Tech Support Forum banner
Cancel

Slow computer...please help

4142 Views 45 Replies 2 Participants Last post by  shaferintl
S
Im not really an expert on computers, I only know the basics so please bare with me.

The problems im having is that my computer is pretty slow when starting up, whenever I go on firefox most of the pages i try visiting doesnt load like yahoo or google. And when I go to Internet explorer I get these popups asking me for free virus scans and sometimes explicit popups...


Now I've noticed on your forums that whenever a person has a problem he or she posts a hijackthis log in their thread, so that the techsupport dudes would diagnose the problem, now i've done that, and heres my log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:10 PM, on 6/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\windows\system\hpsysdrv .exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\hphmon05 .exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ps2 .exe
C:\Program Files\Multimedia Card Reader\shwicon2k .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.313\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [7831ce24] rundll32.exe "C:\WINDOWS\System32\clsnfdcl.dll",b
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BM7b02fdb8] Rundll32.exe "C:\WINDOWS\System32\ndxuoxta.dll",s
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212554025125
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6167 bytes


help is very much appreciated thanks.
See less See more
Save
Like
Status
Not open for further replies.
1 - 20 of 46 Posts
shaferintl
scarface910,

If you still need help, post a fresh HijackThis log. :wave:
Save
Like
S
Thanks for still caring, i will post one as soon as my computer stops downloading malware that downloads porn icons onto my desktop.... and ill go through the 5 steps again to make sure, the first time I posted this log I was a newbie and didnt know my way around, this time no mistakes will be made :)
Save
Like
S
Here is a fresh hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:01 PM, on 6/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\WINDOWS\System32\hphmon05 .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\444.470
C:\WINDOWS\System32\qcnttkdm.exe
C:\WINDOWS\System32\lphcl98j0e34t.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\sysrest32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\WINDOWS\helloserv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Multimedia Card Reader\shwicon2k .exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\helloserv .exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\system32\qcnttkdm .exe
C:\WINDOWS\System32\lphcl98j0e34t .exe
C:\WINDOWS\System32\qcnttkdm .exe
C:\WINDOWS\System32\sysrest32 .exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\drivers\svchost .exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08 .exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\ieupdates .exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\iftuyszv.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\qcnttkdm .exe DWram
O4 - HKLM\..\Run: [lphcl98j0e34t] C:\WINDOWS\System32\lphcl98j0e34t.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\System32\sysrest32.exe
O4 - HKLM\..\Run: [BM7b02fdb8] Rundll32.exe "C:\WINDOWS\System32\vxcwsgjc.dll",s
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [helloserv] C:\WINDOWS\helloserv.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcnttkdm .exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jswnw64s.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{684E718A-7F86-4475-B6E6-86EE68DEE875}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90E59A0-FAF3-4E56-A259-22E7830CC35E}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 8043 bytes
See less See more
Save
Like
shaferintl
scarface910,

Thanks for your patience. Our volunteers are very busy. Your log indicates that you have Malware on your system. Let's get started.

Your log reveals a backdoor bot. These can severely compromise personal information which could lead to identity theft.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Should you have any questions, please feel free to ask.

Download SDFix and save it to your Desktop. Do not execute it.

Download Dr.Web CureIt to the desktop. Do not execute it.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)

Run SDFix as follows:
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.
Boot your PC into Safe Mode, as before.

Run Dr.Web CureIt as follows:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
Please post the SDFix Report.txt, the DrWeb.csv report, and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
See less See more
2
Save
Like
S
SDFIX THING









SDFix: Version 1.190
Run by Owner on Mon 06/09/2008 at 09:33 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\MYDOCU~1\sdfix\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\PROGRA~1\ONLINE~1\RYBILOC.DLL - Deleted
C:\PROGRA~1\ONLINE~1\RYBILO~1.DLL - Deleted
C:\WINDOWS\system32\back.exe.exe - Deleted
C:\WINDOWS\system32\vntiho01\vntiho011065.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe - Deleted
C:\WINDOWS\mrofinu572.exe.tmp - Deleted
C:\WINDOWS\mrofinu72.exe.tmp - Deleted
C:\WINDOWS\system32\1C0.tmp - Deleted
C:\WINDOWS\system32\1FD.tmp - Deleted
C:\WINDOWS\system32\sex1.ico - Deleted
C:\WINDOWS\system32\sex2.ico - Deleted
C:\WINDOWS\system32\sex3.ico - Deleted
C:\WINDOWS\system32\sex3.ico.tmp - Deleted
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Deewoo.lnk - Deleted
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DW_Start.lnk - Deleted
C:\ezStub.exe - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\iftuyszv.exe - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted



Folder C:\WINDOWS\system32\vntiho01 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 22:11:50
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\GatorUninstaller_cme_u.log:bilou 56832 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\DOCUME~1\Owner\MYDOCU~1\sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 4 Jun 2008 196 A.SHR --- "C:\BOOT.BAK"
Sun 22 Aug 2004 56,832 A.SH. --- "C:\WINDOWS\kjowe.dll"
Mon 16 Aug 2004 56,832 A.SH. --- "C:\WINDOWS\nylcs.dll"
Mon 13 Sep 2004 56,832 A.SH. --- "C:\WINDOWS\qkjar.dll"
Sun 29 Aug 2004 56,832 A.SH. --- "C:\WINDOWS\qvaxj.dll"
Fri 1 Apr 2005 637,952 A..H. --- "C:\Program Files\Toolbar\PIB.exe"
Sun 23 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 21 Aug 2004 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Thu 12 Aug 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"
Sat 30 Apr 2005 30,208 ...H. --- "C:\Documents and Settings\Owner\My Documents\~WRL0005.tmp"
Sun 12 Feb 2006 22,016 ...H. --- "C:\Documents and Settings\Owner\My Documents\~WRL1736.tmp"
Sun 12 Feb 2006 22,016 ...H. --- "C:\Documents and Settings\Owner\My Documents\~WRL3288.tmp"
Sun 12 Feb 2006 19,968 ...H. --- "C:\Documents and Settings\Owner\My Documents\~WRL4038.tmp"
Thu 27 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 24 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 7 Feb 2004 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
Sat 7 Feb 2004 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
Sat 7 Feb 2004 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
Sat 7 Feb 2004 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
Sat 7 Feb 2004 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
Sat 7 Feb 2004 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
Sat 7 Feb 2004 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
Sat 7 Feb 2004 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
Sat 7 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
Sat 7 Feb 2004 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
Tue 10 Feb 2004 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
Sat 7 Feb 2004 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
Sat 7 Feb 2004 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
Tue 10 Feb 2004 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
Sat 7 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
Sat 7 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
Sat 7 Feb 2004 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
Sat 7 Feb 2004 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
Sat 7 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
Sat 7 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
Sat 7 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Wed 8 Dec 2004 167,936 A..HR --- "C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe"
Wed 8 Dec 2004 151,552 A..HR --- "C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dll"
Wed 8 Dec 2004 155,648 A..HR --- "C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHUpdater.exe"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT8.tmp"
Tue 3 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\BIT44.tmp"
Thu 2 Sep 2004 4,348 A..H. --- "C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\My Documents\My Music\License Backup\drmv1key.bak"
Thu 2 Sep 2004 20 A..H. --- "C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 30 Aug 2004 312 A..H. --- "C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\My Documents\My Music\License Backup\drmv2key.bak"
Thu 2 Sep 2004 1,536 A..H. --- "C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\My Documents\My Music\License Backup\drmv2lic.bak"
Thu 2 Sep 2004 4,348 A..H. --- "C:\Documents and Settings\Default User\My Documents\My Music\License Backup\drmv1key.bak"
Thu 2 Sep 2004 20 A..H. --- "C:\Documents and Settings\Default User\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 30 Aug 2004 312 A..H. --- "C:\Documents and Settings\Default User\My Documents\My Music\License Backup\drmv2key.bak"
Thu 2 Sep 2004 1,536 A..H. --- "C:\Documents and Settings\Default User\My Documents\My Music\License Backup\drmv2lic.bak"
Wed 19 Dec 2007 46,080 ...H. --- "C:\Documents and Settings\Owner\My Documents\kathy's schoolwork\COLLEGE\~WRL0724.tmp"
Thu 2 Sep 2004 4,348 A..H. --- "C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\License Backup\drmv1key.bak"
Thu 2 Sep 2004 20 A..H. --- "C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 30 Aug 2004 312 A..H. --- "C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\License Backup\drmv2key.bak"
Thu 2 Sep 2004 1,536 A..H. --- "C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\License Backup\drmv2lic.bak"

Finished!






HIJACKTHIS THING




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:57 PM, on 6/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [lphcl98j0e34t] C:\WINDOWS\System32\lphcl98j0e34t.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\System32\sysrest32.exe
O4 - HKCU\..\Run: [helloserv] C:\WINDOWS\helloserv.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{684E718A-7F86-4475-B6E6-86EE68DEE875}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90E59A0-FAF3-4E56-A259-22E7830CC35E}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 5879 bytes



My docthing will come soon
See less See more
Save
Like
shaferintl
My docthing will come soon
Click to expand...
OK, please post another new HJT log afterward. Thanks!
Save
Like
S
Dr.WEB


july14_loader.exe;C:\;Trojan.DownLoader.679;Deleted.;
sidebDD.exe;C:\;Adware.EliteBar;Moved.;
updaterInstall_112.exe;C:\;Trojan.KeenValAd;Incurable.Moved.;
AutoTBar.exe;C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Start Menu\Programs\Startup;Trojan.MulDrop.11190;Deleted.;
full.exe;C:\Documents and Settings\Owner;Trojan.MulDrop.2785;Deleted.;
QUAR1.16858;C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.Proxy.493;Deleted.;
QUAR1.33627;C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.Fakealert.578;Deleted.;
QUAR1.58810;C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Adware.ClickSpring;Moved.;
QUAR1.71796;C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Adware.Websearch;Moved.;
QUAR1.80264;C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine;Trojan.Proxy.493;Deleted.;
1c3a7917-662acff3\javainstaller/InstallerApplet.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\23\1c3a7917-662acff3;Trojan.DownLoader.3204;;
1c3a7917-662acff3;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\23;Archive contains infected objects;Moved.;
3a99d727-5b73c587\javainstaller/InstallerApplet.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\39\3a99d727-5b73c587;Trojan.DownLoader.3204;;
3a99d727-5b73c587;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\39;Archive contains infected objects;Moved.;
ComboFix.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\Owner\Desktop\ComboFix.exe;Probably SCRIPT.Virus;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Owner\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;Moved.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Owner\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;Moved.;
EvilGeniusSetup-dm.exe;C:\Documents and Settings\Owner\Desktop\Madness Interactive;Adware.TryMedia;Moved.;
T-3545425-gta vice city intro.mp3;C:\Documents and Settings\Owner\Incomplete;Trojan.Click.18899;Incurable.Moved.;
T-5745425-16 aphex twin selected ambient.mp3;C:\Documents and Settings\Owner\Incomplete;Trojan.Click.18899;Incurable.Moved.;
C2152591d01\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Default User1\Cache\C2152591d01;Probably SCRIPT.Virus;;
C2152591d01\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Default User1\Cache\C2152591d01;Program.PsExec.171;;
C2152591d01;C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Default User1\Cache;Archive contains infected objects;Moved.;
DD0DBD66d01\SDFix\apps\Process.exe;C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Default User1\Cache\DD0DBD66d01;Tool.Prockill;;
DD0DBD66d01;C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Default User1\Cache;Archive contains infected objects;Moved.;
Process.exe;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\apps;Tool.Prockill;Moved.;
backups.zip\backups/back.exe.exe;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Trojan.DownLoader.62867;;
backups.zip\backups/ezStub.exe;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Adware.Ezula;;
backups.zip\backups/iftuyszv.exe;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Modification of BackDoor.Generic.1699;;
backups.zip\backups/mrofinu572.exe.tmp;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Trojan.MulDrop.11190;;
backups.zip\backups/mrofinu72.exe.tmp;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Trojan.MulDrop.11190;;
backups.zip\backups/rybiloc.dll;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Trojan.StartPage.19992;;
backups.zip\backups/rybiloc302.dll;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Trojan.StartPage.19992;;
backups.zip\backups/UWFX5_0001_N56M0311NetInstaller.exe;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Program.Winfixer;;
backups.zip\backups/UWFX5_0001_N57M2811NetInstaller.exe;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Program.Winfixer;;
backups.zip\backups/vntiho011065.exe;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups\backups.zip;Trojan.DownLoader.56730;;
backups.zip;C:\Documents and Settings\Owner\My Documents\sdfix\SDFix\backups;Archive contains infected objects;Moved.;
03 Track 3 (love).wma;C:\Documents and Settings\Owner\Shared;Trojan.DownLoader.61860;Deleted.;
07 Track 7.wma;C:\Documents and Settings\Owner\Shared;Trojan.DownLoader.61860;Deleted.;
cloaker.exe;C:\hp\bin;Trojan.MulDrop.11190;Deleted.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Moved.;
oca_mrk.vbs;C:\hp\support;Probably SCRIPT.Virus;Moved.;
Abaclient.exe;C:\Program Files\Abacast;Probably DLOADER.Trojan;Moved.;
winiurra32.dll;C:\Program Files\Abacast;Trojan.DownLoader.3823;Deleted.;
AdobeUpdateManager.exe;C:\Program Files\Adobe\Acrobat 7.0\Reader;Trojan.MulDrop.11190;Deleted.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Moved.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
Ares .exe;C:\Program Files\Ares;Trojan.MulDrop.11190;Deleted.;
AutoUpdate.exe;C:\Program Files\AutoUpdate;Adware.Apropos;Moved.;
MiniBugTransporter.dll;C:\Program Files\AWS\WeatherBug;Adware.Aws;Moved.;
ace.dll;C:\Program Files\Awsoffer;Adware.Apropos;Moved.;
cdfsinst.exe;C:\Program Files\Awsoffer;Adware.Apropos;Moved.;
usespmsg.exe;C:\Program Files\Awsoffer;Adware.Apropos;Moved.;
WinGenerics.dll;C:\Program Files\Awsoffer;Adware.Apropos;Moved.;
00000917_43897c03_000dd40a\JavaScript.1;C:\Program Files\Awsoffer\Cache\00000917_43897c03_000dd40a;VBS.PackFor;;
00000917_43897c03_000dd40a\JavaScript.18;C:\Program Files\Awsoffer\Cache\00000917_43897c03_000dd40a;VBS.PackFor;;
00000917_43897c03_000dd40a;C:\Program Files\Awsoffer\Cache;Archive contains infected objects;Moved.;
00005718_444c019c_00031975\JavaScript.1;C:\Program Files\Awsoffer\Cache\00005718_444c019c_00031975;VBS.PackFor;;
00005718_444c019c_00031975\JavaScript.2;C:\Program Files\Awsoffer\Cache\00005718_444c019c_00031975;VBS.PackFor;;
00005718_444c019c_00031975;C:\Program Files\Awsoffer\Cache;Archive contains infected objects;Moved.;
adp8035.exe;C:\Program Files\BullsEye Network;Adware.BargainBuddy;Moved.;
adv.exe;C:\Program Files\BullsEye Network\bin;Adware.BargainBuddy;Moved.;
adx.exe;C:\Program Files\BullsEye Network\bin;Adware.BargainBuddy;Moved.;
bargains.exe;C:\Program Files\BullsEye Network\bin;Adware.BargainBuddy;Moved.;
cashback.exe;C:\Program Files\CashBack\bin;Adware.BargainBuddy;Moved.;
cb.exe;C:\Program Files\CashBack\bin;Adware.BargainBuddy;Moved.;
flash.exe;C:\Program Files\CashBack\bin;Adware.BargainBuddy;Moved.;
CSAOLINST.DLL;C:\Program Files\ClearSearch;Adware.ClearSearch;Moved.;
csAOLldr.exe;C:\Program Files\ClearSearch;Adware.ClearSearch;Moved.;
CSIEINST.DLL;C:\Program Files\ClearSearch;Adware.ClearSearch.origin;Moved.;
CSTMINST.DLL;C:\Program Files\ClearSearch;Adware.ClearSearch.origin;Moved.;
CSTVINST.DLL;C:\Program Files\ClearSearch;Adware.ClearSearch.origin;Moved.;
register.exe;C:\Program Files\ComcastToolbar;Adware.Xbarre;Moved.;
uninstall.exe;C:\Program Files\ComcastToolbar;Adware.VMN;Moved.;
stpsulccr.exe;C:\Program Files\Common Files\aqqlbbsu\aeopeqoosp;Adware.Gator;Moved.;
flpuumal.exe;C:\Program Files\Common Files\aqqlbbsu\rftpcmes;Adware.Gator;Moved.;
GMTProxy.dll;C:\Program Files\Common Files\CMEII;Adware.Gator;Moved.;
ffkia.exe;C:\Program Files\Common Files\ffki;Adware.TargetServer;Moved.;
ffkil.exe;C:\Program Files\Common Files\ffki;Trojan.Tsup;Deleted.;
ffkim.exe;C:\Program Files\Common Files\ffki;Adware.TargetServer;Moved.;
ffkip.exe;C:\Program Files\Common Files\ffki;Adware.TargetServer;Moved.;
ffkic.dll;C:\Program Files\Common Files\ffki\ffkid;Adware.TargetServer;Moved.;
EGGCEngine.dll;C:\Program Files\Common Files\GMT;Adware.Gator;Moved.;
GatorRes.dll;C:\Program Files\Common Files\GMT;Adware.Gator - read error;;
GatorStubSetup.exe;C:\Program Files\Common Files\GMT;Adware.Gator;Moved.;
gtrawbm.fil;C:\Program Files\Common Files\GMT;Adware.Gator;Moved.;
GUninstaller.exe;C:\Program Files\Common Files\GMT;Adware.Gator;Moved.;
midaddle.dll;C:\Program Files\Common Files\midaddle;Adware.Midaddle;Moved.;
RealBar.dll;C:\Program Files\Common Files\Real\Toolbar;Adware.MegaSearch.origin;Moved.;
ppctl.dll;C:\Program Files\Common Files\Scanner;Probably DLOADER.Trojan;Moved.;
Wzepbs.exe;C:\Program Files\Cyrqm;Trojan.DownLoader.1389;Deleted.;
DateManager.exe;C:\Program Files\Date Manager;Adware.Gator;Moved.;
DMUninstaller.exe;C:\Program Files\Date Manager;Adware.Gator;Moved.;
DeskAdComm.dll;C:\Program Files\DeskAd Service;Adware.Winad;Moved.;
GoogleToolbarNotifier.exe;C:\Program Files\Google\GoogleToolbarNotifier;Trojan.MulDrop.11190;Deleted.;
IncFindBHO.dll;C:\Program Files\IncrediFind\BHO;Adware.IncrediFind;Moved.;
itbill.exe;C:\Program Files\ItBill;Trojan.DownLoader.6551;Deleted.;
jusched.exe;C:\Program Files\Java\jre1.5.0_03\bin;Trojan.MulDrop.11190;Deleted.;
jusched.exe;C:\Program Files\Java\jre1.6.0_05\bin;Trojan.MulDrop.11190;Deleted.;
mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Trojan.MulDrop.11190;Deleted.;
LogOnHook.exe;C:\Program Files\McAfee\MBK;Trojan.MulDrop.11190;Deleted.;
wcescomm .exe;C:\Program Files\Microsoft ActiveSync;Trojan.MulDrop.11190;Deleted.;
wcescomm .exe;C:\Program Files\Microsoft ActiveSync;Trojan.MulDrop.11190;Deleted.;
wcescomm .exe;C:\Program Files\Microsoft ActiveSync;Trojan.MulDrop.11190;Deleted.;
wcescomm.exe;C:\Program Files\Microsoft ActiveSync;Trojan.MulDrop.11190;Deleted.;
navapp.exe;C:\Program Files\NavExcel\NavHelper\v2.0.4d;Adware.NavHelper;Moved.;
NHelper.dll;C:\Program Files\NavExcel\NavHelper\v2.0.4d;Adware.NavHelper;Moved.;
NHUninstaller.exe;C:\Program Files\NavExcel\NavHelper\v2.0.4d;Adware.NavHelper;Moved.;
NHUpdater.exe;C:\Program Files\NavExcel\NavHelper\v2.0.4d;Adware.NavHelper;Moved.;
v2.0.4d.cab\NHelper.dll;C:\Program Files\NavExcel\NavHelper\v2.0.4d\v2.0.4d.cab;Adware.NavHelper;;
v2.0.4d.cab\NHUninstaller.exe;C:\Program Files\NavExcel\NavHelper\v2.0.4d\v2.0.4d.cab;Adware.NavHelper;;
v2.0.4d.cab\NHUpdater.exe;C:\Program Files\NavExcel\NavHelper\v2.0.4d\v2.0.4d.cab;Adware.NavHelper;;
v2.0.4d.cab\navapp.exe;C:\Program Files\NavExcel\NavHelper\v2.0.4d\v2.0.4d.cab;Adware.NavHelper;;
v2.0.4d.cab;C:\Program Files\NavExcel\NavHelper\v2.0.4d;Archive contains infected objects;Moved.;
NavExcelBar.dll;C:\Program Files\NavExcel Search Toolbar;Adware.NavHelper;Moved.;
LaunchApplication.exe;C:\Program Files\Nokia\Nokia PC Suite 6;Trojan.MulDrop.11190;Deleted.;
12AA655C;C:\Program Files\Norton AntiVirus\Quarantine;Trojan.DownLoader.813;Deleted.;
1F0C42A6;C:\Program Files\Norton AntiVirus\Quarantine;Trojan.DownLoader.813;Deleted.;
2F4E6F60;C:\Program Files\Norton AntiVirus\Quarantine;Trojan.DownLoader.813;Deleted.;
30AD47BF;C:\Program Files\Norton AntiVirus\Quarantine;Trojan.DownLoader.813;Deleted.;
316640D6;C:\Program Files\Norton AntiVirus\Quarantine;Trojan.DownLoader.813;Deleted.;
448279D2;C:\Program Files\Norton AntiVirus\Quarantine;Trojan.DownLoader.813;Deleted.;
504C4139;C:\Program Files\Norton AntiVirus\Quarantine;Trojan.DownLoader.813;Deleted.;
Daozr.exe;C:\Program Files\Oiurg;Trojan.DownLoader.1389;Deleted.;
stream001\uninstll.exe;C:\Program Files\Online Services\Earthlink\EarthLink Setup.exe\\Windows\access\EarthLink Setup.msi\stream001;Probably STPAGE.Trojan;;
stream001;C:\Program Files\Online Services\Earthlink\EarthLink Setup.exe\\Windows\access\EarthLink Setup.msi;Archive contains infected objects;;
\Windows\access\EarthLink Setup.msi;C:\Program Files\Online Services\Earthlink\EarthLink Setup.exe\\Windows\access;Archive contains infected objects;;
EarthLink Setup.exe;C:\Program Files\Online Services\Earthlink;Archive contains infected objects;Moved.;
PerfectNav150c.dll;C:\Program Files\PerfectNav\BHO;Adware.PerfNav;Moved.;
PrecisionTime.exe;C:\Program Files\PrecisionTime;Adware.Gator;Moved.;
PTUninstaller.exe;C:\Program Files\PrecisionTime;Adware.Gator.origin;Moved.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask .exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
QTTask.exe;C:\Program Files\QuickTime;Trojan.MulDrop.11190;Deleted.;
RH.DLL;C:\Program Files\Recommended Hotfix - 421701D\v15;Adware.Hopper;Moved.;
RH.exe;C:\Program Files\Recommended Hotfix - 421701D\v15;Adware.Hopper;Moved.;
se.DLL;C:\Program Files\se\v11;Adware.WinEnch;Moved.;
se.EXE;C:\Program Files\se\v11;Adware.SearchEnh;Moved.;
SearchRelevancy1.dll;C:\Program Files\SearchRelevancy;Adware.Relevance;Moved.;
SearchRelevant.dll;C:\Program Files\SearchRelevant;Adware.Relevance;Moved.;
sep.dll;C:\Program Files\SEP;Adware.SideSearch;Moved.;
sdcmon.dll;C:\Program Files\support.com\bin;Probably DLOADER.Trojan;Moved.;
tgcmd.exe;C:\Program Files\support.com\bin;Trojan.MulDrop.11190;Deleted.;
tgupdate.exe;C:\Program Files\support.com\bin;Probably DLOADER.Trojan;Moved.;
ComcastToolbar.exe\data003;C:\Program Files\support.com\temp\ComcastToolbar.exe;Tool.ProcessKill;;
ComcastToolbar.exe\data133;C:\Program Files\support.com\temp\ComcastToolbar.exe;Adware.VMN;;
ComcastToolbar.exe\data134;C:\Program Files\support.com\temp\ComcastToolbar.exe;Adware.Xbarre;;
ComcastToolbar.exe\data145;C:\Program Files\support.com\temp\ComcastToolbar.exe;Probably DLOADER.Trojan;;
ComcastToolbar.exe;C:\Program Files\support.com\temp;Archive contains infected objects;Moved.;
DesktopDoctor_p1.exe\data023;C:\Program Files\support.com\temp\DesktopDoctor_p1.exe;Probably DLOADER.Trojan;;
DesktopDoctor_p1.exe\data363;C:\Program Files\support.com\temp\DesktopDoctor_p1.exe;Probably DLOADER.Trojan;;
DesktopDoctor_p1.exe;C:\Program Files\support.com\temp;Archive contains infected objects;Moved.;
common.dll;C:\Program Files\Toolbar;Adware.Websearch;Moved.;
IExploreSkins.exe;C:\Program Files\Toolbar;Adware.WinTool;Moved.;
PIB.exe;C:\Program Files\Toolbar;Adware.Websearch;Moved.;
TBPS.exe;C:\Program Files\Toolbar;Adware.Websearch;Moved.;
TBPSSvc.exe;C:\Program Files\Toolbar;Trojan.DownLoader.1211;Deleted.;
toolbar.dll;C:\Program Files\Toolbar;Adware.Websearch;Moved.;
Tvm.exe;C:\Program Files\TV Media;Adware.TVMedia.origin;Moved.;
TvmBho.dll;C:\Program Files\TV Media;Adware.TVMedia.origin;Moved.;
apev.exe;C:\Program Files\Web Offer;Adware.Ezula;Moved.;
wo.exe;C:\Program Files\Web Offer;Adware.Ezula;Moved.;
disp1150.exe;C:\Program Files\Web_Rebates;Adware.Rebates;Moved.;
WebRebates0.exe;C:\Program Files\Web_Rebates;Adware.Rebates;Moved.;
WebRebates1.exe;C:\Program Files\Web_Rebates;Adware.Rebates;Moved.;
data004\data002;C:\Program Files\WildArcade\BlasterBlocks\blasterblocks.exe\data004;Adware.StatBlaster;;
data004;C:\Program Files\WildArcade\BlasterBlocks\blasterblocks.exe;Archive contains infected objects;;
blasterblocks.exe;C:\Program Files\WildArcade\BlasterBlocks;Archive contains infected objects;Moved.;
WinForm.exe;C:\Program Files\Windows FormatAd;Adware.Winad;Moved.;
WinFormComm.dll;C:\Program Files\Windows FormatAd;Adware.Winad;Moved.;
WinFormKeep.exe;C:\Program Files\Windows FormatAd;Adware.Winad;Moved.;
20040826124130937.zip\WINDOWS/downloaded program files/lsp_.dll;C:\Program Files\Yahoo!\YPSR\Quarantine\20040826124130937.zip;Adware.SAHAgent;;
20040826124130937.zip\WINDOWS/downloaded program files/SahHtml_.exe;C:\Program Files\Yahoo!\YPSR\Quarantine\20040826124130937.zip;Adware.SAHAgent;;
20040826124130937.zip\WINDOWS/downloaded program files/WEBInstaller.dll;C:\Program Files\Yahoo!\YPSR\Quarantine\20040826124130937.zip;Adware.SAHAgent;;
20040826124130937.zip;C:\Program Files\Yahoo!\YPSR\Quarantine;Archive contains infected objects;Moved.;
ppq13.tmp;C:\Program Files\Yahoo!\YPSR\Quarantine;Trojan.Bispy;Deleted.;
catchme2008-06-09_201239.83.zip\awvvw.dll;C:\QooBox\Quarantine\catchme2008-06-09_201239.83.zip;Trojan.Virtumod.257;;
catchme2008-06-09_201239.83.zip;C:\QooBox\Quarantine;Archive contains infected objects;Moved.;
KBD.EXE.vir;C:\QooBox\Quarantine\C\hp\KBD;Trojan.MulDrop.11190;Deleted.;
realsched.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB;Trojan.MulDrop.11190;Deleted.;
sgtray.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\Sonic\Update Manager;Trojan.MulDrop.11190;Deleted.;
actalert.exe.vir;C:\QooBox\Quarantine\C\Program Files\Internet Optimizer;Trojan.Dyfuca;Deleted.;
install.exe.vir;C:\QooBox\Quarantine\C\Program Files\Internet Optimizer;Trojan.DownLoader.3335;Deleted.;
optimize.exe.vir;C:\QooBox\Quarantine\C\Program Files\Internet Optimizer;Trojan.Dyfuca;Deleted.;
actalert.exe.vir;C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\update;Trojan.Dyfuca;Deleted.;
install.exe.vir;C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\update;Trojan.DownLoader.3335;Deleted.;
optimize312.exe.vir;C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\update;Trojan.Dyfuca;Deleted.;
optimize313.exe.vir;C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\update;Trojan.Dyfuca;Deleted.;
rogue.exe.vir;C:\QooBox\Quarantine\C\Program Files\Internet Optimizer\update;Trojan.DownLoader.1389;Deleted.;
jusched.exe.vir;C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.2_03\bin;Trojan.MulDrop.11190;Deleted.;
kernel.exe.vir;C:\QooBox\Quarantine\C\Program Files\kernel;Trojan.MulDrop.11190;Deleted.;
api.exe.vir\data002;C:\QooBox\Quarantine\C\Program Files\MediaPipe\api.exe.vir;Trojan.DownLoader.6551;;
api.exe.vir;C:\QooBox\Quarantine\C\Program Files\MediaPipe;Archive contains infected objects;Moved.;
ItBill.exe.vir;C:\QooBox\Quarantine\C\Program Files\MediaPipe;Trojan.DownLoader.6551;Deleted.;
shwicon2k.exe.vir;C:\QooBox\Quarantine\C\Program Files\Multimedia Card Reader;Trojan.MulDrop.11190;Deleted.;
OemjiPls.dll.vir;C:\QooBox\Quarantine\C\Program Files\Oemji\OemjiSearchPlus;Probably DLOADER.Trojan;Moved.;
SAcc.exe.vir;C:\QooBox\Quarantine\C\Program Files\SurfAccuracy;Trojan.Isbar.371;Deleted.;
SAccU.exe.vir;C:\QooBox\Quarantine\C\Program Files\SurfAccuracy;Adware.SurfAcc;Moved.;
helloserv.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.MulDrop.11190;Deleted.;
lfn.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Modification of BackDoor.Generic.1699;Moved.;
satmat.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.DownLoader.1104;Deleted.;
msbb.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\bundles;Adware.nCase;Moved.;
s_win32.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\bundles;Trojan.DownLoader.383;Deleted.;
VT02.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\bundles;Trojan.DownLoader.origin;Incurable.Moved.;
WebRebates_Auto_InstallSilent.exe.vir\data002;C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vir;Tool.ProcessKill;;
WebRebates_Auto_InstallSilent.exe.vir\data003;C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vir;Adware.Rebates;;
WebRebates_Auto_InstallSilent.exe.vir\data004;C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vir;Adware.Rebates;;
WebRebates_Auto_InstallSilent.exe.vir\data005;C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vir;Adware.Rebates;;
WebRebates_Auto_InstallSilent.exe.vir\data006;C:\QooBox\Quarantine\C\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe.vir;Adware.Rebates;;
WebRebates_Auto_InstallSilent.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\bundles;Archive contains infected objects;Moved.;
Remind_XP.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\CREATOR;Trojan.MulDrop.11190;Deleted.;
MediaTicketsInstaller.ocx.vir;C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files;Adware.MediaTicket;Moved.;
YSBactivex.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files;Trojan.Isbar.164;Deleted.;
RECGUARD.EXE.vir;C:\QooBox\Quarantine\C\WINDOWS\SMINST;Trojan.MulDrop.11190;Deleted.;
awvvw.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
ckseaisp.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based;Incurable.Moved.;
hphmon05.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
ieupdates.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
jiarykek.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.365;Deleted.;
ktmiqynt.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.LowZones.884;Deleted.;
lphcl98j0e34t.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
mrseiwnf.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.LowZones.884;Deleted.;
nfotmedm.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based;Incurable.Moved.;
ngfsmyex.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.365;Deleted.;
pewvogxp.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.LowZones.884;Deleted.;
ps2.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
rwwnw64d.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
sxhlisqu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based;Incurable.Moved.;
sysrest32.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
tsjbhske.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.LowZones.884;Deleted.;
update32.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.744;Deleted.;
vxcwsgjc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based;Incurable.Moved.;
wscmp.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.740;Deleted.;
yndqhule.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.LowZones.884;Deleted.;
hpztsb08.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\spool\drivers\w32x86\3;Trojan.MulDrop.11190;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
A0005968.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.PurityAd.origin;Incurable.Moved.;
A0005970.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.ClickSpring - read error;;
A0005971.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.Outer;Moved.;
A0005972.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.ClickSpring;Moved.;
A0006917.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006919.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006920.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Fakealert.744;Deleted.;
A0006921.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006922.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006923.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006924.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006925.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006926.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006927.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006928.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006930.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006931.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006932.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006934.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006935.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0006947.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.Hotbot.origin;Moved.;
A0007914.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007916.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007917.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007918.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007919.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007920.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007921.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007922.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007923.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007924.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007925.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007926.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007927.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007928.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007929.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Virtumod.based;Incurable.Moved.;
A0007935.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007937.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007938.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007939.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007940.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007941.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007942.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007943.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007944.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007945.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007946.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007947.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007948.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007949.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007950.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007951.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007967.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.DownLoader.62867;Deleted.;
A0007968.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Fakealert.744;Deleted.;
A0007972.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007974.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007975.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007976.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007977.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007978.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007979.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007980.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007981.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007982.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007983.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007984.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007985.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007986.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007987.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.Hotbot.origin;Moved.;
A0007988.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007989.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007990.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007996.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007997.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0007999.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008000.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008001.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008002.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008003.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008004.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008005.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008006.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008007.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008008.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008009.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008013.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008014.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008017.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008018.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008028.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.DownLoader.62867;Deleted.;
A0008029.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Fakealert.744;Deleted.;
A0008037.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008038.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008039.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008040.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008041.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008042.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008043.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008044.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008045.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008046.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008047.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008048.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008049.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008050.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008052.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.Hotbot.origin;Moved.;
A0008053.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008056.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Virtumod.based.11;Incurable.Moved.;
A0008058.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Virtumod.based.11;Incurable.Moved.;
A0008060.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.PWS.Qqpass.1995;Deleted.;
A0008061.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.ZenoSearch.6;Moved.;
A0008062.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Fakealert.740;Deleted.;
A0008063.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.DownLoader.62803;Deleted.;
A0008064.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.DownLoader.62803;Deleted.;
A0008068.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008070.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008071.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008072.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008073.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008074.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008075.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008076.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008077.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008078.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008079.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008080.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008081.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008082.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008083.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008084.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008085.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008094.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008096.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008097.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008098.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008099.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008100.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008101.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008103.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008106.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008107.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008110.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008111.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008113.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008114.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008115.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008117.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008118.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0008126.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.DownLoader.62867;Deleted.;
A0008127.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Fakealert.744;Deleted.;
A0009094.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009096.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009097.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009098.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009099.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009100.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009101.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009102.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009103.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009104.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009105.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009106.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009107.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009108.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009109.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.Hotbot.origin;Moved.;
A0009110.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009111.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009112.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009118.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009120.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009121.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009122.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009123.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009124.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009125.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009126.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009129.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009130.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009131.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009132.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009133.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009134.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009135.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009136.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009138.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0009149.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.DownLoader.62867;Deleted.;
A0009151.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Fakealert.744;Deleted.;
A0010118.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010120.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010121.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010122.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010123.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010124.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010125.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010126.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010127.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010128.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010129.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010130.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010135.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010136.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.Hotbot.origin;Moved.;
A0010137.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010139.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010146.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.DownLoader.62867;Deleted.;
A0010148.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Fakealert.744;Deleted.;
A0010157.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Proxy.493;Deleted.;
A0010158.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Proxy.493;Deleted.;
A0010175.bat;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Probably SCRIPT.Virus;Moved.;
A0010202.bat;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Probably SCRIPT.Virus;Moved.;
A0010229.bat;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Probably SCRIPT.Virus;Moved.;
A0010257.bat;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Probably SCRIPT.Virus;Moved.;
A0010281.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010283.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010284.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010285.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010286.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010287.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010288.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010289.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010292.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010293.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010296.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010298.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010300.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010301.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Adware.Hotbot.origin;Moved.;
A0010302.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010303.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010304.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.MulDrop.11190;Deleted.;
A0010310.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.DownLoader.62867;Deleted.;
A0010314.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP14;Trojan.Fakealert.744;Deleted.;
A0010325.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010328.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010329.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Dyfuca;Deleted.;
A0010330.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.3335;Deleted.;
A0010331.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Dyfuca;Deleted.;
A0010333.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Dyfuca;Deleted.;
A0010334.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.3335;Deleted.;
A0010335.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Dyfuca;Deleted.;
A0010336.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Dyfuca;Deleted.;
A0010337.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.1389;Deleted.;
A0010339.exe\data002;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010339.exe;Trojan.DownLoader.6551;;
A0010339.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Archive contains infected objects;Moved.;
A0010342.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.6551;Deleted.;
A0010356.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Probably DLOADER.Trojan;Moved.;
A0010367.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Isbar.371;Deleted.;
A0010368.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Adware.SurfAcc;Moved.;
A0010372.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Adware.nCase;Moved.;
A0010374.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.383;Deleted.;
A0010375.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.origin;Incurable.Moved.;
A0010376.exe\data002;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010376.exe;Tool.ProcessKill;;
A0010376.exe\data003;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010376.exe;Adware.Rebates;;
A0010376.exe\data004;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010376.exe;Adware.Rebates;;
A0010376.exe\data005;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010376.exe;Adware.Rebates;;
A0010376.exe\data006;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010376.exe;Adware.Rebates;;
A0010376.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Archive contains infected objects;Moved.;
A0010383.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.1104;Deleted.;
A0010384.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Fakealert.740;Deleted.;
A0010385.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010386.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Fakealert.744;Deleted.;
A0010389.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Modification of BackDoor.Generic.1699;Moved.;
A0010390.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010392.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010445.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Stars.183;Deleted.;
A0010454.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010455.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Virtumod.based;Incurable.Moved.;
A0010457.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Virtumod.365;Deleted.;
A0010458.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.LowZones.884;Deleted.;
A0010459.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.LowZones.884;Deleted.;
A0010460.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Virtumod.based;Incurable.Moved.;
A0010461.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Virtumod.365;Deleted.;
A0010462.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.LowZones.884;Deleted.;
A0010463.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Virtumod.based;Incurable.Moved.;
A0010464.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.LowZones.884;Deleted.;
A0010465.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Virtumod.based;Incurable.Moved.;
A0010466.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.LowZones.884;Deleted.;
A0010470.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010471.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010472.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010473.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010474.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010475.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010476.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010477.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010478.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010479.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010480.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010481.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010489.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.331;Deleted.;
A0010492.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.331;Deleted.;
A0010496.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.331;Deleted.;
A0010515.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.331;Deleted.;
A0010524.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.331;Deleted.;
A0010534.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.331;Deleted.;
A0010552.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.331;Deleted.;
A0010685.EXE;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Program.PsExec.170;Moved.;
A0010722.bat;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Probably SCRIPT.Virus;Moved.;
A0010759.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.StartPage.19992;Deleted.;
A0010760.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.StartPage.19992;Deleted.;
A0010761.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.62867;Deleted.;
A0010762.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.56730;Deleted.;
A0010768.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Adware.Ezula;Moved.;
A0010771.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Modification of BackDoor.Generic.1699;Moved.;
A0010787.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.679;Deleted.;
A0010788.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.KeenValAd;Incurable.Moved.;
A0010789.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010790.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.2785;Deleted.;
A0010791.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010791.exe;Probably SCRIPT.Virus;;
A0010791.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010791.exe;Program.PsExec.171;;
A0010791.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Archive contains infected objects;Moved.;
A0010792.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010792.exe;Tool.Prockill;;
A0010792.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Archive contains infected objects;Moved.;
A0010793.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010794.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.3823;Deleted.;
A0010795.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010796.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010797.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010798.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010799.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010800.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010801.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010802.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010803.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010804.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010805.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010806.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010807.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010808.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010809.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010810.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010811.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010812.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010813.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010814.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010815.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010816.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010817.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010818.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010819.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010820.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010821.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010822.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010823.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010824.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010825.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010826.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010827.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010828.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010829.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010830.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010831.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010832.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010833.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010834.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010835.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010836.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010837.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010838.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.Tsup;Deleted.;
A0010839.dll;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Adware.Gator - read error;;
A0010840.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.1389;Deleted.;
A0010841.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010842.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.6551;Deleted.;
A0010843.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010844.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010845.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010846.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010847.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010848.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010849.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010850.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010851.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010852.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.1389;Deleted.;
stream001\uninstll.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010853.exe\\Windows\access\EarthLink Setup.m;Probably STPAGE.Trojan;;
stream001;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010853.exe\\Windows\access\EarthLink Setup.m;Archive contains infected objects;;
\Windows\access\EarthLink Setup.msi;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010853.exe\\Windows\access;Archive contains infected objects;;
A0010853.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Archive contains infected objects;Moved.;
A0010854.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010855.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010856.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010857.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010858.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010859.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010860.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010861.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010862.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010863.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010864.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010865.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010866.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010867.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010868.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010869.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010870.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010871.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010872.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010873.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010874.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010875.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010876.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010877.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010878.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010879.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010880.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010881.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010882.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010883.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010884.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010885.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010886.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010887.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010888.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010889.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010890.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010891.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010892.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010893.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010894.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010895.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010896.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010897.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010898.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010899.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.MulDrop.11190;Deleted.;
A0010900.exe\data003;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010900.exe;Tool.ProcessKill;;
A0010900.exe\data133;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010900.exe;Adware.VMN;;
A0010900.exe\data134;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010900.exe;Adware.Xbarre;;
A0010900.exe\data145;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010900.exe;Probably DLOADER.Trojan;;
A0010900.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Archive contains infected objects;Moved.;
A0010901.exe\data023;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010901.exe;Probably DLOADER.Trojan;;
A0010901.exe\data363;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010901.exe;Probably DLOADER.Trojan;;
A0010901.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Archive contains infected objects;Moved.;
A0010902.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Trojan.DownLoader.1211;Deleted.;
data004\data002;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010903.exe\data004;Adware.StatBlaster;;
data004;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15\A0010903.exe;Archive contains infected objects;;
A0010903.exe;C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP15;Archive contains infected objects;Moved.;
Bargains.exe;C:\temp;Adware.BargainBuddy;Moved.;
ContextPlus.exe;C:\temp;Trojan.AproposAd;Deleted.;
sahagent.exe;C:\temp;Adware.SAHAgent;Moved.;
salm.exe;C:\temp;Adware.nCase;Moved.;
salmhook.dll;C:\temp;Adware.nCase;Moved.;
444.470;C:\WINDOWS;Trojan.DownLoader.62873;Deleted.;
alchem.exe;C:\WINDOWS;Trojan.Alchem;Deleted.;
autoheal.exe;C:\WINDOWS;Adware.BargainBuddy;Moved.;
bargain3.exe;C:\WINDOWS;Adware.BargainBuddy;Moved.;
conscorr.exe;C:\WINDOWS;Trojan.Stubby;Deleted.;
extract.exe;C:\WINDOWS;Trojan.MulDrop.4313;Deleted.;
helloserv .exe;C:\WINDOWS;Trojan.DownLoader.62867;Deleted.;
localNRD.dll;C:\WINDOWS;Trojan.Bispy;Deleted.;
minigolf_affiliate.exe;C:\WINDOWS;Trojan.StatBlasterAd;Incurable.Moved.;
nem220.dll;C:\WINDOWS;Trojan.Dyfuca;Deleted.;
nxstinst.exe;C:\WINDOWS;Adware.NavHelper;Moved.;
preInsln.exe;C:\WINDOWS;Trojan.Bispy;Deleted.;
remtm3.exe;C:\WINDOWS;Adware.nCase;Moved.;
rgrt.exe;C:\WINDOWS;Adware.IEPlug;Moved.;
SAHUninstall.exe;C:\WINDOWS;Adware.SAHAgent;Moved.;
salmbundle.exe;C:\WINDOWS;Trojan.MulDrop.4313;Deleted.;
SportsInterAction Poker setup.exe;C:\WINDOWS;Probably DLOADER.Trojan;Moved.;
ssk.exe;C:\WINDOWS;Adware.Surfside;Moved.;
sys4229.exe;C:\WINDOWS;Trojan.DownLoader.3469;Deleted.;
sys4230.exe;C:\WINDOWS;Trojan.DownLoader.3469;Deleted.;
sys4231.exe;C:\WINDOWS;Trojan.DownLoader.3469;Deleted.;
sys4232.exe;C:\WINDOWS;Trojan.DownLoader.3469;Deleted.;
systb.dll;C:\WINDOWS;Adware.DrSearch;Moved.;
TBSSaver.scr;C:\WINDOWS;Probably DLOADER.Trojan;Moved.;
TEK76.exe;C:\WINDOWS;Trojan.StartPage.19993;Deleted.;
trebates.exe\data002;C:\WINDOWS\trebates.exe;Tool.ProcessKill;;
trebates.exe\data004;C:\WINDOWS\trebates.exe;Adware.Rebates;;
trebates.exe\data005;C:\WINDOWS\trebates.exe;Adware.Rebates;;
trebates.exe\data006;C:\WINDOWS\trebates.exe;Adware.Rebates;;
trebates.exe;C:\WINDOWS;Archive contains infected objects;Moved.;
twaintec.dll;C:\WINDOWS;Trojan.Bispy;Deleted.;
ujbpjh.exe;C:\WINDOWS;Trojan.Isbar.214;Deleted.;
wdskctl.exe;C:\WINDOWS;Adware.IEPlug;Moved.;
winzi32.dll;C:\WINDOWS;Trojan.DownLoader.1029;Deleted.;
wsem301.dll;C:\WINDOWS;Trojan.Dyfuca;Deleted.;
wsem303.dll;C:\WINDOWS;Trojan.Dyfuca;Deleted.;
wupdt.exe;C:\WINDOWS;Trojan.DownLoader.1495;Deleted.;
xpupdate .exe;C:\WINDOWS;Trojan.Fakealert;Deleted.;
yrnoy.exe;C:\WINDOWS;Trojan.Isbar.214;Deleted.;
zeta.exe;C:\WINDOWS;Adware.BargainBuddy;Moved.;
actsetup.dll;C:\WINDOWS\Downloaded Program Files;Trojan.MulDrop.2100;Deleted.;
Install.dll;C:\WINDOWS\Downloaded Program Files;Adware.SpywareStorm;Moved.;
lsp_.dll;C:\WINDOWS\Downloaded Program Files;Adware.SAHAgent;Moved.;
pcs_0002.exe;C:\WINDOWS\Downloaded Program Files;Adware.PaciMedia;Moved.;
SAHAgent_.exe;C:\WINDOWS\Downloaded Program Files;Adware.SAHAgent;Moved.;
SahHtml_.exe;C:\WINDOWS\Downloaded Program Files;Adware.SAHAgent;Moved.;
SAHUninstall_.exe;C:\WINDOWS\Downloaded Program Files;Adware.SAHAgent;Moved.;
thin.inf;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.3634;Deleted.;
WEBInstaller.dll;C:\WINDOWS\Downloaded Program Files;Adware.SAHAgent;Moved.;
WinadX.dll;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.664;Deleted.;
WinadX.dll;C:\WINDOWS\Downloaded Program Files\CONFLICT.1;Trojan.DownLoader.664;Deleted.;
EliteSideBar 08.dll;C:\WINDOWS\EliteSideBar;Adware.EliteBar;Moved.;
EliteToolBar version 59.dll;C:\WINDOWS\EliteToolBar;Adware.EliteBar;Moved.;
EliteToolBar version 60.dll;C:\WINDOWS\EliteToolBar;Adware.EliteBar;Moved.;
Loader.dll;C:\WINDOWS\system;Trojan.DownLoader.2044;Deleted.;
ieupdates .exe;C:\WINDOWS\system32;Trojan.Fakealert.744;Deleted.;
ntload.dll;C:\WINDOWS\system32;Trojan.PWS.Qqpass.1995;Deleted.;
qcnttkdm .exe;C:\WINDOWS\system32;Adware.Hotbot.origin;Moved.;
qcnttkdm .exe;C:\WINDOWS\system32;Adware.Hotbot.origin;Moved.;
qcnttkdm.exe;C:\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
RCX67.tmp;C:\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
RCX77.tmp;C:\WINDOWS\system32;Trojan.MulDrop.11190;Deleted.;
dllsockt.exe;C:\WINDOWS\system32\105772;Adware.ZenoSearch.6;Moved.;
L3pars2.exe;C:\WINDOWS\system32\btz;Trojan.DownLoader.5013;Deleted.;
mtcon66225.exe\data002;C:\WINDOWS\system32\expo\mtcon66225.exe;Adware.Ttc.4;;
mtcon66225.exe;C:\WINDOWS\system32\expo;Archive contains infected objects;Moved.;
xVXdll.exe;C:\WINDOWS\system32\inet2;Trojan.Imp.8;Deleted.;
imapIP95.exe;C:\WINDOWS\system32\xrem;Trojan.DownLoader.62873;Deleted.;






HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:11 PM, on 6/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [lphcl98j0e34t] C:\WINDOWS\System32\lphcl98j0e34t.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\System32\sysrest32.exe
O4 - HKCU\..\Run: [helloserv] C:\WINDOWS\helloserv.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{684E718A-7F86-4475-B6E6-86EE68DEE875}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90E59A0-FAF3-4E56-A259-22E7830CC35E}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 5824 bytes







Problems I had were, programs downloading anti-virus programs, constantly 3 porn icons popping up on my desktop, and a nice backround saying "warning, your computer is infected with spyware". Also, task manager was disabled, and there was this installer with the name of "HPIZ350" on it.



Now I have none of that, my overall computer performance is back to what it should be, and my internet is just a bit slower than normal, which is probably normal...
See less See more
Save
Like
shaferintl
scarface910,

Thanks for the logs and information. More to do, so let's continue.

... my overall computer performance is back to what it should be, and my internet is just a bit slower than normal, which is probably normal...
Click to expand...
Excellent news!

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please visit this webpage familiarize yourself with downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix. Download ComboFix and place it on your Desktop.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Still in Safe Mode, open HijackThis, run a scan, and place a Check next to the following item(s):
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O4 - HKLM\..\Run: [lphcl98j0e34t] C:\WINDOWS\System32\lphcl98j0e34t.exe
    O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\System32\sysrest32.exe
Then close all open windows/browsers and Click on Fix Checked.

Reboot your PC, normally.

Delete these files/folders, as follows:
  • Open notepad and copy/paste the text in the quotebox below into it (all except the word QUOTE):

    File::
    C:\WINDOWS\System32\lphcl98j0e34t.exe
    C:\WINDOWS\System32\sysrest32.exe
    C:\WINDOWS\kjowe.dll
    C:\WINDOWS\nylcs.dll
    C:\WINDOWS\qkjar.dll
    C:\WINDOWS\qvaxj.dll
    C:\Program Files\Toolbar\PIB.exe
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
    C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT8.tmp
    C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\BIT44.tmp
    Click to expand...
  • Save this as CFScript
  • Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

  • ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

Please post the Combofix log and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
See less See more
Save
Like
S
COMBOFIX




ComboFix 08-06-10.1 - Owner 2008-06-10 18:17:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.233 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Program Files\Toolbar\PIB.exe
C:\WINDOWS\kjowe.dll
C:\WINDOWS\nylcs.dll
C:\WINDOWS\qkjar.dll
C:\WINDOWS\qvaxj.dll
C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT8.tmp
C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\BIT44.tmp
C:\WINDOWS\System32\lphcl98j0e34t.exe
C:\WINDOWS\System32\sysrest32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Local Settings\Temporary Internet Files\Tvm.log
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Tvm.log
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\favicon.ico
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Tvm.log
C:\WINDOWS\kjowe.dll
C:\WINDOWS\nylcs.dll
C:\WINDOWS\qkjar.dll
C:\WINDOWS\qvaxj.dll
C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT8.tmp
C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\BIT44.tmp
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Tvm.log
C:\WINDOWS\system32\winpfz33.sys

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-10 00:02 . 2008-06-10 01:27 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-06-09 22:02 . 2008-06-10 18:13 <DIR> d-------- C:\WINDOWS\system32\1766
2008-06-09 21:19 . 2008-06-09 21:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-09 21:18 . 2008-06-09 14:25 <DIR> d----c--- C:\SDFix
2008-06-09 20:14 . 2008-06-09 20:14 <DIR> d-------- C:\WINDOWS\system32\5350
2008-06-09 14:37 . 2008-06-09 19:42 23,040 --a------ C:\WINDOWS\system32\sysrest32 .exe
2008-06-09 14:28 . 2008-06-09 14:28 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-09 14:13 . 2008-06-09 19:52 52,736 --a------ C:\WINDOWS\system32\blphcl98j0e34t.scr
2008-06-08 22:30 . 2008-06-08 22:30 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Malwarebytes
2008-06-08 21:26 . 2004-01-20 20:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\WINDOWS
2008-06-08 21:26 . 2004-08-11 21:43 <DIR> d---s---- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\UserData
2008-06-08 21:26 . 2005-01-02 18:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Shared
2008-06-08 21:26 . 2005-01-02 18:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Incomplete
2008-06-08 21:26 . 2004-09-06 19:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Yahoo!
2008-06-08 21:26 . 2004-09-06 09:29 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\WeatherBug
2008-06-08 21:26 . 2004-08-05 20:27 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Talkback
2008-06-08 21:26 . 2004-01-21 02:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Symantec
2008-06-08 21:26 . 2004-01-20 20:21 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Sonic
2008-06-08 21:26 . 2004-01-20 21:29 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\SampleView
2008-06-08 21:26 . 2004-09-15 23:43 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\rawh
2008-06-08 21:26 . 2004-10-09 17:09 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Leadertech
2008-06-08 21:26 . 2004-08-05 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\InterVideo
2008-06-08 21:26 . 2004-01-21 02:52 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\interMute
2008-06-08 21:26 . 2004-12-24 17:07 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\HP
2008-06-08 21:26 . 2004-08-29 20:43 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Apple Computer
2008-06-08 21:26 . 2004-11-20 14:59 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Aim
2008-06-08 21:26 . 2004-10-02 00:25 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\AdobeUM
2008-06-08 21:26 . 2004-12-15 14:33 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\.limewire
2008-06-08 21:26 . 2008-06-08 22:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z
2008-06-08 19:53 . 2008-06-09 19:58 <DIR> d-------- C:\WINDOWS\system32\6021
2008-06-08 19:53 . 2008-06-08 19:53 55,808 --a------ C:\WINDOWS\portsv.exe
2008-06-08 19:44 . 2008-06-08 19:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\shcj98j0e34t
2008-06-08 19:44 . 2008-06-09 19:44 17,695 --a------ C:\WINDOWS\helloserv.config
2008-06-08 19:43 . 2008-06-09 19:42 92,160 --a------ C:\WINDOWS\system32\lphcl98j0e34t .exe
2008-06-08 19:43 . 2008-06-09 19:42 39,936 --a------ C:\WINDOWS\system32\drivers\svchost .exe
2008-06-08 19:39 . 2008-06-09 19:42 90,838 --a------ C:\WINDOWS\system32\phcl98j0e34t.bmp
2008-06-08 19:15 . 2008-06-09 20:12 2,019 --a------ C:\WINDOWS\system32\default.htm
2008-06-08 18:58 . 2008-06-08 18:58 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2008-06-08 18:46 . 2008-06-10 12:04 <DIR> d-------- C:\WINDOWS\system32\xrem
2008-06-08 18:46 . 2008-06-10 12:03 <DIR> d-------- C:\WINDOWS\system32\inet2
2008-06-08 18:46 . 2008-06-10 12:03 <DIR> d-------- C:\WINDOWS\system32\expo
2008-06-08 18:46 . 2008-06-10 11:50 <DIR> d-------- C:\WINDOWS\system32\btz
2008-06-08 18:46 . 2008-06-10 13:29 <DIR> d-------- C:\WINDOWS\system32\105772
2008-06-08 00:29 . 2008-06-10 14:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 19:02 . 2008-06-07 19:02 <DIR> d-------- C:\Program Files\LabelCommand
2008-06-07 16:23 . 2008-06-10 17:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 00:19 . 2008-06-05 00:19 <DIR> d----c--- C:\logs
2008-06-05 00:19 . 2008-06-05 00:19 <DIR> d-------- C:\Documents and Settings\Owner\ChikkaDefault
2008-06-05 00:18 . 2008-06-05 00:18 <DIR> d-------- C:\Program Files\Chikka Messenger
2008-06-05 00:15 . 2008-06-09 19:42 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2008-06-04 21:57 . 2008-06-04 21:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 21:57 . 2008-06-04 21:57 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-04 21:47 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-06-04 21:47 . 2002-08-29 01:33 55,680 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-06-04 21:47 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-06-04 21:47 . 2001-08-17 13:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-04 21:47 . 2002-08-29 01:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-04 21:47 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-06-04 21:47 . 2002-08-29 01:32 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-06-04 21:43 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-06-04 21:30 . 2008-06-09 19:42 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2008-06-04 20:56 . 2004-01-20 20:48 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-04 20:56 . 2004-08-11 21:43 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-06-04 20:56 . 2005-01-02 18:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Shared
2008-06-04 20:56 . 2005-01-02 18:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Incomplete
2008-06-04 20:56 . 2004-12-15 14:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\.limewire
2008-06-04 20:54 . 2001-12-10 17:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-06-04 20:54 . 2001-12-10 17:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-06-04 20:54 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-06-04 20:54 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-06-04 20:54 . 2001-12-10 17:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-06-04 20:54 . 2001-12-10 17:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-06-04 20:54 . 2003-09-19 01:47 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-06-04 20:51 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-06-04 20:51 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-06-04 19:37 . 2008-06-04 21:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-04 15:27 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\Panda Security
2008-05-25 13:50 . 2008-05-25 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Amazon
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\Amazon
2008-05-24 16:46 . 2008-06-03 14:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 16:46 . 2008-05-24 16:46 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 20:29 --------- d-----w C:\Program Files\Windows FormatAd
2008-06-10 20:29 --------- d-----w C:\Program Files\Web_Rebates
2008-06-10 20:29 --------- d-----w C:\Program Files\Web Offer
2008-06-10 20:29 --------- d-----w C:\Program Files\TV Media
2008-06-10 20:29 --------- d-----w C:\Program Files\Toolbar
2008-06-10 20:28 --------- d-----w C:\Program Files\PrecisionTime
2008-06-10 20:28 --------- d-----w C:\Program Files\Date Manager
2008-06-10 20:28 --------- d-----w C:\Program Files\Common Files\GMT
2008-06-10 20:28 --------- d-----w C:\Program Files\Common Files\ffki
2008-06-10 20:28 --------- d-----w C:\Program Files\ComcastToolbar
2008-06-10 20:28 --------- d-----w C:\Program Files\ClearSearch
2008-06-10 20:28 --------- d-----w C:\Program Files\BullsEye Network
2008-06-10 20:28 --------- d-----w C:\Program Files\Awsoffer
2008-06-10 20:28 --------- d-----w C:\Program Files\AutoUpdate
2008-06-10 16:07 --------- d-----w C:\Program Files\QuickTime
2008-06-10 15:52 --------- d-----w C:\Program Files\Oiurg
2008-06-10 15:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-10 14:55 --------- d-----w C:\Program Files\ItBill
2008-06-10 14:33 --------- d-----w C:\Program Files\Cyrqm
2008-06-10 11:50 --------- d-----w C:\Program Files\Ares
2008-06-10 11:43 --------- d-----w C:\Program Files\Abacast
2008-06-10 02:59 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-06-08 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 00:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-06-08 00:00 --------- d-----w C:\Program Files\MSN Messenger
2008-06-05 07:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-05 04:50 --------- d-----w C:\Program Files\Symantec
2008-06-05 04:50 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-05 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-05 04:49 --------- d-----w C:\Program Files\MUSICMATCH
2008-06-05 04:46 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-05 04:44 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-04 00:11 --------- d-----w C:\Program Files\iTunes
2008-05-31 18:15 --------- d-----w C:\Program Files\LimeWire
2008-05-26 23:39 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-25 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 04:44 --------- d-----w C:\Program Files\DivX
2008-04-25 01:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-04-19 23:38 --------- d-----w C:\Program Files\Google
2008-04-17 22:43 --------- d-----w C:\Program Files\Postal2
2008-04-05 23:56 208,896 ----a-w C:\WINDOWS\inf\unregmp2 .exe
2006-02-02 08:57 26,958 ----a-w C:\Program Files\MovieLand Terms.html
2000-02-24 09:10 109 ----a-w C:\Documents and Settings\Owner\UNPACK.BAT
2000-02-03 18:51 13,032 ----a-w C:\Documents and Settings\Owner\TRAINER.EXE
2000-02-02 22:33 350 ----a-w C:\Documents and Settings\Owner\SIMS.REG
2000-02-02 19:50 2,166,784 ----a-w C:\Documents and Settings\Owner\Sims.exe
2000-01-06 04:39 31,744 ----a-w C:\Documents and Settings\Owner\Drvmgt.dll
2000-01-06 04:39 10,848 ----a-w C:\Documents and Settings\Owner\Secdrv.sys
1999-10-30 08:33 835,628 ----a-w C:\Documents and Settings\Owner\gimex.dll
1999-09-18 19:17 7,960 ----a-w C:\Documents and Settings\Owner\WUNPACK.EXE
1999-04-08 21:00 229,344 ----a-w C:\Documents and Settings\Owner\4DOS.COM
1999-02-09 18:46 137,728 ----a-w C:\Documents and Settings\Owner\ijl10.dll
2006-05-08 22:30 32 --sha-w C:\WINDOWS\{DD0E290A-16C5-4651-BD2E-414E9CFA8A68}.dat
.
Code: 
<pre>
----a-w           200,773 2008-06-10 20:29:16  C:\Documents and Settings\Owner\DoctorWeb\Quarantine\qcnttkdm  .exe
----a-w           200,773 2008-06-10 20:29:16  C:\Documents and Settings\Owner\DoctorWeb\Quarantine\qcnttkdm .exe
----a-w            27,136 2008-06-05 07:15:31  C:\hp\bin\cloaker .exe
----a-w            61,440 2008-06-10 02:42:05  C:\hp\KBD\KBD .EXE
----a-w           307,200 2008-01-07 23:16:37  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            67,160 2008-03-12 20:14:13  C:\Program Files\AIM\aim .exe
----a-w         1,186,304 2008-04-17 22:35:51  C:\Program Files\Ares\Ares                                            .exe
----a-w           151,597 2008-06-10 02:42:06  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           110,592 2008-06-10 02:42:05  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w            70,816 2008-06-05 04:30:53  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           124,096 2008-06-05 04:30:53  C:\Program Files\Common Files\Symantec Shared\CfgWiz .exe
----a-w            68,856 2008-06-03 21:23:31  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           171,448 2008-03-12 20:14:12  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w            32,768 2008-03-12 20:14:11  C:\Program Files\HP\Digital Imaging\bin\backupnotify .exe
----a-w            49,152 2008-06-09 21:12:54  C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
----a-w           267,048 2008-06-03 21:23:30  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            32,881 2008-06-10 02:42:02  C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w            36,975 2008-01-07 23:16:26  C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
----a-w           132,496 2008-03-12 20:14:02  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w           144,784 2008-06-03 21:23:15  C:\Program Files\Java\jre1.6.0_05\bin\jusched .exe
----a-w         1,191,544 2008-06-09 21:37:57  C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
----a-w            20,480 2008-01-07 23:16:34  C:\Program Files\McAfee\MBK\LogOnHook .exe
----a-w           303,104 2008-01-07 02:39:44  C:\Program Files\McAfee.com\Agent\McAgent .exe
----a-w           212,992 2008-01-07 02:39:41  C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w         1,694,208 2008-06-03 21:23:38  C:\Program Files\Messenger\msmsgs .exe
----a-w           135,168 2008-06-10 02:42:13  C:\Program Files\Multimedia Card Reader\shwicon2k .exe
----a-w            53,248 2008-06-05 02:27:52  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w           237,568 2008-01-07 23:16:27  C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
----a-w         1,773,568 2008-06-08 08:09:52  C:\Program Files\support.com\bin\tgcmd .exe
----a-w         4,538,368 2008-01-07 23:16:43  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w           118,784 2008-06-10 02:42:13  C:\WINDOWS\CREATOR\Remind_XP .exe
----a-w           208,896 2008-04-05 23:56:32  C:\WINDOWS\inf\unregmp2 .exe
----a-w           221,184 2008-06-10 02:42:07  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w            52,736 2008-06-07 23:37:42  C:\WINDOWS\system\hpsysdrv .exe
----a-w           483,328 2008-06-10 02:42:03  C:\WINDOWS\system32\hphmon05 .exe
----a-w            92,160 2008-06-10 02:42:13  C:\WINDOWS\system32\lphcl98j0e34t .exe
----a-w            81,920 2008-06-10 02:42:10  C:\WINDOWS\system32\ps2 .exe
----a-w            23,040 2008-06-10 02:42:14  C:\WINDOWS\system32\sysrest32 .exe
----a-w            39,936 2008-06-10 02:42:15  C:\WINDOWS\system32\drivers\svchost .exe
----a-w           172,032 2008-06-10 02:42:13  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08 .exe
----a-w            20,480 2008-01-07 03:47:48  C:\WINDOWS\wt\updater\wcmdmgrl .exe
</pre>

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"helloserv"="C:\WINDOWS\helloserv.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 20:50 3022848]
"nwiz"="nwiz.exe" [2003-12-05 20:50 753664 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [ ]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24 237568]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-01-20 20:59:55 16384]

R2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []
S1 partmgrr;partmgrr;C:\WINDOWS\System32\drivers\partmgrr.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 21:57:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 08:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 08:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-09 01:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2004-01-21 09:49:59 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-04 18:36:00 C:\WINDOWS\Tasks\WebReg 20060509113641.job"
- c:\Program Files\Hewlett-Packard\webreg\bin\hpqwrg.exeC/TaskName 20060509113641 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 18:23:24
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-10 18:51:50
ComboFix-quarantined-files.txt 2008-06-11 01:51:24
ComboFix2.txt 2008-06-10 03:49:31

Pre-Run: 54,813,868,032 bytes free
Post-Run: 54,811,467,776 bytes free

298




UPDATED HIJACKTHIS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:40 PM, on 6/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\virus protection folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKCU\..\Run: [helloserv] C:\WINDOWS\helloserv.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{684E718A-7F86-4475-B6E6-86EE68DEE875}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90E59A0-FAF3-4E56-A259-22E7830CC35E}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 5649 bytes



Dont really see a difference, working well but I dont understand what I did that made the computer better :4-dontkno

By the way I still have the HPIZ350 problem, whenever I open my computer it always shows up.
See less See more
Save
Like
shaferintl
scarface910,

Thanks for the logs and information. More to do, so let's continue.

... I dont understand what I did that made the computer better
Click to expand...
Those first two scans made quite a difference. :)

By the way I still have the HPIZ350 problem, whenever I open my computer it always shows up.
Click to expand...
If this is still a problem after we achieve a clean system, please let me know.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Open HijackThis
Click: None of the above, just start the program.
Click: Config
Click: Misc Tools
Click: Open Process Manager. Look for these processes (below) and click on Kill Process.

C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\drivers\partmgrr.sys

Close HijackThis.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Still in Safe Mode, open HijackThis, run a scan, and place a Check next to the following item(s):
  • O4 - HKCU\..\Run: [helloserv] C:\WINDOWS\helloserv.exe
    O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
Then close all open windows/browsers and Click on Fix Checked.

Still in Safe mode, delete these files/folders, as follows:
  • Open notepad and copy/paste the text in the box below into it (all except the word CODE):

    Code: 
    File::
C:\WINDOWS\portsv.exe
C:\WINDOWS\helloserv.exe
C:\WINDOWS\system32\sysrest32 .exe
C:\WINDOWS\system32\blphcl98j0e34t.scr
C:\WINDOWS\system32\lphcl98j0e34t .exe
C:\WINDOWS\system32\drivers\svchost .exe
C:\WINDOWS\system32\phcl98j0e34t.bmp
C:\WINDOWS\system32\GClogo_32x32.ico
C:\WINDOWS\System32\drivers\partmgrr.sys

Folder::
C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\rawh
C:\Documents and Settings\Owner\Application Data\shcj98j0e34t
C:\WINDOWS\system32\xrem
C:\WINDOWS\system32\inet2
C:\WINDOWS\system32\expo
C:\WINDOWS\system32\btz
C:\WINDOWS\system32\105772
C:\Program Files\LabelCommand
C:\Program Files\Windows FormatAd
C:\Program Files\Web_Rebates
C:\Program Files\Web Offer
C:\Program Files\TV Media
C:\Program Files\Toolbar
C:\Program Files\PrecisionTime
C:\Program Files\Date Manager
C:\Program Files\Common Files\GMT
C:\Program Files\Common Files\ffki
C:\Program Files\ComcastToolbar
C:\Program Files\ClearSearch
C:\Program Files\BullsEye Network
C:\Program Files\Awsoffer
C:\Program Files\Oiurg
C:\Program Files\ItBill
C:\Program Files\Cyrqm

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"helloserv"=-

RenV::
C:\hp\bin\cloaker .exe
C:\hp\KBD\KBD .EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
C:\Program Files\AIM\aim .exe
C:\Program Files\Ares\Ares                                            .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\CfgWiz .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\HP\Digital Imaging\bin\backupnotify .exe
C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched .exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\Program Files\McAfee\MBK\LogOnHook .exe
C:\Program Files\McAfee.com\Agent\McAgent .exe
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Multimedia Card Reader\shwicon2k .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
C:\Program Files\support.com\bin\tgcmd .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\CREATOR\Remind_XP .exe
C:\WINDOWS\inf\unregmp2 .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system\hpsysdrv .exe
C:\WINDOWS\system32\hphmon05 .exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\system32\drivers\svchost .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08 .exe
C:\WINDOWS\wt\updater\wcmdmgrl .exe
  • Save this as CFScript
  • Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

  • ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

You have Weatherbug installed. It is considered adware, see here. The alternative provided is a good way to go.

Please post the Combofix log and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
See less See more
Save
Like
S
I cant kill C:\Windows\portsv.exe, it gives me a message saying "the selected process could not be killed. It may have been already closed, or it maybe protected by Windows."

also, I cant find the other process you wanted me to kill. Im not sure what the importance to that is so I will just wait for your reply before proceeding to the other steps.
Save
Like
shaferintl
scarface910,

saying "the selected process could not be killed. It may have been already closed, or it maybe protected by Windows."

also, I cant find the other process you wanted me to kill.
Click to expand...
That's OK. Continue to the next step.
See less See more
Save
Like
S
I have the combofix log, but the file is just way too large to post, I could probably email you the file but if you know another alternative please let me know.


Heres the hijack this log
'

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:02 PM, on 6/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\virus protection folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{684E718A-7F86-4475-B6E6-86EE68DEE875}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90E59A0-FAF3-4E56-A259-22E7830CC35E}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 5514 bytes




and i still have that hpiz350 problem..
See less See more
Save
Like
shaferintl
scarface910,

I have the combofix log, but the file is just way too large to post, I could probably email you the file but if you know another alternative please let me know.
Click to expand...
OK, please upload CF log as follows. To upload your log file for viewing, go to Savefile File Hosting and you can upload the log files there. There is no need to register, just click the "UPLOAD MY FILE" button. After you upload the file, please post the link to the file in your topic. That way, anyone on the board can see the log almost as easily as if it were posted here.
See less See more
Save
Like
S
http://www.savefile.com/files/1607289

this should be able to work.
Save
Like
shaferintl
scarface910,

Thanks for the logs and information. Looking very good!


and i still have that hpiz350 problem..
Click to expand...
Please uninstall hpiz350 using Start > Control Panel > Add or remove programs

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears. Sign in with your normal user account.

Open HijackThis
Click: None of the above, just start the program.
Click: Config
Click: Misc Tools
Click: Open Process Manager. Look for the process (below) and click on Kill Process.

C:\WINDOWS\System32\drivers\partmgrr.sys

Close HijackThis.

Still in Safe mode, delete these files/folders, as follows:
  • Open notepad and copy/paste the text in the box below into it (all except the word CODE):

    Code: 
    Killall::

Folder::
C:\WINDOWS\system32\1466
C:\WINDOWS\system32\1766
C:\WINDOWS\system32\5350
C:\WINDOWS\system32\6021
C:\Program Files\SEP
C:\Program Files\NavExcel Search Toolbar
C:\Program Files\Common Files\midaddle
C:\WINDOWS\System32\drivers\partmgrr.sys

File::
C:\WINDOWS\helloserv.config
C:\WINDOWS\{DD0E290A-16C5-4651-BD2E-414E9CFA8A68}.dat
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\qcnttkdm  .exe
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\qcnttkdm .exe
C:\hp\bin\cloaker .exe
C:\hp\KBD\KBD .EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
C:\Program Files\AIM\aim .exe
C:\Program Files\Ares\Ares                                            .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\CfgWiz .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\HP\Digital Imaging\bin\backupnotify .exe
C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched .exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\Program Files\McAfee\MBK\LogOnHook .exe
C:\Program Files\McAfee.com\Agent\McAgent .exe
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Multimedia Card Reader\shwicon2k .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
C:\Program Files\support.com\bin\tgcmd .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\CREATOR\Remind_XP .exe
C:\WINDOWS\inf\unregmp2 .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system\hpsysdrv .exe
C:\WINDOWS\system32\hphmon05 .exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08 .exe
C:\WINDOWS\wt\updater\wcmdmgrl .exe
  • Save this as CFScript
  • Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

  • ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

Please run an online scan to be sure we've left nothing behind!

Please perform this online scan: Kaspersky Webscan. Here is an alternate site.
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply.

Please post the Kaspersky scan results, the Combofix log, and a new HijackThis log in your next reply. Please also say how your computer is running now. :)
See less See more
2
Save
Like
S
My computer has gotten worse, your doing a great job in helping me fix my computer but im pretty sure it was one of my family members that messed it up, as they were ignorant enough to click on the popups that download anti-virus programs...

now I have this antivirus program installed that opens upon windows startup, and for some odd reason it restarts by itself...I wasnt able to to the kaspersky scan due to the fact that my computer randomly restarts, but I was able to get the combofix log for you:

ComboFix 08-06-10.1 - Owner 2008-06-14 1:13:07.4 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.294 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\qcnttkdm .exe
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\qcnttkdm .exe
C:\hp\bin\cloaker .exe
C:\hp\KBD\KBD .EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
C:\Program Files\AIM\aim .exe
C:\Program Files\Ares\Ares .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\CfgWiz .exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
C:\Program Files\HP\Digital Imaging\bin\backupnotify .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched .exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\Program Files\McAfee.com\Agent\McAgent .exe
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\McAfee\MBK\LogOnHook .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Multimedia Card Reader\shwicon2k .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
C:\Program Files\support.com\bin\tgcmd .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\{DD0E290A-16C5-4651-BD2E-414E9CFA8A68}.dat
C:\WINDOWS\CREATOR\Remind_XP .exe
C:\WINDOWS\helloserv.config
C:\WINDOWS\inf\unregmp2 .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system\hpsysdrv .exe
C:\WINDOWS\system32\hphmon05 .exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08 .exe
C:\WINDOWS\wt\updater\wcmdmgrl .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\hp\bin\cloaker .exe
C:\hp\KBD\KBD .EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
C:\Program Files\AIM\aim .exe
C:\Program Files\Ares\Ares .exe
C:\Program Files\Common Files\midaddle
C:\Program Files\Common Files\midaddle\uninst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\CfgWiz .exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
C:\Program Files\HP\Digital Imaging\bin\backupnotify .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched .exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\Program Files\McAfee.com\Agent\McAgent .exe
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\McAfee\MBK\LogOnHook .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Multimedia Card Reader\shwicon2k .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\Program Files\NavExcel Search Toolbar
C:\Program Files\NavExcel Search Toolbar\settings.dat
C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
C:\Program Files\SEP
C:\Program Files\SEP\Uninst.exe
C:\Program Files\support.com\bin\tgcmd .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\{DD0E290A-16C5-4651-BD2E-414E9CFA8A68}.dat
C:\WINDOWS\CREATOR\Remind_XP .exe
C:\WINDOWS\helloserv.config
C:\WINDOWS\inf\unregmp2 .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system\hpsysdrv .exe
C:\WINDOWS\system32\1466
C:\WINDOWS\system32\1466\~!3227p.spt
C:\WINDOWS\system32\1766
C:\WINDOWS\system32\5350
C:\WINDOWS\system32\6021
C:\WINDOWS\system32\6021\~!6037p.spt
C:\WINDOWS\system32\hphmon05 .exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08 .exe
C:\WINDOWS\wt\updater\wcmdmgrl .exe

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-13 04:26 . 2002-12-12 01:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-13 04:10 . 2008-06-13 04:10 <DIR> d-------- C:\Program Files\uTorrent
2008-06-13 04:10 . 2008-06-13 05:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-06-10 00:02 . 2008-06-10 01:27 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-06-09 21:19 . 2008-06-09 21:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-09 21:18 . 2008-06-09 14:25 <DIR> d----c--- C:\SDFix
2008-06-09 14:28 . 2008-06-09 14:28 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-08 22:30 . 2008-06-08 22:30 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Malwarebytes
2008-06-08 21:26 . 2004-01-20 20:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\WINDOWS
2008-06-08 21:26 . 2004-08-11 21:43 <DIR> d---s---- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\UserData
2008-06-08 21:26 . 2005-01-02 18:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Shared
2008-06-08 21:26 . 2005-01-02 18:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Incomplete
2008-06-08 21:26 . 2004-09-06 19:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Yahoo!
2008-06-08 21:26 . 2004-09-06 09:29 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\WeatherBug
2008-06-08 21:26 . 2004-08-05 20:27 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Talkback
2008-06-08 21:26 . 2004-01-21 02:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Symantec
2008-06-08 21:26 . 2004-01-20 20:21 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Sonic
2008-06-08 21:26 . 2004-01-20 21:29 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\SampleView
2008-06-08 21:26 . 2004-10-09 17:09 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Leadertech
2008-06-08 21:26 . 2004-08-05 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\InterVideo
2008-06-08 21:26 . 2004-01-21 02:52 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\interMute
2008-06-08 21:26 . 2004-12-24 17:07 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\HP
2008-06-08 21:26 . 2004-08-29 20:43 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Apple Computer
2008-06-08 21:26 . 2004-11-20 14:59 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Aim
2008-06-08 21:26 . 2004-10-02 00:25 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\AdobeUM
2008-06-08 21:26 . 2004-12-15 14:33 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\.limewire
2008-06-08 21:26 . 2008-06-08 22:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z
2008-06-08 19:15 . 2008-06-09 20:12 2,019 --a------ C:\WINDOWS\system32\default.htm
2008-06-08 00:29 . 2008-06-14 01:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 16:23 . 2008-06-13 02:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 00:19 . 2008-06-05 00:19 <DIR> d----c--- C:\logs
2008-06-05 00:19 . 2008-06-05 00:19 <DIR> d-------- C:\Documents and Settings\Owner\ChikkaDefault
2008-06-05 00:18 . 2008-06-05 00:18 <DIR> d-------- C:\Program Files\Chikka Messenger
2008-06-04 21:57 . 2008-06-04 21:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 21:57 . 2008-06-04 21:57 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-04 21:47 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-06-04 21:47 . 2002-08-29 01:33 55,680 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-06-04 21:47 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-06-04 21:47 . 2001-08-17 13:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-04 21:47 . 2002-08-29 01:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-04 21:47 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-06-04 21:47 . 2002-08-29 01:32 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-06-04 21:43 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-06-04 20:56 . 2004-01-20 20:48 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-04 20:56 . 2004-08-11 21:43 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-06-04 20:56 . 2005-01-02 18:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Shared
2008-06-04 20:56 . 2005-01-02 18:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Incomplete
2008-06-04 20:56 . 2004-12-15 14:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\.limewire
2008-06-04 20:54 . 2001-12-10 17:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-06-04 20:54 . 2001-12-10 17:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-06-04 20:54 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-06-04 20:54 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-06-04 20:54 . 2001-12-10 17:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-06-04 20:54 . 2001-12-10 17:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-06-04 20:54 . 2003-09-19 01:47 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-06-04 20:51 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-06-04 20:51 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-06-04 19:37 . 2008-06-04 21:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-04 15:27 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\Panda Security
2008-05-25 13:50 . 2008-05-25 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Amazon
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\Amazon
2008-05-24 16:46 . 2008-06-03 14:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 16:46 . 2008-05-24 16:46 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 08:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 08:18 --------- d-----w C:\Program Files\AIM
2008-06-14 08:13 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-06-14 08:13 --------- d-----w C:\Program Files\iTunes
2008-06-14 08:13 --------- d-----w C:\Program Files\Ares
2008-06-13 11:28 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-13 11:27 --------- d-----w C:\Program Files\Common Files\Real
2008-06-10 20:28 --------- d-----w C:\Program Files\AutoUpdate
2008-06-10 16:07 --------- d-----w C:\Program Files\QuickTime
2008-06-10 15:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-10 11:43 --------- d-----w C:\Program Files\Abacast
2008-06-08 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 00:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-06-08 00:00 --------- d-----w C:\Program Files\MSN Messenger
2008-06-05 04:50 --------- d-----w C:\Program Files\Symantec
2008-06-05 04:50 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-05 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-05 04:49 --------- d-----w C:\Program Files\MUSICMATCH
2008-06-05 04:46 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-05 04:44 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-31 18:15 --------- d-----w C:\Program Files\LimeWire
2008-05-25 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 04:44 --------- d-----w C:\Program Files\DivX
2008-04-25 01:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-04-19 23:38 --------- d-----w C:\Program Files\Google
2008-04-17 22:43 --------- d-----w C:\Program Files\Postal2
2006-02-02 08:57 26,958 ----a-w C:\Program Files\MovieLand Terms.html
2000-02-24 09:10 109 ----a-w C:\Documents and Settings\Owner\UNPACK.BAT
2000-02-03 18:51 13,032 ----a-w C:\Documents and Settings\Owner\TRAINER.EXE
2000-02-02 22:33 350 ----a-w C:\Documents and Settings\Owner\SIMS.REG
2000-02-02 19:50 2,166,784 ----a-w C:\Documents and Settings\Owner\Sims.exe
2000-01-06 04:39 31,744 ----a-w C:\Documents and Settings\Owner\Drvmgt.dll
2000-01-06 04:39 10,848 ----a-w C:\Documents and Settings\Owner\Secdrv.sys
1999-10-30 08:33 835,628 ----a-w C:\Documents and Settings\Owner\gimex.dll
1999-09-18 19:17 7,960 ----a-w C:\Documents and Settings\Owner\WUNPACK.EXE
1999-04-08 21:00 229,344 ----a-w C:\Documents and Settings\Owner\4DOS.COM
1999-02-09 18:46 137,728 ----a-w C:\Documents and Settings\Owner\ijl10.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 20:50 3022848]
"nwiz"="nwiz.exe" [2003-12-05 20:50 753664 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [ ]
"AutoTBar"="\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22AUTOTBAR.EXE" [ ]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-01-20 20:59:55 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

S1 partmgrr;partmgrr;C:\WINDOWS\System32\drivers\partmgrr.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 21:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 08:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 08:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-09 01:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2004-01-21 09:49:59 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-04 18:36:00 C:\WINDOWS\Tasks\WebReg 20060509113641.job"
- c:\Program Files\Hewlett-Packard\webreg\bin\hpqwrg.exeC/TaskName 20060509113641 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 01:18:46
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2008-06-14 1:50:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 08:50:04
ComboFix2.txt 2008-06-13 02:05:51
ComboFix3.txt 2008-06-11 01:51:51
ComboFix4.txt 2008-06-10 03:49:31

Pre-Run: 55,317,143,552 bytes free
Post-Run: 54,857,646,080 bytes free

291






and HIJACKTHIS



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:25 PM, on 6/14/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\NetProject\sbsm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\virus protection folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\System32\162123\162123.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AutoTBar] \WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22AUTOTBAR.EXE
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{684E718A-7F86-4475-B6E6-86EE68DEE875}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90E59A0-FAF3-4E56-A259-22E7830CC35E}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 7657 bytes
See less See more
Save
Like
shaferintl
scarface910,

My computer has gotten worse...
Click to expand...
Hang in there. There is still some malware we need to remove.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\System32\drivers\partmgrr.sys
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Execute Combofix as follows:
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.
6. Please post your combofix log, then copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log . :)
See less See more
Save
Like
S
I couldnt find some of the things listed in the instructions of the avenger program. I will be waiting for your solution.

I was however, able to use combofix to remove the problem that has really been affecting me. I dont have that antivirus program that's been pestering me, and my computer doesnt start randomly anymore. Now im just awaiting for further instructions from you....now heres the logs:

Combofix

ComboFix 08-06-10.1 - Owner 2008-06-15 19:16:10.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.236 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\Owner\Favorites\Online Security Test.url
C:\Program Files\AntiSpyCheck
C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
C:\Program Files\AntiSpyCheck\IEWarning.dll
C:\Program Files\AntiSpyCheck\uninst.exe
C:\Program Files\NetProject
C:\Program Files\NetProject\sbmdl.dll
C:\WINDOWS\system32\162123
C:\WINDOWS\system32\162123\162123.dll
.
---- Previous Run -------
.
C:\Program Files\NetProject\myd.ico
C:\Program Files\NetProject\mym.ico
C:\Program Files\NetProject\myp.ico
C:\Program Files\NetProject\myv.ico
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\wamdl.dll
C:\Program Files\NetProject\waun.exe
C:\WINDOWS\system32\tdidrv32.sys

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-14 01:58 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 04:26 . 2002-12-12 01:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-13 04:10 . 2008-06-13 04:10 <DIR> d-------- C:\Program Files\uTorrent
2008-06-13 04:10 . 2008-06-13 05:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-06-10 00:02 . 2008-06-10 01:27 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-06-09 21:19 . 2008-06-09 21:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-09 21:18 . 2008-06-09 14:25 <DIR> d----c--- C:\SDFix
2008-06-09 14:28 . 2008-06-09 14:28 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-08 22:30 . 2008-06-08 22:30 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Malwarebytes
2008-06-08 21:26 . 2004-01-20 20:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\WINDOWS
2008-06-08 21:26 . 2004-08-11 21:43 <DIR> d---s---- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\UserData
2008-06-08 21:26 . 2005-01-02 18:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Shared
2008-06-08 21:26 . 2005-01-02 18:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Incomplete
2008-06-08 21:26 . 2004-09-06 19:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Yahoo!
2008-06-08 21:26 . 2004-09-06 09:29 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\WeatherBug
2008-06-08 21:26 . 2004-08-05 20:27 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Talkback
2008-06-08 21:26 . 2004-01-21 02:48 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Symantec
2008-06-08 21:26 . 2004-01-20 20:21 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Sonic
2008-06-08 21:26 . 2004-01-20 21:29 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\SampleView
2008-06-08 21:26 . 2004-10-09 17:09 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Leadertech
2008-06-08 21:26 . 2004-08-05 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\InterVideo
2008-06-08 21:26 . 2004-01-21 02:52 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\interMute
2008-06-08 21:26 . 2004-12-24 17:07 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\HP
2008-06-08 21:26 . 2004-08-29 20:43 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Apple Computer
2008-06-08 21:26 . 2004-11-20 14:59 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Aim
2008-06-08 21:26 . 2004-10-02 00:25 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\AdobeUM
2008-06-08 21:26 . 2004-12-15 14:33 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\.limewire
2008-06-08 21:26 . 2008-06-08 22:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z
2008-06-08 19:15 . 2008-06-09 20:12 2,019 --a------ C:\WINDOWS\system32\default.htm
2008-06-08 00:29 . 2008-06-14 01:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-08 00:29 . 2008-06-08 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 16:23 . 2008-06-15 19:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 00:19 . 2008-06-05 00:19 <DIR> d----c--- C:\logs
2008-06-05 00:19 . 2008-06-05 00:19 <DIR> d-------- C:\Documents and Settings\Owner\ChikkaDefault
2008-06-05 00:18 . 2008-06-05 00:18 <DIR> d-------- C:\Program Files\Chikka Messenger
2008-06-04 21:57 . 2008-06-04 21:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 21:57 . 2008-06-04 21:57 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-04 21:47 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-06-04 21:47 . 2002-08-29 01:33 55,680 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-06-04 21:47 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-06-04 21:47 . 2001-08-17 13:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-04 21:47 . 2002-08-29 01:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-04 21:47 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-06-04 21:47 . 2002-08-29 01:32 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-06-04 21:43 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-06-04 20:56 . 2004-01-20 20:48 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-04 20:56 . 2004-08-11 21:43 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-06-04 20:56 . 2005-01-02 18:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Shared
2008-06-04 20:56 . 2005-01-02 18:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Incomplete
2008-06-04 20:56 . 2004-12-15 14:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\.limewire
2008-06-04 20:54 . 2001-12-10 17:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-06-04 20:54 . 2001-12-10 17:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-06-04 20:54 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-06-04 20:54 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-06-04 20:54 . 2001-12-10 17:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-06-04 20:54 . 2001-12-10 17:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-06-04 20:54 . 2003-09-19 01:47 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-06-04 20:51 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-06-04 20:51 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-06-04 19:37 . 2008-06-04 21:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2008-06-04 15:27 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\Panda Security
2008-05-25 13:50 . 2008-05-25 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Amazon
2008-05-25 13:48 . 2008-05-25 13:48 <DIR> d-------- C:\Program Files\Amazon
2008-05-24 16:46 . 2008-06-03 14:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 16:46 . 2008-05-24 16:46 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 00:41 --------- d-----w C:\Program Files\Google
2008-06-14 08:58 13,312 --s-a-w C:\WINDOWS\system32\psqnuvo.dll
2008-06-14 08:58 --------- d-----w C:\Program Files\Java
2008-06-14 08:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 08:18 --------- d-----w C:\Program Files\AIM
2008-06-14 08:13 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-06-14 08:13 --------- d-----w C:\Program Files\iTunes
2008-06-14 08:13 --------- d-----w C:\Program Files\Ares
2008-06-13 11:28 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-13 11:27 --------- d-----w C:\Program Files\Common Files\Real
2008-06-10 20:28 --------- d-----w C:\Program Files\AutoUpdate
2008-06-10 16:07 --------- d-----w C:\Program Files\QuickTime
2008-06-10 15:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-10 11:43 --------- d-----w C:\Program Files\Abacast
2008-06-08 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 00:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-06-08 00:00 --------- d-----w C:\Program Files\MSN Messenger
2008-06-05 04:50 --------- d-----w C:\Program Files\Symantec
2008-06-05 04:50 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-05 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-05 04:49 --------- d-----w C:\Program Files\MUSICMATCH
2008-06-05 04:46 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-05 04:44 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-31 18:15 --------- d-----w C:\Program Files\LimeWire
2008-05-25 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-16 04:44 --------- d-----w C:\Program Files\DivX
2008-04-25 01:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-04-17 22:43 --------- d-----w C:\Program Files\Postal2
2006-02-02 08:57 26,958 ----a-w C:\Program Files\MovieLand Terms.html
2000-02-24 09:10 109 ----a-w C:\Documents and Settings\Owner\UNPACK.BAT
2000-02-03 18:51 13,032 ----a-w C:\Documents and Settings\Owner\TRAINER.EXE
2000-02-02 22:33 350 ----a-w C:\Documents and Settings\Owner\SIMS.REG
2000-02-02 19:50 2,166,784 ----a-w C:\Documents and Settings\Owner\Sims.exe
2000-01-06 04:39 31,744 ----a-w C:\Documents and Settings\Owner\Drvmgt.dll
2000-01-06 04:39 10,848 ----a-w C:\Documents and Settings\Owner\Secdrv.sys
1999-10-30 08:33 835,628 ----a-w C:\Documents and Settings\Owner\gimex.dll
1999-09-18 19:17 7,960 ----a-w C:\Documents and Settings\Owner\WUNPACK.EXE
1999-04-08 21:00 229,344 ----a-w C:\Documents and Settings\Owner\4DOS.COM
1999-02-09 18:46 137,728 ----a-w C:\Documents and Settings\Owner\ijl10.dll
.

((((((((((((((((((((((((((((( [email protected]_ 1.48.33.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 08:18:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 02:15:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-14 08:18:33 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-16 02:15:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-14 08:18:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-16 02:15:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-14 08:20:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-16 02:15:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-01-21 01:53:45 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 08:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-01-21 01:53:45 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 08:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 09:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-06-15 00:20:46 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-14 17:11 171448]
"AntiSpyCheck"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 20:50 3022848]
"nwiz"="nwiz.exe" [2003-12-05 20:50 753664 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [ ]
"AutoTBar"="\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22AUTOTBAR.EXE" [ ]
"AntiSpyCheck 2.1.0"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" [ ]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-01-20 20:59:55 16384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"= C:\WINDOWS\System32\psqnuvo.dll [2008-06-14 01:58 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"

S1 partmgrr;partmgrr;C:\WINDOWS\System32\drivers\partmgrr.sys []
S1 tdidrv32.sys;tdidrv32.sys;C:\WINDOWS\System32\tdidrv32.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 21:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 08:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 08:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-09 01:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2004-01-21 09:49:59 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-04 18:36:00 C:\WINDOWS\Tasks\WebReg 20060509113641.job"
- c:\Program Files\Hewlett-Packard\webreg\bin\hpqwrg.exeC/TaskName 20060509113641 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 19:20:00
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-15 19:50:15
ComboFix-quarantined-files.txt 2008-06-16 02:50:11
ComboFix2.txt 2008-06-14 08:50:11
ComboFix3.txt 2008-06-13 02:05:51
ComboFix4.txt 2008-06-11 01:51:51
ComboFix5.txt 2008-06-10 03:49:31

Pre-Run: 55,476,899,840 bytes free
Post-Run: 55,545,135,104 bytes free

257



Hijack this


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:58 PM, on 6/15/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\virus protection folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AutoTBar] \WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22AUTOTBAR.EXE
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{684E718A-7F86-4475-B6E6-86EE68DEE875}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90E59A0-FAF3-4E56-A259-22E7830CC35E}: NameServer = 85.255.116.164,85.255.112.81
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.81
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 6178 bytes
See less See more
Save
Like
1 - 20 of 46 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support

Top Contributors this Month

View All
spunk.funk
Gary R
SpywareDr
Recommended Communities
Community avatar for SkyscraperCity
SkyscraperCity
1M+ members
Community avatar for AVS Forum
AVS Forum
1M+ members
Community avatar for Climbing
Climbing
NEW!
30+ members
Top