Post by: kmichelle1984 on January 01, 2008, 04:45:56 PM
Spybot finds smitfraud c, but cannot get rid of it either.
My logfile from highjackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:48 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Multimedia Card Reader\shwicon2k .exe
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Webroot\Washer\wwDisp .exe
C:\Documents and Settings\Owner\Desktop\VundoFix.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/ (http://\"http://us10.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us10.hpwis.com/ (http://\"http://srch-us10.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/...o.com/search/ie (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie\")
.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/...o.com/search/ie (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie\")
.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/ (http://\"http://us10.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0B64D814-1BF7-422E-D2A8-14349505E599} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqo.exe
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital
Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe"
-atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Locaqyxk] C:\Documents and Settings\Owner\My Documents\??mantec\l?ass.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Policies\Explorer\Run: [{38F6A491-0A28-1033-0412-050203200001}] "C:\Program
Files\Common Files\{38F6A491-0A28-1033-0412-050203200001}\Update.exe" mc-110-12-0000272
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif
2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif
2.26\IExifCom.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/clients/y/wt1_x.cab (http://\"http://download2.games.yahoo.com/games/clients/y/wt1_x.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204 (http://\"http://go.microsoft.com/fwlink/?LinkID=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program
Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat...e.cab?116123243 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?116123243\")
6812
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program
Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. -
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program
Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9518 bytes
Post by: guestolo on January 01, 2008, 04:52:23 PM
In the meantime
Can you do the following please
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe\") and save it ONLY to your desktop
EDIT>>Can you temorarily disable AVAST protections
Right click it's icon by the clock and select STOP ON ACCESS PROTECTIONS
OK the prompt
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
It's default location is C:\Combofix.txt
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Post back the following
1. Post the log from Combofix
2. Post a fresh hijackthis log
NOTE: It's too hard reading your log when it spaced the way it is
In either log, before you copy it, can you select FORMAT at the top menu bar and UNCHECK>>Word Wrap
Then go ahean and copy>>paste back here both logs
I threw an edit before running Combofix, can you take another look if you have trouble running it please
Post by: kmichelle1984 on January 01, 2008, 05:33:21 PM
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.543 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7PR49H8X\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\{38F6A~1
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ljjjkll.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\plyodmp.dll
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\z1
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-02 15:58 . 2008-01-02 15:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-01 15:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 12:20 . 2008-01-02 15:58 <DIR> d-------- C:\VundoFix Backups
2007-12-30 16:59 . 2007-12-30 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-29 18:45 . 2007-12-29 18:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-12-29 18:43 . 2008-01-02 15:59 <DIR> d-------- C:\Program Files\AIM6
2007-12-28 23:44 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-28 23:44 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-28 23:44 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-28 23:22 . 2007-12-28 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-28 18:50 . 2008-01-01 11:39 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-28 18:49 . 2008-01-01 11:39 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2007-12-28 18:49 . 2008-01-01 11:39 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-28 18:49 . 2008-01-01 11:39 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-28 18:49 . 2008-01-01 11:39 52,736 --a------ C:\WINDOWS\system\hpsysdrv .exe
2007-12-28 18:49 . 2008-01-01 12:16 182 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-28 17:00 . 2007-12-28 17:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 16:51 . 2007-12-28 16:51 134 --a------ C:\n.bat
2007-12-28 16:50 . 2007-12-28 16:50 <DIR> d-------- C:\WINDOWS\system32\pp1
2007-12-28 16:50 . 2007-12-28 21:42 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-28 16:50 . 2007-12-28 16:52 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-28 16:50 . 2007-12-28 16:50 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2007-12-28 16:50 . 2007-12-28 21:42 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-28 16:50 . 2007-12-28 16:50 <DIR> d-------- C:\Temp\cEeer12
2007-12-28 16:50 . 2008-01-02 15:57 <DIR> d-------- C:\Temp
2007-12-28 16:48 . 2007-12-28 18:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 10:54 . 2007-12-30 02:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-28 10:54 . 2007-12-28 10:54 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 08:19 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\provisioning
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\peernet
2007-12-27 23:30 . 2007-12-27 23:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-27 23:14 . 2007-12-27 23:14 <DIR> d-------- C:\WINDOWS\EHome
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Program Files\Mattel
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Mattel
2007-12-04 11:23 . 2007-12-04 23:16 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-04 11:23 . 2007-12-04 23:16 88 -r-hs---- C:\WINDOWS\system32\B12A0F95F1.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 21:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-02 21:59 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-01-02 21:59 --------- d-----w C:\Program Files\iTunes
2008-01-02 21:57 --------- d-----w C:\Program Files\QuickTime
2008-01-01 18:15 --------- d-----w C:\Program Files\Trend Micro
2008-01-01 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 07:17 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2007-12-30 23:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-30 00:44 --------- d-----w C:\Program Files\Viewpoint
2007-12-30 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-30 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-12-28 01:49 5,923,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-25 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 01:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-11-17 02:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 02:25 --------- d-----w C:\Program Files\iPod
2007-11-17 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 02:23 --------- d-----w C:\Program Files\Apple Software Update
2007-11-17 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-14 20:32 --------- d-----w C:\Program Files\FrostWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 22:46 --------- d-----w C:\Program Files\Quicken
2007-11-02 22:46 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-11-02 22:46 --------- d-----w C:\Program Files\MSN Encarta Plus
2007-11-02 22:46 --------- d-----w C:\Program Files\Microsoft Works
2007-11-02 22:46 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-20 17:15 103,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_19_11_24_30_small.dmp.zip
2006-10-30 16:26 98,508 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_28_11_48_20_small.dmp.zip
2006-10-19 03:39 132,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_18_12_41_12_small.dmp.zip
2006-10-14 02:30 523,459 --sh--w C:\WINDOWS\system32\edeeg.bak1
2007-02-15 16:24 993,813 --sh--w C:\WINDOWS\system32\kjllm.bak1
2007-03-02 21:53 1,160,381 --sh--w C:\WINDOWS\system32\kjllm.bak2
.
Code: [Select]
----a-w 968,696 2008-01-01 21:14:57 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 158,208 2008-01-01 07:17:56 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 52,736 2008-01-01 17:39:19 C:\WINDOWS\system\hpsysdrv .exe
----a-w 118,784 2008-01-01 17:39:21 C:\WINDOWS\system32\hkcmd .exe
----a-w 483,328 2008-01-01 17:39:22 C:\WINDOWS\system32\hphmon05 .exe
----a-w 155,648 2008-01-01 17:39:46 C:\WINDOWS\system32\igfxtray .exe
----a-w 81,920 2008-01-01 17:39:33 C:\WINDOWS\system32\ps2 .exe((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F809048-7B81-3432-C9FB-0860356EDA7A}]
C:\WINDOWS\System32\fypbccn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C641DD4A-DE7B-44EE-AD0C-DE5ECA11AAEF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2008-01-01 15:14 32768]
"Locaqyxk"="C:\Documents and Settings\Owner\My Documents\??mantec\l?ass.exe" [ ]
"Yahoo! Pager"="1" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-01 15:15 1318912]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2008-01-01 15:15 1261384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-01 15:14 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-01 15:14 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-01 15:14 221184]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2008-01-01 15:14 135168]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-01 15:14 368706]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2008-01-01 15:14 407032]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-01 15:14 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-01 15:14 40048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{38F6A491-0A28-1033-0412-050203200001}"= "C:\Program Files\Common Files\{38F6A491-0A28-1033-0412-050203200001}\Update.exe" mc-110-12-0000272
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-10 12:08 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
2007-12-30 02:10 24576 --a------ C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
2006-10-13 21:15 230512 --a------ C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
2006-10-13 21:15 185456 --a------ C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
2003-07-14 13:30 98304 --a------ C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 02:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KL AntiFunLove]
2006-10-14 16:21 61440 --a------ C:\WINDOWS\System32\flcss.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awtqo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2007-12-30 23:01 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.6\webbuying.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2008-01-01 15:01 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2001-12-20 10:00]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-02-08 04:16]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 14:49:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21, on 2008-01-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ (http://\"http://srch-us10.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/ (http://\"http://us10.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0B64D814-1BF7-422E-D2A8-14349505E599} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5F809048-7B81-3432-C9FB-0860356EDA7A} - C:\WINDOWS\System32\fypbccn.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C641DD4A-DE7B-44EE-AD0C-DE5ECA11AAEF} - \
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Locaqyxk] C:\Documents and Settings\Owner\My Documents\??mantec\l?ass.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Policies\Explorer\Run: [{38F6A491-0A28-1033-0412-050203200001}] "C:\Program Files\Common Files\{38F6A491-0A28-1033-0412-050203200001}\Update.exe" mc-110-12-0000272
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program (http://\"http://file:///C:Program\") Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program (http://\"http://file:///C:Program\") Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/clients/y/wt1_x.cab (http://\"http://download2.games.yahoo.com/games/clients/y/wt1_x.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 (http://\"http://go.microsoft.com/fwlink/?LinkID=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161232436812 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161232436812\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9283 bytes
I unchecked word wrap. I did not turn off avast until after the logs, do I need to redo them?
Post by: kmichelle1984 on January 01, 2008, 06:48:46 PM
Post by: guestolo on January 01, 2008, 07:11:16 PM
Can you do the following please
download [color=\"#FF0000\"]FindAWF[/color] (http://\"http://noahdfear.net/downloads/FindAWF.exe\") by noahdfear.
Save the file to your Desktop.
Open FindAWF.
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.
When done, a text file, Find AWF report is produced.
Please provide the FindAWF report in your reply.
Post by: kmichelle1984 on January 01, 2008, 07:31:31 PM
Version 1.40
The current date is: 2008-01-02
The current time is: 18:24:31.90
bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
Post by: guestolo on January 01, 2008, 07:43:52 PM
Can you do the following
Please download [color=\"#FF0000\"]RenV[/color] (http://\"http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe\") by sUBs.
1. Save it to your Desktop.
2. Double-click RenV.exe
3. It shall produce a log for you. Please post that log in your reply.
Post by: kmichelle1984 on January 01, 2008, 07:46:32 PM
Code: [Select]
Ran on 2008-01-02 - 18:43:00.18
----a-w 968,696 2008-01-01 21:14:57 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 158,208 2008-01-01 07:17:56 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 52,736 2008-01-01 17:39:19 C:\WINDOWS\system\hpsysdrv .exe
----a-w 118,784 2008-01-01 17:39:21 C:\WINDOWS\system32\hkcmd .exe
----a-w 483,328 2008-01-01 17:39:22 C:\WINDOWS\system32\hphmon05 .exe
----a-w 155,648 2008-01-01 17:39:46 C:\WINDOWS\system32\igfxtray .exe
----a-w 81,920 2008-01-01 17:39:33 C:\WINDOWS\system32\ps2 .exe
Entries: 7 (7)
Directories: 0 Files: 7
Bytes: 2,019,320 Blocks: 3,944
Post by: guestolo on January 01, 2008, 08:34:45 PM
Delete your version of Combofix and then redownload it again from HERE (http://\"http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe\")
Don't do nothing with it yet, just leave it on desktop for now
NEXT:
==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work
Quote
File::
C:\n.bat
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\System32\flcss.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\SYSTEM32\wintfj32.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\System32\fypbccn.dll
Folder::
C:\WINDOWS\system32\pp1
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\cc9
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\aj2
C:\Temp
C:\Program Files\Web Buying
C:\Program Files\Common Files\{38F6A491-0A28-1033-0412-050203200001}
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F809048-7B81-3432-C9FB-0860356EDA7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C641DD4A-DE7B-44EE-AD0C-DE5ECA11AAEF}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{38F6A491-0A28-1033-0412-050203200001}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KL AntiFunLove]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Locaqyxk"=-
Save this as txtfile on your desktop
CFScript
Just leave CFScript.txt on the deskop for now, don't do nothing with it yet, we'll need it in a bit
When you ran RenV.exe is should of left a file on desktop called log.txt
All of those files got renamed by the infection. It added an extra space into the filename.
(http://img.photobucket.com/albums/v666/sUBs/RenV.gif)
Ensure that your AntiVirus software does not interfere with the next steps
I see both Yahoo AV and Avast running
Refering to the picture above, drag Log.txt into RenV.exe
When finished, it shall produce a new log for you.
I'll need to see that log later, ensure you know where to find it
NEXT:
(http://img.photobucket.com/albums/v666/sUBs/CFScript.gif)
Referring to the pic above
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete
When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
I'll need to see that log again later
Post back the following
1. Post the log from Combofix
2. Post the log from RenV.exe
3. Post a fresh hijackthis log
Post by: kmichelle1984 on January 01, 2008, 09:03:38 PM
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.470 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\n.bat
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\System32\flcss.exe
C:\WINDOWS\System32\fypbccn.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\SYSTEM32\wintfj32.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\n.bat
C:\Temp
C:\Temp\cEeer12\skAt.log
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\awtqo.dll.bad
C:\VundoFix Backups\awtqo.exe.bad
C:\VundoFix Backups\hkcmd.exe.bad
C:\VundoFix Backups\hphmon05.exe.bad
C:\VundoFix Backups\hpsysdrv.exe.bad
C:\VundoFix Backups\igfxtray.exe.bad
C:\VundoFix Backups\ljjjkll.dll.bad
C:\VundoFix Backups\msconfig.exe.bad
C:\VundoFix Backups\oqtwa.ini.bad
C:\VundoFix Backups\oqtwa.ini2.bad
C:\VundoFix Backups\ps2.exe.bad
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\ardCo18\ardCo182328.exe
C:\WINDOWS\system32\cc9
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\System32\flcss.exe
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\pp1
C:\WINDOWS\system32\VundoFixSVC.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7PR49H8X\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\{38F6A~1
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ljjjkll.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\plyodmp.dll
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\z1
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-02 19:39 . 2008-01-01 11:39 483,328 --a------ C:\WINDOWS\system32\hphmon05.exe
2008-01-02 19:39 . 2008-01-01 01:17 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-02 19:39 . 2008-01-01 11:39 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-02 19:39 . 2008-01-01 11:39 118,784 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-02 19:39 . 2008-01-01 11:39 81,920 --a------ C:\WINDOWS\system32\ps2.exe
2008-01-02 19:39 . 2008-01-01 11:39 52,736 --a------ C:\WINDOWS\system\hpsysdrv.exe
2008-01-02 17:41 . 2008-01-02 17:41 <DIR> d-------- C:\Program Files\AOL Search
2008-01-01 15:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 16:59 . 2007-12-30 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-29 18:45 . 2007-12-29 18:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-12-29 18:43 . 2008-01-02 17:42 <DIR> d-------- C:\Program Files\AIM6
2007-12-28 23:44 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-28 23:44 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-28 23:44 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-28 23:22 . 2007-12-28 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-28 18:49 . 2008-01-01 12:16 182 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-28 17:00 . 2007-12-28 17:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 16:48 . 2007-12-28 18:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 08:19 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\provisioning
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\peernet
2007-12-27 23:30 . 2007-12-27 23:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-27 23:14 . 2007-12-27 23:14 <DIR> d-------- C:\WINDOWS\EHome
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Program Files\Mattel
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Mattel
2007-12-04 11:23 . 2007-12-04 23:16 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-04 11:23 . 2007-12-04 23:16 88 -r-hs---- C:\WINDOWS\system32\B12A0F95F1.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 23:41 --------- d-----w C:\Program Files\Viewpoint
2008-01-02 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-02 21:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-02 21:59 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-01-02 21:59 --------- d-----w C:\Program Files\iTunes
2008-01-02 21:57 --------- d-----w C:\Program Files\QuickTime
2008-01-01 18:15 --------- d-----w C:\Program Files\Trend Micro
2008-01-01 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 07:17 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2007-12-30 23:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-30 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-12-28 01:49 5,923,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-25 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 01:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-11-17 02:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 02:25 --------- d-----w C:\Program Files\iPod
2007-11-17 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 02:23 --------- d-----w C:\Program Files\Apple Software Update
2007-11-17 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-14 20:32 --------- d-----w C:\Program Files\FrostWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-20 17:15 103,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_19_11_24_30_small.dmp.zip
2006-10-30 16:26 98,508 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_28_11_48_20_small.dmp.zip
2006-10-19 03:39 132,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_18_12_41_12_small.dmp.zip
.
Code: [Select]
------w 968,696 2008-01-01 21:14:57 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe((((((((((((((((((((((((((((( snapshot@2008-01-02_16.06.00.76 (snapshot@2008-01-02_16.06.00.76) )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-30 00:43:58 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2008-01-02 23:40:32 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 13:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2008-01-01 15:14 32768]
"Yahoo! Pager"="1" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-01 15:15 1318912]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2008-01-01 15:15 1261384]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 13:04 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-01 15:14 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2008-01-01 11:39 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-01 11:39 118784]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-01-01 11:39 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-01 15:14 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-01 15:14 221184]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2008-01-01 11:39 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2008-01-01 15:14 135168]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-01 15:14 368706]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2008-01-01 15:14 407032]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-01 11:39 155648]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-01 15:14 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-01 15:14 40048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-10 12:08 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
2007-12-30 02:10 24576 --a------ C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
2006-10-13 21:15 230512 --a------ C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
2006-10-13 21:15 185456 --a------ C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
2003-07-14 13:30 98304 --a------ C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 02:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2007-12-30 23:01 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2008-01-01 15:01 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2001-12-20 10:00]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-02-08 04:16]
*Newly Created Service* - VIEWPOINT_MANAGER_SERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 14:49:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
Code: [Select]
Ran on 2008-01-02 - 19:38:09.75
----a-w 968,696 2008-01-01 21:14:57 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 158,208 2008-01-01 07:17:56 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 52,736 2008-01-01 17:39:19 C:\WINDOWS\system\hpsysdrv .exe
----a-w 118,784 2008-01-01 17:39:21 C:\WINDOWS\system32\hkcmd .exe
----a-w 483,328 2008-01-01 17:39:22 C:\WINDOWS\system32\hphmon05 .exe
----a-w 155,648 2008-01-01 17:39:46 C:\WINDOWS\system32\igfxtray .exe
----a-w 81,920 2008-01-01 17:39:33 C:\WINDOWS\system32\ps2 .exe
Entries: 7 (7)
Directories: 0 Files: 7
Bytes: 2,019,320 Blocks: 3,944Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55, on 2008-01-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ (http://\"http://srch-us10.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/ (http://\"http://us10.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {0B64D814-1BF7-422E-D2A8-14349505E599} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program (http://\"http://file:///C:Program\") Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program (http://\"http://file:///C:Program\") Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/clients/y/wt1_x.cab (http://\"http://download2.games.yahoo.com/games/clients/y/wt1_x.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 (http://\"http://go.microsoft.com/fwlink/?LinkID=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161232436812 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161232436812\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9573 bytes
I know how to disable avast... I cannot find where to disable Yahoo AV - I did not even know I had it.
Post by: guestolo on January 01, 2008, 09:11:45 PM
Can you do that step again please
When the log opens, copy>>paste back here the log that opens
Post by: kmichelle1984 on January 01, 2008, 09:17:37 PM
Code: [Select]
Ran on 2008-01-02 - 20:12:54.09
------w 968,696 2008-01-01 21:14:57 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 968,696 Blocks: 1,892while it was running it had this
Could Not Find C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
File not found - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
Could Not Find C:\WINDOWS\system\hpsysdrv.exe
File not found - C:\WINDOWS\system\hpsysdrv .exe
Could Not Find C:\WINDOWS\system32\hkcmd.exe
File not found - C:\WINDOWS\system32\hkcmd .exe
Could Not Find C:\WINDOWS\system32\hphmon05.exe
File not found - C:\WINDOWS\system32\hphmon05 .exe
Could Not Find C:\WINDOWS\system32\igfxtray.exe
File not found - C:\WINDOWS\system32\igfxtray .exe
Could Not Find C:\WINDOWS\system32\ps2.exe
File not found - C:\WINDOWS\system32\ps2 .exe
Post by: guestolo on January 01, 2008, 09:36:12 PM
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: kmichelle1984 on January 01, 2008, 09:55:15 PM
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Stock Photos 1.0
AIM 6
AOL Search
Apple Software Update
AT&T Self Support Tool
AT&T Yahoo! Applications
avast! Antivirus
Barbie Girls
BroadJump Client Foundation
BugOff 1.10
Digital Studio LP v4
FrostWire 4.13.3
HijackThis 2.0.2
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Software Update
HPIZ350
InCD (Ahead Software)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(tm) 6 Update 2
KBD
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2000 SR-1 Professional
Microsoft Office Converter Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
Multimedia Card Reader
Nero - Burning Rom
Nero Media Player
Nero OEM
NeroVision Express 2
Noiseware Community Edition
Opanda IExif 2.26
Otto from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Photodex Presenter
PhotoPresets with One-Click WOW! for Adobe Camera Raw
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RecordNow!
SBC Yahoo! Applications
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
SpamSubtract
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Toolkit View(HP)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Updates from HP
Viewpoint Media Player
Window Washer
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
ZoneAlarm
Post by: guestolo on January 01, 2008, 10:07:52 PM
go to this link
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste the Exact path to the file name below in bold under "Upload a File"
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Post by: kmichelle1984 on January 01, 2008, 10:19:04 PM
But the file came back clean
Post by: guestolo on January 01, 2008, 10:40:42 PM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R3 - URLSearchHook: (no name) - {0B64D814-1BF7-422E-D2A8-14349505E599} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Can you access your Add/remove programs and remove older versions of Java
We'll update it later
Close your browser windows
Remove
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Javaâ„¢ 6 Update 2
Don't reboot yet
Remain in Add/remove programs and remove the following
Viewpoint Media Player
It's never a good idea to run more than one Active Anti-Virus software
I like Avast, but you decide which to keep
Uninstall either Avast or Yahoo's EZ AV
If you decide to hold onto Avast and prefer to Remove Yahoo's edition
I believe you just click on SBC Yahoo! Applications and click Remove then select the AntiVirus software for removal
If it's not under SBC Yahoo! Applications, it may be under AT&T Yahoo! Applications
After it's removed, again don't reboot the computer yet
Navigate to the following file
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
Can you right click on it and select Rename
Remove the space after the t and before the DOT
So it looks like the following
zlclient.exe
Left click an empty spot to set it
Then reboot your computer
Back in Windows
Although we just removed one Anti-Virus software
Can you, if you can get Internet connection with Internet Explorer
Run and Online Virus scan
Temporarily disable your AV protection before running the scan
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/virusscanner\")
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.
- Once the files are downloaded click on Next
- Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
- Scan using the following Anti-Virus database:
- Scan Options:
[/list]
[/list]
- Click OK and, under select a target to scan, select My Computer
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://img.photobucket.com/albums/v666/sUBs/Kas-SaveReport-1.gif)
(http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply
Also post a fresh hijackthis log
Post by: kmichelle1984 on January 02, 2008, 01:38:17 AM
KASPERSKY ONLINE SCANNER REPORT
2008-01-03 00:31
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/01/2008
Kaspersky Anti-Virus database records: 501277
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 92969
Number of viruses found: 15
Number of infected objects: 366
Number of suspicious objects: 2
Duration of the scan process: 01:23:59
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Shared\Adobe Photoshop CS3 10.0 Extended Keygen\Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Documents and Settings\Owner\Shared\Adobe Photoshop CS3 10.0 Extended Keygen\f.exe Infected: not-a-virus:PSWTool.Win32.FirePass.a skipped
C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe NSIS: infected - 3 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\QooBox\Quarantine\C\hp\KBD\KBD.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\AIM6\aim6.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\ALWILS~1\Avast4\ashDisp.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\BroadJump\Client Foundation\CFD.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\HP\Digital Imaging\bin\backupnotify.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Java\jre1.6.0_02\bin\jusched.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Multimedia Card Reader\shwicon2k.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Webroot\Washer\wwDisp.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\browser\ybrwicon.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\YOP\yop.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\VundoFix Backups\awtqo.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\QooBox\Quarantine\C\VundoFix Backups\awtqo.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\VundoFix Backups\hkcmd.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\VundoFix Backups\hphmon05.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\VundoFix Backups\hpsysdrv.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\VundoFix Backups\igfxtray.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\VundoFix Backups\ljjjkll.dll.bad.vir Infected: Trojan-Downloader.Win32.Small.hkd skipped
C:\QooBox\Quarantine\C\VundoFix Backups\msconfig.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\VundoFix Backups\ps2.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Crack.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\Crack.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\SMINST\RECGUARD.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ardCo18\ardCo182328.exe.vir Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqo.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjjkll.dll.vir Infected: Trojan-Downloader.Win32.Small.hkd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\plyodmp.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX4B.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\winlogon.exe.vir Infected: not-a-virus:PSWTool.Win32.PassView.p skipped
C:\QooBox\Quarantine\catchme2008-01-02_160033.34.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped
C:\QooBox\Quarantine\catchme2008-01-02_160033.34.zip/zlclient.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\catchme2008-01-02_160033.34.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP584\A0086905.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP584\A0086954.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087024.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087026.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087027.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087029.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087030.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087031.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087032.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087033.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087034.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087035.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087036.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087038.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087041.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087047.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087048.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087052.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087061.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087062.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087064.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087066.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087067.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087068.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087069.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087070.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087071.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087072.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087073.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087074.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087075.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087076.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087077.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087078.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087079.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087082.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087083.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087084.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087086.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087087.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087088.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087089.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087108.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088057.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088061.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088063.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088064.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088065.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088066.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088067.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088069.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088071.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088072.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088073.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088074.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088075.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088076.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088077.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088078.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088079.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088081.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088082.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088084.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088085.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088086.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090777.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090912.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090913.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090915.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090918.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090919.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090920.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090921.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090922.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090923.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090925.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090926.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090927.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090928.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090929.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090930.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090931.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090932.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090933.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090934.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090935.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090936.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0091052.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093199.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093200.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093205.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093206.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093207.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093208.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093209.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093210.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093211.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093212.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093213.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093214.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093215.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093216.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093217.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093218.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093219.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093220.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093221.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093222.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099263.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099264.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099266.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099267.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099268.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099269.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099271.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099272.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099274.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099275.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099276.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099277.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099278.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099279.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099280.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099281.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099282.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099283.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099284.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099285.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099286.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099287.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099289.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104680.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104681.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104683.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104684.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104685.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104687.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104689.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104691.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104692.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104693.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104694.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104695.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104696.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104697.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104698.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104699.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104701.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104703.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104706.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105360.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105361.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105362.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105363.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105364.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105365.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105367.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105368.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105369.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105370.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105371.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105372.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105373.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105374.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105375.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105376.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105377.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105378.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107654.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107657.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107659.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107660.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107661.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107662.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107663.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107664.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107665.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107666.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107667.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107668.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107669.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107670.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107671.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107672.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107673.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107675.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107676.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107689.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107699.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107700.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107702.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107704.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107706.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107707.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107708.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107710.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107711.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107712.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107713.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107724.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107784.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107785.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107788.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107789.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107790.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107791.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107792.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107793.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107794.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107796.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107817.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107818.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107819.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107820.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107821.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107822.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107827.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107828.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107829.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107830.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107831.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107832.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107833.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107834.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107835.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107836.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107837.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107838.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107839.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107840.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107859.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107860.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107865.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107867.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107869.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107871.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107872.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107873.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107874.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107875.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107876.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107887.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107889.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107890.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107891.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107892.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107893.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107894.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107895.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107896.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107897.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107898.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107899.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107900.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107906.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107907.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107908.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107909.dll Infected: Trojan-Downloader.Win32.Small.hkd skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107910.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107911.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107912.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107913.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107914.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107915.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107916.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107917.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107918.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107919.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107920.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107921.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107922.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107923.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107924.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107925.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107926.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107927.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107928.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107929.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107930.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107931.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107932.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107933.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107934.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107935.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107936.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107937.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107938.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107939.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107940.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107941.exe Infected: not-a-virus:PSWTool.Win32.PassView.p skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP592\A0108151.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP595\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\PCHealth\HelpCtr\Binaries\OLD40.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{259B25E8-1922-432C-A6DB-D10B0FF62A10}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object
Post by: guestolo on January 02, 2008, 01:53:22 AM
Before I go, can you do me a quick favor
Delete log.txt from desktop
Run RenV.exe one more time and post the log
Also, let me know how things are running
Post by: kmichelle1984 on January 02, 2008, 02:51:27 AM
Code: [Select]
Ran on 2008-01-03 - 1:44:03.12
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0Firefox & zonealarm are working at the moment. Internet explorer does not work - but I think I caused that when I deleted some files. Is is okay to turn avast back on?
thanks.
Post by: guestolo on January 02, 2008, 10:05:15 AM
Can you do the following
Again, delete your version of Combofix and redownload it again to desktop
Double click on it to run it
and follow the prompts
Post it's new log
Then reenable Avast protections, I suggest you also run a full scan with it
I'll check back later
Post by: kmichelle1984 on January 02, 2008, 11:11:56 AM
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.436 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7PR49H8X\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\HP\KBD\KBD.EXE
C:\n.bat
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\{38F6A~1
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Temp
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\cEeer12\skAt.log
C:\temp\tn3
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\awtqo.dll.bad
C:\VundoFix Backups\awtqo.exe.bad
C:\VundoFix Backups\hkcmd.exe.bad
C:\VundoFix Backups\hphmon05.exe.bad
C:\VundoFix Backups\hpsysdrv.exe.bad
C:\VundoFix Backups\igfxtray.exe.bad
C:\VundoFix Backups\ljjjkll.dll.bad
C:\VundoFix Backups\msconfig.exe.bad
C:\VundoFix Backups\oqtwa.ini.bad
C:\VundoFix Backups\oqtwa.ini2.bad
C:\VundoFix Backups\ps2.exe.bad
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\ardCo18\ardCo182328.exe
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\cc9
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\System32\flcss.exe
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\ljjjkll.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\plyodmp.dll
C:\WINDOWS\system32\pp1
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\system32\z1
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-02 22:14 . 2008-01-02 22:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-02 22:14 . 2008-01-02 22:14 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-02 22:14 . 2008-01-02 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-02 19:39 . 2008-01-01 01:17 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-02 17:41 . 2008-01-02 17:41 <DIR> d-------- C:\Program Files\AOL Search
2008-01-01 15:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 16:59 . 2007-12-30 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-29 18:45 . 2007-12-29 18:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-12-29 18:43 . 2008-01-02 17:42 <DIR> d-------- C:\Program Files\AIM6
2007-12-28 23:44 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-28 23:44 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-28 23:44 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-28 23:22 . 2007-12-28 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-28 18:49 . 2008-01-01 12:16 182 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-28 17:00 . 2007-12-28 17:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 16:48 . 2007-12-28 18:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 08:19 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\provisioning
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\peernet
2007-12-27 23:30 . 2007-12-27 23:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-27 23:14 . 2007-12-27 23:14 <DIR> d-------- C:\WINDOWS\EHome
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Program Files\Mattel
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Mattel
2007-12-04 11:23 . 2007-12-04 23:16 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-04 11:23 . 2007-12-04 23:16 88 -r-hs---- C:\WINDOWS\system32\B12A0F95F1.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 03:59 --------- d-----w C:\Program Files\Yahoo!
2008-01-03 03:59 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-03 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-01-03 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-03 03:55 --------- d-----w C:\Program Files\Java
2008-01-02 21:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-02 21:59 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-01-02 21:59 --------- d-----w C:\Program Files\iTunes
2008-01-02 21:57 --------- d-----w C:\Program Files\QuickTime
2008-01-01 18:15 --------- d-----w C:\Program Files\Trend Micro
2008-01-01 07:17 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
2007-12-30 23:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-30 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-12-28 01:49 5,923,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-25 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 01:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-11-17 02:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 02:25 --------- d-----w C:\Program Files\iPod
2007-11-17 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 02:23 --------- d-----w C:\Program Files\Apple Software Update
2007-11-17 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-14 20:32 --------- d-----w C:\Program Files\FrostWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-20 17:15 103,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_19_11_24_30_small.dmp.zip
2006-10-30 16:26 98,508 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_28_11_48_20_small.dmp.zip
2006-10-19 03:39 132,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_18_12_41_12_small.dmp.zip
.
((((((((((((((((((((((((((((( snapshot@2008-01-02_16.06.00.76 (snapshot@2008-01-02_16.06.00.76) )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-30 00:43:58 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2008-01-02 23:40:32 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-03 04:07:25 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_5d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 13:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2008-01-01 15:14 32768]
"Yahoo! Pager"="1" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-01 15:15 1318912]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2008-01-01 15:15 1261384]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 13:04 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-01 15:14 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-01 15:14 221184]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2008-01-01 15:14 135168]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-01 15:14 968696]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-01 15:14 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-01 15:14 40048]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-10 12:08 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
2007-12-30 02:10 24576 --a------ C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
2003-07-14 13:30 98304 --a------ C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 02:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2007-12-30 23:01 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2008-01-01 15:01 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2001-12-20 10:00]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-02-08 04:16]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 14:49:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-01-03 10:06:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 10:07:47
ComboFix-quarantined-files.txt 2008-01-03 16:07:30
.
2007-12-30 19:00:27 --- E O F ---
Post by: guestolo on January 02, 2008, 11:50:53 AM
We should get rid of them
A couple of them are probably what caused most of your problems
Possible crack files infected for software
==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box
Code: [Select]
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID] Double click on fix.reg
Allow to add/merge to the registry at the prompt
Download [color=\"blue\"]ATF Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\")
- to desktop
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Click Firefox at the top and choose Select All from the list.
- Click the Empty Selected button.
- [color=\"green\"]NOTE : If you would like to keep your saved passwords, please click No at the prompt.[/color]
- Click Opera at the top and choose Select All from the list.
- Click the Empty Selected button.
- [color=\"green\"]NOTE : If you would like to keep your saved passwords, please click No at the prompt.[/color]
Download [color=\"blue\"]OTMoveIt[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe\") by OldTimer:
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):
================================================
C:\WINDOWS\system32\vbzip10.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe
C:\Documents and Settings\Owner\Shared\Adobe Photoshop CS3 10.0 Extended Keygen\f.exe
C:\Documents and Settings\Owner\Shared\Adobe Photoshop CS3 10.0 Extended Keygen\Crack.exe
C:\Documents and Settings\All Users\Application Data\Viewpoint
====================================================== - Return to OTMoveIt, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
- Click the red "[color=\"red\"]MoveIt![/color]" button.
- Close OTMoveIt.
NOTE: If you are not asked to reboot, can you reboot manually anyways
Back in Windows
Post one last fresh hijackthis log
Also, let me know what problems your having with Internet Explorer
Is it that it just can't connect to the Internet, or it won't startup at all?
Post by: kmichelle1984 on January 02, 2008, 04:14:58 PM
Scan saved at 3:05:19 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ (http://\"http://srch-us10.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/ (http://\"http://us10.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/clients/y/wt1_x.cab (http://\"http://download2.games.yahoo.com/games/clients/y/wt1_x.cab\")
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 (http://\"http://go.microsoft.com/fwlink/?LinkID=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161232436812 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161232436812\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 6985 bytes
I just clicked on the Internet Explorer icon and it worked now.
Post by: guestolo on January 02, 2008, 04:18:50 PM
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Post that log please
Post by: kmichelle1984 on January 02, 2008, 04:29:53 PM
Is it ok to download Java?
Post by: guestolo on January 02, 2008, 04:53:50 PM
If everything is running better, I suggest that you do the following
Older System Restore points are infected
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
eg... Michelle
and click Create
Windows will prompt when it was created successfully
When that's done
Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
Go ahead and delete the RenV.exe and it's logs from desktop
Go to START>>RUN>>Copy then paste the next command below in bold
Then hit OK
combofix /u
This will uninstall combofix and it's components
Take note of these entries in your Hijackthis log
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Your choice, but optionally, you can run a Scan Only with Hijackthis and fix checked the above 4 entries
It could help with System startup time and save resources
Take note of their related functionalities
Reader_sl.exe
Quote
Speeds up the time it takes to load the Adobe_Reader application. Your choice, but not required for Adobe Reader to function properlydumprep 0 -u
Quote
Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way outAdobe Gamma Loader.exe
Quote
Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fineOSA9.EXE
Quote
Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required - Note: if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.======================================
OTMoveit.exe
- Please double-click OTMoveIt.exe to run it.
- Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list - Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall - Select Yes to reboot Now
I suggest that you add SpywareBlaster to your protection software
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
Also, after every update with Spybot 1.4
Ensure to use the Immunize feature
Simply click Immunize>>OK>>Immunize again at the top green cross
You should do that now
You may choose to hold onto ATF-Cleaner to help cleaning temp files, etc
Your choice, it you decide to remove it just manually delete it
Hope that helps
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> After you do the above, just let me know if everything is alright and I'll lock this topic
Oh, and could you go to
START>>RUN>>type in msconfig
Hit OK
Does the System Configuration Utiility open properly?
Post by: kmichelle1984 on January 02, 2008, 05:24:25 PM
THANK YOU SO MUCH!!!!!!!!
Post by: guestolo on January 02, 2008, 05:33:24 PM
THANK YOU SO MUCH!!!!!!!![/quote]
Your welcome,
Take Care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on January 02, 2008, 05:36:52 PM
I forgot to have you update Java
You can get the installer from here,
I like to use the OFFLINE installer, your choice
But allow it connection thru firewall when installing
http://www.java.com/en/download/manual.jsp (http://\"http://www.java.com/en/download/manual.jsp\")
Post by: kmichelle1984 on January 02, 2008, 05:56:37 PM
thanks again!
Post by: guestolo on January 02, 2008, 06:01:36 PM
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />