« previous next »
Pages: [1] 2

Author Topic: awtqo & smitfraud c  (Read 2203 times)

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« on: January 01, 2008, 04:45:56 PM »
Have used VundoFix V6.7.7 but it keeps needing to restart & still cannot get rid of awtqo.
Spybot finds smitfraud c, but cannot get rid of it either.

My logfile from highjackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:48 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Multimedia Card Reader\shwicon2k .exe
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Webroot\Washer\wwDisp .exe
C:\Documents and Settings\Owner\Desktop\VundoFix.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/...o.com/search/ie

.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/...o.com/search/ie

.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0B64D814-1BF7-422E-D2A8-14349505E599} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqo.exe
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital

Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask            .exe"

-atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Locaqyxk] C:\Documents and Settings\Owner\My Documents\??mantec\l?ass.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Policies\Explorer\Run: [{38F6A491-0A28-1033-0412-050203200001}] "C:\Program

Files\Common Files\{38F6A491-0A28-1033-0412-050203200001}\Update.exe" mc-110-12-0000272
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif

2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif

2.26\IExifCom.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...e.cab?116123243

6812
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -

http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program

Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. -

C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program

Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9518 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
awtqo & smitfraud c
« Reply #1 on: January 01, 2008, 04:52:23 PM »
I'm just stepping out for a bit to take the dogs for a walk

In the meantime
Can you do the following please
Download this file - Combofix.exe and save it ONLY to your desktop


EDIT>>Can you temorarily disable AVAST protections
Right click it's icon by the clock and select STOP ON ACCESS PROTECTIONS
OK the prompt

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
It's default location is C:\Combofix.txt

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Post back the following
1. Post the log from Combofix
2. Post a fresh hijackthis log

NOTE: It's too hard reading your log when it spaced the way it is
In either log, before you copy it, can you select FORMAT at the top menu bar and UNCHECK>>Word Wrap
Then go ahean and copy>>paste back here both logs

I threw an edit before running Combofix, can you take another look if you have trouble running it please
« Last Edit: January 01, 2008, 04:57:40 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« Reply #2 on: January 01, 2008, 05:33:21 PM »
ComboFix 08-01-02.1 - Owner 2008-01-02 16:10:04.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.543 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7PR49H8X\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\{38F6A~1
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask            .exe
C:\Program Files\QuickTime\QTTask           .exe
C:\Program Files\QuickTime\QTTask          .exe
C:\Program Files\QuickTime\QTTask         .exe
C:\Program Files\QuickTime\QTTask        .exe
C:\Program Files\QuickTime\QTTask       .exe
C:\Program Files\QuickTime\QTTask      .exe
C:\Program Files\QuickTime\QTTask     .exe
C:\Program Files\QuickTime\QTTask    .exe
C:\Program Files\QuickTime\QTTask   .exe
C:\Program Files\QuickTime\QTTask  .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ljjjkll.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\plyodmp.dll
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\z1
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\core

 


(((((((((((((((((((((((((   Files Created from 2007-12-02 to 2008-01-02  )))))))))))))))))))))))))))))))
.

2008-01-02 15:58 . 2008-01-02 15:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-01 15:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 12:20 . 2008-01-02 15:58 <DIR> d-------- C:\VundoFix Backups
2007-12-30 16:59 . 2007-12-30 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-29 18:45 . 2007-12-29 18:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-12-29 18:43 . 2008-01-02 15:59 <DIR> d-------- C:\Program Files\AIM6
2007-12-28 23:44 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-28 23:44 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-28 23:44 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-28 23:22 . 2007-12-28 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-28 18:50 . 2008-01-01 11:39 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-28 18:49 . 2008-01-01 11:39 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2007-12-28 18:49 . 2008-01-01 11:39 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-28 18:49 . 2008-01-01 11:39 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-28 18:49 . 2008-01-01 11:39 52,736 --a------ C:\WINDOWS\system\hpsysdrv .exe
2007-12-28 18:49 . 2008-01-01 12:16 182 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-28 17:00 . 2007-12-28 17:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 16:51 . 2007-12-28 16:51 134 --a------ C:\n.bat
2007-12-28 16:50 . 2007-12-28 16:50 <DIR> d-------- C:\WINDOWS\system32\pp1
2007-12-28 16:50 . 2007-12-28 21:42 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-28 16:50 . 2007-12-28 16:52 <DIR> d-------- C:\WINDOWS\system32\cc9
2007-12-28 16:50 . 2007-12-28 16:50 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2007-12-28 16:50 . 2007-12-28 21:42 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-28 16:50 . 2007-12-28 16:50 <DIR> d-------- C:\Temp\cEeer12
2007-12-28 16:50 . 2008-01-02 15:57 <DIR> d-------- C:\Temp
2007-12-28 16:48 . 2007-12-28 18:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 10:54 . 2007-12-30 02:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-28 10:54 . 2007-12-28 10:54 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 08:19 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\provisioning
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\peernet
2007-12-27 23:30 . 2007-12-27 23:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-27 23:14 . 2007-12-27 23:14 <DIR> d-------- C:\WINDOWS\EHome
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Program Files\Mattel
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Mattel
2007-12-04 11:23 . 2007-12-04 23:16 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-04 11:23 . 2007-12-04 23:16 88 -r-hs---- C:\WINDOWS\system32\B12A0F95F1.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 21:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-02 21:59 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-01-02 21:59 --------- d-----w C:\Program Files\iTunes
2008-01-02 21:57 --------- d-----w C:\Program Files\QuickTime
2008-01-01 18:15 --------- d-----w C:\Program Files\Trend Micro
2008-01-01 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 07:17 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2007-12-30 23:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-30 00:44 --------- d-----w C:\Program Files\Viewpoint
2007-12-30 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-30 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-12-28 01:49 5,923,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-25 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 01:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-11-17 02:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 02:25 --------- d-----w C:\Program Files\iPod
2007-11-17 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 02:23 --------- d-----w C:\Program Files\Apple Software Update
2007-11-17 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-14 20:32 --------- d-----w C:\Program Files\FrostWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 22:46 --------- d-----w C:\Program Files\Quicken
2007-11-02 22:46 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-11-02 22:46 --------- d-----w C:\Program Files\MSN Encarta Plus
2007-11-02 22:46 --------- d-----w C:\Program Files\Microsoft Works
2007-11-02 22:46 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-20 17:15 103,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_19_11_24_30_small.dmp.zip
2006-10-30 16:26 98,508 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_28_11_48_20_small.dmp.zip
2006-10-19 03:39 132,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_18_12_41_12_small.dmp.zip
2006-10-14 02:30 523,459 --sh--w C:\WINDOWS\system32\edeeg.bak1
2007-02-15 16:24 993,813 --sh--w C:\WINDOWS\system32\kjllm.bak1
2007-03-02 21:53 1,160,381 --sh--w C:\WINDOWS\system32\kjllm.bak2
.
Code: [Select]
----a-w   968,696 2008-01-01 21:14:57  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w   158,208 2008-01-01 07:17:56  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 52,736 2008-01-01 17:39:19  C:\WINDOWS\system\hpsysdrv .exe
----a-w   118,784 2008-01-01 17:39:21  C:\WINDOWS\system32\hkcmd .exe
----a-w   483,328 2008-01-01 17:39:22  C:\WINDOWS\system32\hphmon05 .exe
----a-w   155,648 2008-01-01 17:39:46  C:\WINDOWS\system32\igfxtray .exe
----a-w 81,920 2008-01-01 17:39:33  C:\WINDOWS\system32\ps2 .exe

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F809048-7B81-3432-C9FB-0860356EDA7A}]
   C:\WINDOWS\System32\fypbccn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C641DD4A-DE7B-44EE-AD0C-DE5ECA11AAEF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2008-01-01 15:14 32768]
"Locaqyxk"="C:\Documents and Settings\Owner\My Documents\??mantec\l?ass.exe" [ ]
"Yahoo! Pager"="1" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-01 15:15 1318912]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2008-01-01 15:15 1261384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-01 15:14 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-01 15:14 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-01 15:14 221184]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2008-01-01 15:14 135168]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-01 15:14 368706]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2008-01-01 15:14 407032]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-01 15:14 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-01 15:14 40048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask            .exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{38F6A491-0A28-1033-0412-050203200001}"= "C:\Program Files\Common Files\{38F6A491-0A28-1033-0412-050203200001}\Update.exe" mc-110-12-0000272

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-10 12:08 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
   C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
2007-12-30 02:10 24576 --a------ C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
2006-10-13 21:15 230512 --a------ C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
2006-10-13 21:15 185456 --a------ C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
   C:\WINDOWS\Fonts\svchost.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
2003-07-14 13:30 98304 --a------ C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 02:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KL AntiFunLove]
2006-10-14 16:21 61440 --a------ C:\WINDOWS\System32\flcss.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
   C:\WINDOWS\system32\awtqo.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2007-12-30 23:01 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
   C:\Program Files\Messenger\msmsgs.exe /background
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
   C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
   C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
   C:\Program Files\Web Buying\v1.8.6\webbuying.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2008-01-01 15:01 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2001-12-20 10:00]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-02-08 04:16]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 14:49:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.

























Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21, on 2008-01-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {0B64D814-1BF7-422E-D2A8-14349505E599} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5F809048-7B81-3432-C9FB-0860356EDA7A} - C:\WINDOWS\System32\fypbccn.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C641DD4A-DE7B-44EE-AD0C-DE5ECA11AAEF} - \
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask            .exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Locaqyxk] C:\Documents and Settings\Owner\My Documents\??mantec\l?ass.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Policies\Explorer\Run: [{38F6A491-0A28-1033-0412-050203200001}] "C:\Program Files\Common Files\{38F6A491-0A28-1033-0412-050203200001}\Update.exe" mc-110-12-0000272
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161232436812
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9283 bytes






I unchecked word wrap. I did not turn off avast until after the logs, do I need to redo them?
Logged

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« Reply #3 on: January 01, 2008, 06:48:46 PM »
My firefox, zone alarm & aim messenger have all stopped working completely. I can only access the interenet through sbc - have I deleted something that I needed?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
awtqo & smitfraud c
« Reply #4 on: January 01, 2008, 07:11:16 PM »
You have an infection that has caused the troubles with the programs you mentioned
Can you do the following please
download [color=\"#FF0000\"]FindAWF[/color] by noahdfear.

Save the file to your Desktop.
Open FindAWF.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please provide the FindAWF report in your reply.
« Last Edit: January 01, 2008, 07:12:39 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« Reply #5 on: January 01, 2008, 07:31:31 PM »
Find AWF report by noahdfear ©2006
               Version 1.40

The current date is: 2008-01-02
The current time is: 18:24:31.90


  bak folders found
  ~~~~~~~~~~~

 

  Duplicate files of bak directory contents
  ~~~~~~~~~~~~~~~~~~~~~~~

 

  end of report
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
awtqo & smitfraud c
« Reply #6 on: January 01, 2008, 07:43:52 PM »
That didn't show what I wanted

Can you do the following
Please download [color=\"#FF0000\"]RenV[/color] by sUBs.

1. Save it to your Desktop.
2. Double-click RenV.exe
3. It shall produce a log for you. Please post that log in your reply.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« Reply #7 on: January 01, 2008, 07:46:32 PM »
Code: [Select]
Ran on 2008-01-02 - 18:43:00.18

----a-w   968,696 2008-01-01 21:14:57  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w   158,208 2008-01-01 07:17:56  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 52,736 2008-01-01 17:39:19  C:\WINDOWS\system\hpsysdrv .exe
----a-w   118,784 2008-01-01 17:39:21  C:\WINDOWS\system32\hkcmd .exe
----a-w   483,328 2008-01-01 17:39:22  C:\WINDOWS\system32\hphmon05 .exe
----a-w   155,648 2008-01-01 17:39:46  C:\WINDOWS\system32\igfxtray .exe
----a-w 81,920 2008-01-01 17:39:33  C:\WINDOWS\system32\ps2 .exe

 Entries: 7  (7)
 Directories: 0  Files: 7
 Bytes:  2,019,320  Blocks: 3,944
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
awtqo & smitfraud c
« Reply #8 on: January 01, 2008, 08:34:45 PM »
I need you to do the following
Delete your version of Combofix and then redownload it again from HERE
Don't do nothing with it yet, just leave it on desktop for now

NEXT:
==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote
File::
C:\n.bat
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\System32\flcss.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\SYSTEM32\wintfj32.dll
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\System32\fypbccn.dll
Folder::
C:\WINDOWS\system32\pp1
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\cc9
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\aj2
C:\Temp
C:\Program Files\Web Buying
C:\Program Files\Common Files\{38F6A491-0A28-1033-0412-050203200001}
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F809048-7B81-3432-C9FB-0860356EDA7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C641DD4A-DE7B-44EE-AD0C-DE5ECA11AAEF}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{38F6A491-0A28-1033-0412-050203200001}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KL AntiFunLove]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Locaqyxk"=-

Save this as txtfile on your desktop
CFScript
Just leave CFScript.txt on the deskop for now, don't do nothing with it yet, we'll need it in a bit

When you ran RenV.exe is should of left a file on desktop called log.txt
All of those files got renamed by the infection. It added an extra space into the filename.


Ensure that your AntiVirus software does not interfere with the next steps
I see both Yahoo AV and Avast running

Refering to the picture above, drag Log.txt into RenV.exe

When finished, it shall produce a new log for you.
I'll need to see that log later, ensure you know where to find it

NEXT:

Referring to the pic above
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
I'll need to see that log again later

Post back the following

1. Post the log from Combofix
2. Post the log from RenV.exe
3. Post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« Reply #9 on: January 01, 2008, 09:03:38 PM »
ComboFix 08-01-02.1 - Owner 2008-01-02 19:42:11.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.470 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

FILE
C:\n.bat
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\System32\flcss.exe
C:\WINDOWS\System32\fypbccn.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\VundoFixSVC.exe
C:\WINDOWS\SYSTEM32\wintfj32.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n.bat
C:\Temp
C:\Temp\cEeer12\skAt.log
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\awtqo.dll.bad
C:\VundoFix Backups\awtqo.exe.bad
C:\VundoFix Backups\hkcmd.exe.bad
C:\VundoFix Backups\hphmon05.exe.bad
C:\VundoFix Backups\hpsysdrv.exe.bad
C:\VundoFix Backups\igfxtray.exe.bad
C:\VundoFix Backups\ljjjkll.dll.bad
C:\VundoFix Backups\msconfig.exe.bad
C:\VundoFix Backups\oqtwa.ini.bad
C:\VundoFix Backups\oqtwa.ini2.bad
C:\VundoFix Backups\ps2.exe.bad
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\ardCo18\ardCo182328.exe
C:\WINDOWS\system32\cc9
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\System32\flcss.exe
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\pp1
C:\WINDOWS\system32\VundoFixSVC.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7PR49H8X\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\{38F6A~1
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask            .exe
C:\Program Files\QuickTime\QTTask           .exe
C:\Program Files\QuickTime\QTTask          .exe
C:\Program Files\QuickTime\QTTask         .exe
C:\Program Files\QuickTime\QTTask        .exe
C:\Program Files\QuickTime\QTTask       .exe
C:\Program Files\QuickTime\QTTask      .exe
C:\Program Files\QuickTime\QTTask     .exe
C:\Program Files\QuickTime\QTTask    .exe
C:\Program Files\QuickTime\QTTask   .exe
C:\Program Files\QuickTime\QTTask  .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ljjjkll.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\plyodmp.dll
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\z1
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\core

 

 


(((((((((((((((((((((((((   Files Created from 2007-12-03 to 2008-01-03  )))))))))))))))))))))))))))))))
.

2008-01-02 19:39 . 2008-01-01 11:39 483,328 --a------ C:\WINDOWS\system32\hphmon05.exe
2008-01-02 19:39 . 2008-01-01 01:17 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-02 19:39 . 2008-01-01 11:39 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-02 19:39 . 2008-01-01 11:39 118,784 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-02 19:39 . 2008-01-01 11:39 81,920 --a------ C:\WINDOWS\system32\ps2.exe
2008-01-02 19:39 . 2008-01-01 11:39 52,736 --a------ C:\WINDOWS\system\hpsysdrv.exe
2008-01-02 17:41 . 2008-01-02 17:41 <DIR> d-------- C:\Program Files\AOL Search
2008-01-01 15:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 16:59 . 2007-12-30 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-29 18:45 . 2007-12-29 18:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-12-29 18:43 . 2008-01-02 17:42 <DIR> d-------- C:\Program Files\AIM6
2007-12-28 23:44 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-28 23:44 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-28 23:44 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-28 23:22 . 2007-12-28 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-28 18:49 . 2008-01-01 12:16 182 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-28 17:00 . 2007-12-28 17:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-28 16:48 . 2007-12-28 18:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 08:19 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\provisioning
2007-12-27 23:37 . 2007-12-27 23:37 <DIR> d-------- C:\WINDOWS\peernet
2007-12-27 23:30 . 2007-12-27 23:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-27 23:14 . 2007-12-27 23:14 <DIR> d-------- C:\WINDOWS\EHome
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Program Files\Mattel
2007-12-25 13:50 . 2007-12-25 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Mattel
2007-12-04 11:23 . 2007-12-04 23:16 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-04 11:23 . 2007-12-04 23:16 88 -r-hs---- C:\WINDOWS\system32\B12A0F95F1.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 23:41 --------- d-----w C:\Program Files\Viewpoint
2008-01-02 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-02 21:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-02 21:59 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-01-02 21:59 --------- d-----w C:\Program Files\iTunes
2008-01-02 21:57 --------- d-----w C:\Program Files\QuickTime
2008-01-01 18:15 --------- d-----w C:\Program Files\Trend Micro
2008-01-01 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 07:17 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2007-12-30 23:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-30 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-28 23:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-12-28 01:49 5,923,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-25 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 01:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-11-17 02:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 02:25 --------- d-----w C:\Program Files\iPod
2007-11-17 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 02:23 --------- d-----w C:\Program Files\Apple Software Update
2007-11-17 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-14 20:32 --------- d-----w C:\Program Files\FrostWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-20 17:15 103,327 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_19_11_24_30_small.dmp.zip
2006-10-30 16:26 98,508 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_28_11_48_20_small.dmp.zip
2006-10-19 03:39 132,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_10_18_12_41_12_small.dmp.zip
.
Code: [Select]
------w   968,696 2008-01-01 21:14:57  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe

(((((((((((((((((((((((((((((   snapshot@2008-01-02_16.06.00.76   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-30 00:43:58 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2008-01-02 23:40:32 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2007-12-18 13:27 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2008-01-01 15:14 32768]
"Yahoo! Pager"="1" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-01 15:15 1318912]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2008-01-01 15:15 1261384]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 13:04 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-01 15:14 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2008-01-01 11:39 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-01 11:39 118784]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-01-01 11:39 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-01 15:14 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-01 15:14 221184]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2008-01-01 11:39 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2008-01-01 15:14 135168]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-01 15:14 368706]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2008-01-01 15:14 407032]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-01 11:39 155648]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-01 15:14 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-01 15:14 40048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask            .exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-10 12:08 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
   C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
2007-12-30 02:10 24576 --a------ C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
2006-10-13 21:15 230512 --a------ C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
2006-10-13 21:15 185456 --a------ C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
2003-07-14 13:30 98304 --a------ C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 02:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2007-12-30 23:01 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
   C:\Program Files\Messenger\msmsgs.exe /background
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
   C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
   C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2008-01-01 15:01 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2001-12-20 10:00]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-02-08 04:16]

*Newly Created Service* - VIEWPOINT_MANAGER_SERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 14:49:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.






Code: [Select]
Ran on 2008-01-02 - 19:38:09.75

----a-w   968,696 2008-01-01 21:14:57  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w   158,208 2008-01-01 07:17:56  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 52,736 2008-01-01 17:39:19  C:\WINDOWS\system\hpsysdrv .exe
----a-w   118,784 2008-01-01 17:39:21  C:\WINDOWS\system32\hkcmd .exe
----a-w   483,328 2008-01-01 17:39:22  C:\WINDOWS\system32\hphmon05 .exe
----a-w   155,648 2008-01-01 17:39:46  C:\WINDOWS\system32\igfxtray .exe
----a-w 81,920 2008-01-01 17:39:33  C:\WINDOWS\system32\ps2 .exe

 Entries: 7  (7)
 Directories: 0  Files: 7
 Bytes:  2,019,320  Blocks: 3,944





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55, on 2008-01-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {0B64D814-1BF7-422E-D2A8-14349505E599} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask            .exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161232436812
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9573 bytes







I know how to disable avast... I cannot find where to disable Yahoo AV - I did not even know I had it.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
awtqo & smitfraud c
« Reply #10 on: January 01, 2008, 09:11:45 PM »
Did you DRAG log.txt into RunV.exe

Can you do that step again please
When the log opens, copy>>paste back here the log that opens
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« Reply #11 on: January 01, 2008, 09:17:37 PM »
Code: [Select]
Ran on 2008-01-02 - 20:12:54.09

------w   968,696 2008-01-01 21:14:57  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe

 Entries: 1  (1)
 Directories: 0  Files: 1
 Bytes: 968,696  Blocks: 1,892





while it was running it had this

Could Not Find C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
File not found - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
Could Not Find C:\WINDOWS\system\hpsysdrv.exe
File not found - C:\WINDOWS\system\hpsysdrv .exe
Could Not Find C:\WINDOWS\system32\hkcmd.exe
File not found - C:\WINDOWS\system32\hkcmd .exe
Could Not Find C:\WINDOWS\system32\hphmon05.exe
File not found - C:\WINDOWS\system32\hphmon05 .exe
Could Not Find C:\WINDOWS\system32\igfxtray.exe
File not found - C:\WINDOWS\system32\igfxtray .exe
Could Not Find C:\WINDOWS\system32\ps2.exe
File not found - C:\WINDOWS\system32\ps2 .exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
awtqo & smitfraud c
« Reply #12 on: January 01, 2008, 09:36:12 PM »
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« Reply #13 on: January 01, 2008, 09:55:15 PM »
2Wire Wireless Client
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Stock Photos 1.0
AIM 6
AOL Search
Apple Software Update
AT&T Self Support Tool
AT&T Yahoo! Applications
avast! Antivirus
Barbie Girls
BroadJump Client Foundation
BugOff 1.10
Digital Studio LP v4
FrostWire 4.13.3
HijackThis 2.0.2
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Software Update
HPIZ350
InCD (Ahead Software)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(tm) 6 Update 2
KBD
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2000 SR-1 Professional
Microsoft Office Converter Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
Multimedia Card Reader
Nero - Burning Rom
Nero Media Player
Nero OEM
NeroVision Express 2
Noiseware Community Edition
Opanda IExif 2.26
Otto from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Photodex Presenter
PhotoPresets with One-Click WOW! for Adobe Camera Raw
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RecordNow!
SBC Yahoo! Applications
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
SpamSubtract
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Toolkit View(HP)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Updates from HP
Viewpoint Media Player
Window Washer
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
ZoneAlarm
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
awtqo & smitfraud c
« Reply #14 on: January 01, 2008, 10:07:52 PM »
I want to check on a file
go to this link

http://www.virustotal.com/flash/index_en.html
Copy and paste the Exact path to the file name below in bold under "Upload a File"
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe

Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
« Last Edit: January 01, 2008, 10:11:52 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kmichelle1984

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
awtqo & smitfraud c
« Reply #15 on: January 01, 2008, 10:19:04 PM »
REMOVED, the formatting was unreadable again
But the file came back clean
« Last Edit: January 01, 2008, 10:23:41 PM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
awtqo & smitfraud c
« Reply #16 on: January 01, 2008, 10:40:42 PM »
Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R3 - URLSearchHook: (no name) - {0B64D814-1BF7-422E-D2A8-14349505E599} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis


Can you access your Add/remove programs and remove older versions of Java
We'll update it later
Close your browser windows
Remove
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Javaâ„¢ 6 Update 2

Don't reboot yet
Remain in Add/remove programs and remove the following
Viewpoint Media Player

It's never a good idea to run more than one Active Anti-Virus software
I like Avast, but you decide which to keep
Uninstall either Avast or Yahoo's EZ AV

If you decide to hold onto Avast and prefer to Remove Yahoo's edition
I believe you just click on SBC Yahoo! Applications and click Remove then select the AntiVirus software for removal
If it's not under SBC Yahoo! Applications, it may be under AT&T Yahoo! Applications

After it's removed, again don't reboot the computer yet

Navigate to the following file
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
Can you right click on it and select Rename
Remove the space after the t and before the DOT
So it looks like the following
zlclient.exe
Left click an empty spot to set it

Then reboot your computer
Back in Windows
Although we just removed one Anti-Virus software
Can you, if you can get Internet connection with Internet Explorer
Run and Online Virus scan
Temporarily disable your AV protection before running the scan

Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
        [color=\"#6666CC\"]Extended[/color]
    • Scan Options:
        [color=\"#6666CC\"]Scan Archives[/color]
        [color=\"#6666CC\"]Scan Mail Bases[/color]
        [/list]
        [/list]
        • Click OK and, under select a target to scan, select My Computer
        When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
        There is no option to clean/disinfect, however, we need to analyze the information on the report.


        To obtain the report:
        Click on: Save Report As (above - red blinking arrow)
        Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
        In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
        In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
        Then, click: Save
        Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply

        Also post a fresh hijackthis log
        Logged

        Do you want to post your own logs from FRST?

        Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

        Offline kmichelle1984

        • Newbie
        • *
        • Posts: 16
        • Karma: +0/-0
          • View Profile
        awtqo & smitfraud c
        « Reply #17 on: January 02, 2008, 01:38:17 AM »
        -------------------------------------------------------------------------------
         KASPERSKY ONLINE SCANNER REPORT
         2008-01-03 00:31
         Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
         Kaspersky Online Scanner version: 5.0.98.0
         Kaspersky Anti-Virus database last update:  2/01/2008
         Kaspersky Anti-Virus database records: 501277
        -------------------------------------------------------------------------------

        Scan Settings:
         Scan using the following antivirus database: extended
         Scan Archives: true
         Scan Mail Bases: true

        Scan Target - My Computer:
         A:\
         C:\
         D:\
         E:\
         F:\
         G:\
         H:\
         I:\

        Scan Statistics:
         Total number of scanned objects: 92969
         Number of viruses found: 15
         Number of infected objects: 366
         Number of suspicious objects: 2
         Duration of the scan process: 01:23:59

        Infected Object Name / Virus Name / Last Action
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
        C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
        C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
        C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
        C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
        C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
        C:\Documents and Settings\Owner\Shared\Adobe Photoshop CS3 10.0 Extended Keygen\Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
        C:\Documents and Settings\Owner\Shared\Adobe Photoshop CS3 10.0 Extended Keygen\f.exe Infected: not-a-virus:PSWTool.Win32.FirePass.a skipped
        C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
        C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
        C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
        C:\Documents and Settings\Owner\Shared\photoshop cs3\setup.exe NSIS: infected - 3 skipped
        C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
        C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
        C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
        C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
        C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
        C:\QooBox\Quarantine\C\hp\KBD\KBD.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\AIM6\aim6.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\ALWILS~1\Avast4\ashDisp.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\BroadJump\Client Foundation\CFD.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\HP\Digital Imaging\bin\backupnotify.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\Java\jre1.6.0_02\bin\jusched.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\Multimedia Card Reader\shwicon2k.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask            .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask           .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask          .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask         .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask        .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask       .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask      .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask     .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask    .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask   .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask  .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\Webroot\Washer\wwDisp.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\Yahoo!\browser\ybrwicon.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\Program Files\Yahoo!\YOP\yop.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\awtqo.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\awtqo.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\hkcmd.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\hphmon05.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\hpsysdrv.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\igfxtray.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\ljjjkll.dll.bad.vir Infected: Trojan-Downloader.Win32.Small.hkd skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\msconfig.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\VundoFix Backups\ps2.exe.bad.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Crack.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
        C:\QooBox\Quarantine\C\WINDOWS\Fonts\Crack.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\WINDOWS\SMINST\RECGUARD.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\ardCo18\ardCo182328.exe.vir Infected: Trojan-Downloader.Win32.VB.caw skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\awtqo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\awtqo.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\ljjjkll.dll.vir Infected: Trojan-Downloader.Win32.Small.hkd skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\plyodmp.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\RCX4B.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\C\winlogon.exe.vir Infected: not-a-virus:PSWTool.Win32.PassView.p skipped
        C:\QooBox\Quarantine\catchme2008-01-02_160033.34.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped
        C:\QooBox\Quarantine\catchme2008-01-02_160033.34.zip/zlclient.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\QooBox\Quarantine\catchme2008-01-02_160033.34.zip ZIP: infected - 2 skipped
        C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP584\A0086905.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP584\A0086954.exe Infected: Trojan.Win32.Agent.cmn skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087024.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087026.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087027.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087029.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087030.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087031.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087032.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087033.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087034.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087035.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087036.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087037.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087038.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087039.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087040.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087041.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087043.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087044.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087045.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087046.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087047.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087048.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087052.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087061.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087062.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087064.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087066.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087067.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087068.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087069.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087070.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087071.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087072.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087073.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087074.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087075.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087076.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087077.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087078.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087079.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087082.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087083.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087084.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087086.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087087.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087088.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087089.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0087108.exe Infected: Trojan.Win32.Agent.cmn skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088057.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088061.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088063.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088064.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088065.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088066.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088067.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088069.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088071.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088072.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088073.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088074.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088075.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088076.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088077.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088078.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088079.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088081.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088082.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088084.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088085.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP585\A0088086.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090777.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090912.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090913.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090915.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090918.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090919.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090920.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090921.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090922.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090923.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090925.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090926.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090927.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090928.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090929.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090930.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090931.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090932.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090933.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090934.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090935.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0090936.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP586\A0091052.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093199.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093200.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093205.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093206.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093207.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093208.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093209.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093210.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093211.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093212.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093213.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093214.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093215.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093216.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093217.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093218.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093219.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093220.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093221.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0093222.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099263.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099264.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099266.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099267.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099268.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099269.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099271.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099272.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099274.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099275.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099276.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099277.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099278.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099279.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099280.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099281.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099282.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099283.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099284.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099285.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099286.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099287.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP587\A0099289.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104680.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104681.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104683.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104684.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104685.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104687.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104689.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104691.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104692.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104693.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104694.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104695.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104696.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104697.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104698.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104699.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104701.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104703.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP588\A0104706.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105360.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105361.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105362.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105363.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105364.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105365.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105367.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105368.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105369.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105370.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105371.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105372.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105373.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105374.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105375.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105376.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105377.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0105378.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107654.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107657.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107659.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107660.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107661.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107662.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107663.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107664.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107665.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107666.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107667.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107668.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107669.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107670.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107671.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107672.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107673.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107675.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107676.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107689.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107699.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107700.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107702.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107704.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107706.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107707.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107708.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107710.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107711.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107712.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107713.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107724.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107784.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107785.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107788.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107789.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107790.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107791.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107792.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107793.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107794.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107796.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107817.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107818.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107819.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107820.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107821.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107822.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107827.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107828.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107829.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107830.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107831.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107832.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107833.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107834.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107835.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107836.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107837.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107838.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107839.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107840.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107859.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107860.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107865.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107867.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107869.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107871.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107872.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107873.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107874.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107875.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP589\A0107876.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107887.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107889.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107890.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107891.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107892.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107893.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107894.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107895.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107896.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107897.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107898.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107899.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP590\A0107900.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107906.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107907.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107908.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107909.dll Infected: Trojan-Downloader.Win32.Small.hkd skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107910.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107911.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107912.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107913.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107914.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107915.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107916.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107917.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107918.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107919.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107920.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107921.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107922.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107923.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107924.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107925.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107926.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107927.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107928.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107929.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107930.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107931.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107932.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107933.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107934.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107935.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107936.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107937.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107938.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107939.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107940.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP591\A0107941.exe Infected: not-a-virus:PSWTool.Win32.PassView.p skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP592\A0108151.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
        C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP595\change.log Object is locked skipped
        C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
        C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
        C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
        C:\WINDOWS\Internet Logs\HP.ldb Object is locked skipped
        C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
        C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
        C:\WINDOWS\PCHealth\HelpCtr\Binaries\OLD40.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
        C:\WINDOWS\SchedLgU.Txt Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\EventCache\{259B25E8-1922-432C-A6DB-D10B0FF62A10}.bin Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
        C:\WINDOWS\Sti_Trace.log Object is locked skipped
        C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
        C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
        C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
        C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\default Object is locked skipped
        C:\WINDOWS\system32\config\default.LOG Object is locked skipped
        C:\WINDOWS\system32\config\SAM Object
        Logged

        Offline guestolo

        • Site Donator
        • Administrator
        • Hero Member
        • *****
        • Posts: 16034
        • Karma: +1/-0
          • View Profile
          • http://
        awtqo & smitfraud c
        « Reply #18 on: January 02, 2008, 01:53:22 AM »
        I'm off to bed soon
        Before I go, can you do me a quick favor
        Delete log.txt from desktop
        Run RenV.exe one more time and post the log

        Also, let me know how things are running
        « Last Edit: January 02, 2008, 01:54:10 AM by guestolo »
        Logged

        Do you want to post your own logs from FRST?

        Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

        Offline kmichelle1984

        • Newbie
        • *
        • Posts: 16
        • Karma: +0/-0
          • View Profile
        awtqo & smitfraud c
        « Reply #19 on: January 02, 2008, 02:51:27 AM »
        Code: [Select]
        Ran on 2008-01-03 -  1:44:03.12

         Entries: 0  (0)
         Directories: 0  Files: 0
         Bytes:  0  Blocks: 0


        Firefox & zonealarm are working at the moment.  Internet explorer does not work - but I think I caused that when I deleted some files. Is is okay to turn avast back on?  
        thanks.
        Logged
        Pages: [1] 2
        « previous next »