.SHD Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
S:\Job Index.xls Object is locked skipped

Scan process completed.
weyoder is offline  
Old 01-05-2008, 03:22 AM   #15
TSF Team, Emeritus
 
Join Date: Oct 2006
Posts: 4,582
OS: Vista



Hi,

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type clean.bat in the File name and save it to your desktop.

Code:
@echo off 
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in ( 
"C:\secure32.html.tcf"
"C:\WINDOWS\SYSTEM32\0.8225672.exe"
"C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-1dabbca-59c71ae8.class"
"C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-41819583-78c3df14.class"
"C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-4a350b78-68d7d17d.class"
"C:\Documents and Settings\jamie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-a8e31bf-6ba6bdb1.class"
"C:\WINDOWS\troy44 .exe"
"C:\WINDOWS\winshow          .exe"
"C:\WINDOWS\SYSTEM32\ctfmon .exe"
) do ( 
attrib -s -h -r %%g 
del /s/f/q %%g 
if exist %%g echo.%%g >>"%temp%\log.txt" 
)>nul 2>&1 

if exist "%temp%\log.txt" (start notepad "%temp%\log.txt" 
) else echo.Deleted Successfully! 
echo. 
pause 
del %0
Locate clean.bat on your Desktop and double-click on it. Tell me what it says.
____

On your next reply, please include a
  • Fresh HijackThis log.
  • A detailed description on how's your machine running.
  • results of clean.bat
Angelfire777 is offline  
Old 01-07-2008, 07:57 AM   #16
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



The computer appears to be running normal right now.

The clean.bat test resulted in a message that said "Deleted Successfully". The window then closed and the icon disappeared.



Deckard's System Scanner v20071014.68
Run by jamie on 2008-01-07 10:58:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-07 10:59:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\SYSTEM32\zstatus.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\SYSTEM32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Documents and Settings\jamie\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - https://walbridgehome.biz/pw/mpsPwLc7.CAB
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - https://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\Software\..\Telephony: DomainName = weyoderinc.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = weyoderinc.com
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe


--
End of file - 7042 bytes

-- Files created between 2007-12-07 and 2008-01-07 -----------------------------

2008-01-04 11:41:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-04 11:41:31 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-04 11:41:27 0 d-------- C:\WINDOWS\LastGood
2007-12-28 10:31:30 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; PandaŽ Antivirus>
2007-12-28 10:29:32 8576 --a------ C:\WINDOWS\system32\drivers\bwivqljpuvbd.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-28 1058 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-27 16:35:59 3280 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 16:27:55 0 d-------- C:\WINDOWS\system32\appmgmt
2007-12-27 16:27:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 11:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-10 12:01:35 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2008-01-04 11:30:12 0 d-------- C:\Program Files\Windows Defender
2008-01-04 11:30:12 0 d-------- C:\Program Files\Messenger
2008-01-04 11:30:11 0 d-------- C:\Program Files\iTunes
2008-01-04 11:30:11 0 d-------- C:\Program Files\hp LaserJet 1000
2007-12-31 09:01:45 0 d-------- C:\Program Files\Common Files
2007-12-31 08:59:16 0 d-------- C:\Program Files\QuickTime
2007-12-28 11:12:34 0 d-------- C:\Program Files\Google
2007-12-28 11:10:57 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-27 15:32:37 0 d-------- C:\Program Files\RegistryFix
2007-11-08 12:27:43 0 d-------- C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 11:11:56 0 d-------- C:\Program Files\AutoCAD LT 2006
2007-11-08 11:11:04 0 d-------- C:\Program Files\AnswerWorks 4.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" []
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" []
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" []
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\jamie\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 13:36:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
DESKTOP.INI [2002-09-03 13:36:04]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-01-07 10:59:30 ------------
weyoder is offline  
Old 01-07-2008, 09:03 AM   #17
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



Upon further review, the computer in question is receiving a high volume of pop up ads.
weyoder is offline  
Old 01-07-2008, 12:24 PM   #18
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



And upon further review, the pop ups are so bad that it slowed the computer down to the point that it needed to be shut down.
weyoder is offline  
Old 01-08-2008, 12:21 AM   #19
TSF Team, Emeritus
 
Join Date: Oct 2006
Posts: 4,582
OS: Vista



That doesn't seem right.

Please delete your current copy of combofix.exe

Download combofix.exe
  • Save it to your desktop.
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply
Note:
  • In case you already used Combofix previously, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • Do not post the ComboFix-quarantined-files.txt - unless I ask you to.
  • If your Antivirus software is detecting combofix or a part of it as a virus, please choose to ignore it as Antivirus products cannot determine the good/bad use of some softwares embedded in combofix.
______

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.
Angelfire777 is offline  
Old 01-08-2008, 07:00 AM   #20
Guest
 
Join Date: Dec 2007
Posts: 18
OS:



ComboFix 08-01-08.4 - jamie 2008-01-08 9:42:06.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.204 [GMT -5:00]
Running from: C:\Documents and Settings\jamie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 09:44 . 2008-01-08 09:44 <DIR> d-------- C:\Temp\tn3
2008-01-07 12:02 . 2008-01-08 09:30 <DIR> d-------- C:\Program Files\kernel
2008-01-07 11:58 . 2008-01-07 11:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\usmvt3
2008-01-07 11:58 . 2008-01-07 12:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\drivez4
2008-01-07 11:58 . 2008-01-07 11:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\comp2
2008-01-07 11:58 . 2008-01-07 11:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\cache3
2008-01-07 11:58 . 2008-01-07 11:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo01
2008-01-07 11:58 . 2008-01-07 11:58 <DIR> d-------- C:\Temp\cEeer12
2008-01-07 11:58 . 2008-01-08 09:44 <DIR> d-------- C:\Temp
2008-01-07 11:58 . 2008-01-07 11:58 86,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfaxx.sys
2008-01-07 11:58 . 2008-01-08 09:47 932 --------- C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-01-04 11:41 . 2008-01-04 11:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-04 11:41 . 2008-01-04 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-31 08:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-28 11:45 . 2007-12-28 11:45 <DIR> d-------- C:\Deckard
2007-12-28 10:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-28 10:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bwivqljpuvbd.sys
2007-12-28 10:06 . 2007-12-28 11:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-27 16:35 . 2007-12-27 16:50 3,280 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-27 16:27 . 2007-12-27 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 15:01 . 2007-12-28 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 11:26 . 2007-12-27 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-10 12:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 18:04 --------- d-----w C:\Program Files\Google
2008-01-04 16:30 --------- d-----w C:\Program Files\Windows Defender
2008-01-04 16:30 --------- d-----w C:\Program Files\iTunes
2008-01-04 16:30 --------- d-----w C:\Program Files\hp LaserJet 1000
2007-12-31 13:59 --------- d-----w C:\Program Files\QuickTime
2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 20:32 --------- d-----w C:\Program Files\RegistryFix
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 17:27 --------- d-----w C:\Documents and Settings\jamie\Application Data\Autodesk
2007-11-08 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-08 16:11 --------- d-----w C:\Program Files\AutoCAD LT 2006
2007-11-08 16:11 --------- d-----w C:\Program Files\AnswerWorks 4.0
2006-03-25 00:38 147,456 ----a-w C:\Documents and Settings\jamie\mbpopup.dll
2006-03-24 21:12 49 ----a-w C:\Documents and Settings\jamie\MktPatchT.bat
2006-03-24 21:12 36,864 ----a-w C:\Documents and Settings\jamie\VersAct.dll
2006-03-24 20:30 2,391 ----a-w C:\Documents and Settings\jamie\qbbackup.sys
2006-03-24 20:25 823,296 ----a-w C:\Documents and Settings\jamie\EfpOfxGen.DLL
2006-03-24 20:25 299,008 ----a-w C:\Documents and Settings\jamie\EfpOfxDao.DLL
2006-03-24 19:59 10,108 ----a-w C:\Documents and Settings\jamie\reboot.bat
2003-10-25 21:20 795,568 ----a-w C:\Documents and Settings\jamie\ecredit.dll
2003-10-25 21:20 316,336 ----a-w C:\Documents and Settings\jamie\qbprefs.dll
2003-10-25 21:20 2,700,208 ----a-w C:\Documents and Settings\jamie\qbw32.exe
2003-10-25 21:20 160,696 ----a-w C:\Documents and Settings\jamie\NAAuthTool.dll
2003-10-25 09:04 974,848 ----a-w C:\Documents and Settings\jamie\QBSetupUtil.dll
2003-10-25 09:04 917,504 ----a-w C:\Documents and Settings\jamie\Prefs.dll
2003-10-25 09:04 905,216 ----a-w C:\Documents and Settings\jamie\qbform32.DLL
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\StatusRequestHandler.dll
2003-10-25 09:04 90,112 ----a-w C:\Documents and Settings\jamie\ShoeBox.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxmlrp.dll
2003-10-25 09:04 81,920 ----a-w C:\Documents and Settings\jamie\qbxladin.dll
2003-10-25 09:04 774,144 ----a-w C:\Documents and Settings\jamie\Qbconv32.dll
2003-10-25 09:04 729,088 ----a-w C:\Documents and Settings\jamie\AppCore.dll
2003-10-25 09:04 720,896 ----a-w C:\Documents and Settings\jamie\txncore.dll
2003-10-25 09:04 7,680 ----a-w C:\Documents and Settings\jamie\qbmfct32.dll
2003-10-25 09:04 69,685 ----a-w C:\Documents and Settings\jamie\QBConnectorBridge.dll
2003-10-25 09:04 684,032 ----a-w C:\Documents and Settings\jamie\Qbstyl32.dll
2003-10-25 09:04 581,632 ----a-w C:\Documents and Settings\jamie\skucore.dll
2003-10-25 09:04 540,672 ----a-w C:\Documents and Settings\jamie\qbbrow32.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\TaxAlertsECL.dll
2003-10-25 09:04 53,248 ----a-w C:\Documents and Settings\jamie\featuremgr.dll
2003-10-25 09:04 520,192 ----a-w C:\Documents and Settings\jamie\QBSDKNotify.dll
2003-10-25 09:04 495,616 ----a-w C:\Documents and Settings\jamie\tracking.dll
2003-10-25 09:04 49,152 ----a-w C:\Documents and Settings\jamie\PM.DLL
2003-10-25 09:04 413,696 ----a-w C:\Documents and Settings\jamie\qbmsintg.dll
2003-10-25 09:04 4,886,528 ----a-w C:\Documents and Settings\jamie\payres.dll
2003-10-25 09:04 4,386,816 ----a-w C:\Documents and Settings\jamie\qbwfls32.dll
2003-10-25 09:04 385,024 ----a-w C:\Documents and Settings\jamie\Qbwpr32.dll
2003-10-25 09:04 36,864 ----a-w C:\Documents and Settings\jamie\excelpayrolldatasource.dll
2003-10-25 09:04 356,352 ----a-w C:\Documents and Settings\jamie\payutil.dll
2003-10-25 09:04 352,256 ----a-w C:\Documents and Settings\jamie\sdkutil.dll
2003-10-25 09:04 331,776 ----a-w C:\Documents and Settings\jamie\ADR.DLL
2003-10-25 09:04 327,680 ----a-w C:\Documents and Settings\jamie\qbinstal.dll
2003-10-25 09:04 323,584 ----a-w C:\Documents and Settings\jamie\Qbqwut32.dll
2003-10-25 09:04 315,392 ----a-w C:\Documents and Settings\jamie\SendError.dll
2003-10-25 09:04 307,200 ----a-w C:\Documents and Settings\jamie\tiupload.dll
2003-10-25 09:04 3,584,000 ----a-w C:\Documents and Settings\jamie\Qbwin32.dll
2003-10-25 09:04 3,473,408 ----a-w C:\Documents and Settings\jamie\sdkdatabind.dll
2003-10-25 09:04 3,420,160 ----a-w C:\Documents and Settings\jamie\Qbwrpt32.dll
2003-10-25 09:04 3,211,264 ----a-w C:\Documents and Settings\jamie\sdkqbimpl.dll
2003-10-25 09:04 294,912 ----a-w C:\Documents and Settings\jamie\qbot.dll
2003-10-25 09:04 28,718 ----a-w C:\Documents and Settings\jamie\QBCMIAddin.dll
2003-10-25 09:04 278,528 ----a-w C:\Documents and Settings\jamie\ElCore.dll
2003-10-25 09:04 270,336 ----a-w C:\Documents and Settings\jamie\SendForms.dll
2003-10-25 09:04 25,088 ----a-w C:\Documents and Settings\jamie\sdkevent.dll
2003-10-25 09:04 225,280 ----a-w C:\Documents and Settings\jamie\payxsgen.dll
2003-10-25 09:04 204,849 ----a-w C:\Documents and Settings\jamie\QBSetupWizard.dll
2003-10-25 09:04 204,800 ----a-w C:\Documents and Settings\jamie\MsgDBAddin.dll
2003-10-25 09:04 2,306,048 ----a-w C:\Documents and Settings\jamie\Features.dll
2003-10-25 09:04 2,215,936 ----a-w C:\Documents and Settings\jamie\Qbonli32.dll
2003-10-25 09:04 2,031,616 ----a-w C:\Documents and Settings\jamie\qboesd32.dll
2003-10-25 09:04 172,032 ----a-w C:\Documents and Settings\jamie\Utilities.dll
2003-10-25 09:04 172,032 ----a-w C:\Documents and Settings\jamie\Qba32.dll
2003-10-25 09:04 155,648 ----a-w C:\Documents and Settings\jamie\NetworkAdapterManager.dll
2003-10-25 09:04 143,360 ----a-w C:\Documents and Settings\jamie\RcvPmtRequestHandler.dll
2003-10-25 09:04 14,848 ----a-w C:\Documents and Settings\jamie\ESHELL.DLL
2003-10-25 09:04 139,264 ----a-w C:\Documents and Settings\jamie\QBSyncUI.dll
2003-10-25 09:04 135,168 ----a-w C:\Documents and Settings\jamie\qbci32.dll
2003-10-25 09:04 135,168 ----a-w C:\Documents and Settings\jamie\QBAttr32.dll
2003-10-25 09:04 122,880 ----a-w C:\Documents and Settings\jamie\sdkcore.dll
2003-10-25 09:04 114,688 ----a-w C:\Documents and Settings\jamie\Qbinbox.dll
2003-10-25 09:04 11,776 ----a-w C:\Documents and Settings\jamie\UM.DLL
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\QBSyncBridge.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\qbitools.DLL
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\PRLoader.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\merchantcard.dll
2003-10-25 09:04 106,496 ----a-w C:\Documents and Settings\jamie\icwrapper.dll
2003-10-25 09:04 1,724,416 ----a-w C:\Documents and Settings\jamie\TxnForm.dll
2003-10-25 09:04 1,687,552 ----a-w C:\Documents and Settings\jamie\Qbintr32.dll
2003-10-25 09:04 1,605,632 ----a-w C:\Documents and Settings\jamie\payserv.dll
2003-10-25 09:04 1,445,888 ----a-w C:\Documents and Settings\jamie\tej32.dll
2003-10-25 09:04 1,417,216 ----a-w C:\Documents and Settings\jamie\qbchao32.dll
2003-10-25 09:04 1,335,296 ----a-w C:\Documents and Settings\jamie\qblist32.DLL
2003-10-25 09:04 1,277,952 ----a-w C:\Documents and Settings\jamie\paycore.dll
2003-10-25 09:04 1,273,856 ----a-w C:\Documents and Settings\jamie\qbtool32.DLL
2003-10-25 09:04 1,224,704 ----a-w C:\Documents and Settings\jamie\qbtxn32.dll
2003-10-25 09:04 1,093,632 ----a-w C:\Documents and Settings\jamie\ui.dll
2003-10-25 09:03 544,768 ----a-w C:\Documents and Settings\jamie\ACE.DLL
2003-10-25 09:03 27,136 ----a-w C:\Documents and Settings\jamie\ACM.DLL
2003-10-25 09:03 1,114,112 ----a-w C:\Documents and Settings\jamie\ABMAPI.DLL
2003-10-25 08:35 483,328 ----a-w C:\Documents and Settings\jamie\Techhelp.exe
.

((((((((((((((((((((((((((((( [email protected]_ 9.10.52.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-20 22:49:26 32,768 ----a-w C:\WINDOWS\SYSTEM32\ardCo01\ardCo011065.exe
+ 2008-01-05 21:48:12 126,976 ----a-w C:\WINDOWS\SYSTEM32\cache3\vumpedll23.exe
+ 2007-08-14 22:22:50 25,105 ----a-w C:\WINDOWS\SYSTEM32\comp2\aroblcidr31z.exe
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-11-08 16:04:54 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-31 14:09:18 53,608 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-11-08 16:04:54 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-31 14:09:18 383,254 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-08-03 01:44:02 169,147 ----a-w C:\WINDOWS\SYSTEM32\usmvt3\gyreo83122.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Ncao"="C:\DOCUME~1\jamie\APPLIC~1\MANTEC~1\ntvdm.exe" [ ]
"Fjodky"="C:\Program Files\a?sembly\w?aclt.exe" [ ]
"kernel"="C:\Program Files\kernel\kernel.exe" [2008-01-08 09:11 61440]
"Router"="C:\Program Files\Router\Router.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ]
"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"avp"="C:\WINDOWS\avp .exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-07-20 13:31:51]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2004-04-22 08:13:12]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-03-24 14:59:13]

R1 ntmtlfaxx;ntmtlfaxx;C:\WINDOWS\system32\drivers\ntmtlfaxx.sys [2008-01-07 11:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 11:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-01-08 09:55:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 10:01:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 15:01:13
ComboFix2.txt 2008-01-04 16:34:29
ComboFix3.txt 2007-12-31 14:11:09
.
2007-12-20 19:15:03 --- E O F ---







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03, on 2008-01-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\kernel\kernel.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\jamie\APPLIC~1\MANTEC~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Fjodky] "C:\Program Files\a?sembly\w?aclt.exe"
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - https://walbridgehome.biz/pw/mpsPwLc7.CAB
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - https://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\Software\..\Telephony: DomainName = weyoderinc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = weyoderinc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = weyoderinc.com
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 6833 bytes
weyoder is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:29 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts