Vundo

[ixjerryxi]

[quote name=\'guestolo\' post=\'420380\' date=\'Jan 29 2008, 07:12 PM\']Looks as if Kaspersky's still found bad guys in your F:\ and H:\ drives
What drives do those letters represent?
eg... Such as an External harddrive[/quote]


The F: drive is my secondary internal HD
The H: drive is my usb flash drive

[guestolo]

Did you plug the USB Flash drive in when you did fixes with Flash_Disinfector and Combofix?

[ixjerryxi]

[quote name=\'guestolo\' post=\'420403\' date=\'Jan 29 2008, 09:29 PM\']Did you plug the USB Flash drive in when you did fixes with Flash_Disinfector and Combofix?[/quote]


yes

[guestolo]

Open the Windows Control panel and open the Java icon
Clear the temp files
Exit

Your flash drive still has infected files, DO NOT share this with other infected computers in your household till the other computers are clean and this machine also
Insert the Usb drive into the computer
If it wants to autostart, just close the prompt

Afterwards:
Delete cfscript.txt on desktop, we're going to redo this step

==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

File::
F:\awda2.exe
F:\d.com
F:\juok3st.bat
F:\m1t8ta.com
F:\n1deiect.com
F:\nideiect.com
F:\ntde1ect.com
F:\qd.cmd
F:\tio8x6.cmd
F:\usdeiect.com
F:\uxdeiect.com
F:\xn1i9x.com
F:\xo8wr9.exe
F:\ylr.exe
H:\juok3st.bat
H:\autorun.inf
H:\xn1i9x.com
H:\awda2.exe
H:\d.com
H:\qd.cmd
H:\m1t8ta.com

Save this as txtfile on your desktop
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
Post that log back here

[ixjerryxi]

[quote name=\'guestolo\' post=\'420406\' date=\'Jan 29 2008, 09:45 PM\']Open the Windows Control panel and open the Java icon
Clear the temp files
Exit

Your flash drive still has infected files, DO NOT share this with other infected computers in your household till the other computers are clean and this machine also
Insert the Usb drive into the computer
If it wants to autostart, just close the prompt

Afterwards:
Delete cfscript.txt on desktop, we're going to redo this step

==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work


Save this as txtfile on your desktop
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
Post that log back here[/quote]


ComboFix 08-01-29.3 - Administrator 2008-01-29 22:08:02.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.637 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE
F:\awda2.exe
F:\d.com
F:\juok3st.bat
F:\m1t8ta.com
F:\n1deiect.com
F:\nideiect.com
F:\ntde1ect.com
F:\qd.cmd
F:\tio8x6.cmd
F:\usdeiect.com
F:\uxdeiect.com
F:\xn1i9x.com
F:\xo8wr9.exe
F:\ylr.exe
H:\autorun.inf
H:\awda2.exe
H:\d.com
H:\juok3st.bat
H:\m1t8ta.com
H:\qd.cmd
H:\xn1i9x.com
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\awda2.exe
F:\d.com
F:\juok3st.bat
F:\m1t8ta.com
F:\n1deiect.com
F:\nideiect.com
F:\ntde1ect.com
F:\qd.cmd
F:\tio8x6.cmd
F:\usdeiect.com
F:\uxdeiect.com
F:\xn1i9x.com
F:\xo8wr9.exe
F:\ylr.exe
F:\awda2.exe
F:\d.com
F:\juok3st.bat
F:\m1t8ta.com
F:\n1deiect.com
F:\nideiect.com
F:\ntde1ect.com
F:\qd.cmd
F:\tio8x6.cmd
F:\usdeiect.com
F:\uxdeiect.com
F:\xn1i9x.com
F:\xo8wr9.exe
F:\ylr.exe
H:\autorun.inf . . . . failed to delete
H:\awda2.exe . . . . failed to delete
H:\d.com . . . . failed to delete
H:\juok3st.bat . . . . failed to delete
H:\m1t8ta.com . . . . failed to delete
H:\qd.cmd . . . . failed to delete
H:\xn1i9x.com . . . . failed to delete
H:\autorun.inf . . . . failed to delete
H:\awda2.exe . . . . failed to delete
H:\d.com . . . . failed to delete
H:\juok3st.bat . . . . failed to delete
H:\m1t8ta.com . . . . failed to delete
H:\qd.cmd . . . . failed to delete
H:\xn1i9x.com . . . . failed to delete

.
(((((((((((((((((((((((((   Files Created from 2007-12-28 to 2008-01-30  )))))))))))))))))))))))))))))))
.

2008-01-29 02:45 . 2008-01-29 02:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-29 02:45 . 2008-01-29 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-25 09:11 . 2008-01-28 17:58 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-25 09:11 . 2008-01-28 17:58 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-24 04:16 . 2008-01-24 04:16 <DIR> d-------- C:\Program Files\Abexo
2008-01-24 00:38 . 2004-08-04 03:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-24 00:38 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-24 00:38 . 2004-08-04 07:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-01-24 00:38 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-24 00:38 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-24 00:38 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-24 00:38 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-24 00:38 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-24 00:36 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-24 00:35 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-24 00:34 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-24 00:33 . 2004-08-04 01:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-24 00:32 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-24 00:31 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-01-24 00:30 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-24 00:29 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-24 00:28 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-24 00:27 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-24 00:26 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-23 23:01 . 2008-01-28 22:17 <DIR> d-------- C:\VundoFix Backups
2008-01-23 00:45 . 2008-01-23 00:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 22:02 . 2008-01-22 22:02 435 --a------ C:\WINDOWS\system32\Shortcut to system32.lnk
2008-01-22 22:00 . 2008-01-22 23:55 289 --a------ C:\WINDOWS\wininit.ini
2008-01-22 20:40 . 2008-01-22 20:40 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-11 18:07 . 2008-01-11 18:07 <DIR> d-------- C:\Program Files\Jabra
2008-01-11 18:07 . 2008-01-11 18:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jabra
2007-12-16 16:52 . 2007-12-16 16:52 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-16 16:52 . 2007-12-16 16:52 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-15 18:51 . 2007-12-15 18:51 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-15 18:49 . 2007-12-15 18:49 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-15 18:49 . 2007-12-15 18:50 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-06 17:20 . 2008-01-23 15:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-06 17:20 . 2007-12-06 17:20 1,409 --a------ C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 07:47 --------- d-----w C:\Program Files\Viewpoint
2008-01-29 07:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-29 07:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Viewpoint
2008-01-27 18:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-25 07:25 --------- d-----w C:\Program Files\HP
2008-01-24 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-24 00:38 --------- d-----w C:\Program Files\Winamp
2008-01-24 00:37 --------- d-----w C:\Program Files\QuickTime
2008-01-24 00:37 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-24 00:37 --------- d-----w C:\Program Files\iTunes
2008-01-17 04:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2008-01-16 02:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-15 23:41 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-03 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-01-03 02:22 --------- d-----w C:\Program Files\Creative
2008-01-03 02:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 23:27 --------- d-----w C:\Program Files\mIRC
2007-12-07 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-06 22:19 --------- d-----w C:\Program Files\iPod
2007-12-06 03:36 --------- d-----w C:\Program Files\AIM6
2007-12-06 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-28 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-09-19 01:07 20,688 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-04-12 04:41 92,064 ----a-w C:\Documents and Settings\Administrator\mqdmmdm.sys
2007-04-12 04:41 9,232 ----a-w C:\Documents and Settings\Administrator\mqdmmdfl.sys
2007-04-12 04:41 79,328 ----a-w C:\Documents and Settings\Administrator\mqdmserd.sys
2007-04-12 04:41 66,656 ----a-w C:\Documents and Settings\Administrator\mqdmbus.sys
2007-04-12 04:41 6,208 ----a-w C:\Documents and Settings\Administrator\mqdmcmnt.sys
2007-04-12 04:41 5,936 ----a-w C:\Documents and Settings\Administrator\mqdmwhnt.sys
2007-04-12 04:41 4,048 ----a-w C:\Documents and Settings\Administrator\mqdmcr.sys
2007-04-12 04:41 25,600 ----a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
2007-04-12 04:41 22,768 ----a-w C:\Documents and Settings\Administrator\usbsermpt.sys
2005-01-14 06:28 0 -c-h--w C:\Program Files\ENYOLINK Settings
2004-11-19 05:05 3,546 -c--a-w C:\Program Files\uninstal.log
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-28 17:58 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-30 12:19 4628480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-11-30 12:19 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 11:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [2005-08-07 17:10 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 17:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-07-22 15:50:16 577597]
Color Calibration.lnk - C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe [2005-01-17 21:40:40 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-10-08 19:34:22 434176]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-01-17 21:40:17 155715]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-11-30 12:19 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"IDriverT"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)

R3 ATIDACXX;ATI DTV Wonder Analog Audio Capture Device;C:\WINDOWS\system32\drivers\atidacxx.sys [2005-09-26 20:21]
R3 ATIDDCXX;ATI DTV Wonder Digital BDA Capture Device;C:\WINDOWS\system32\drivers\atiddcxx.sys [2005-09-26 20:20]
R3 ATIDTUXX;ATI DTV Wonder Digital And Analog Tuner Device;C:\WINDOWS\system32\drivers\atidtuxx.sys [2005-09-26 20:21]
R3 ATIDVCXX;ATI DTV Wonder Analog AV Capture Device;C:\WINDOWS\system32\drivers\atidvcxx.sys [2005-09-26 20:20]
R3 ATIDXBXX;ATI DTV Wonder Analog AV Crossbar Device;C:\WINDOWS\system32\drivers\atidxbxx.sys [2005-09-26 20:20]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 16:54]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 09:05]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 09:05]
S3 S3SAV2K;S3SAV2K;C:\WINDOWS\system32\DRIVERS\s3sav2km.sys [2004-09-25 21:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 19:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 22:16:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Logitech\SetPoint\GameHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-01-29 22:21:56 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-30 03:21:53
ComboFix2.txt  2008-01-29 06:39:54
ComboFix3.txt  2008-01-29 05:32:42
.
2008-01-13 01:42:12 --- E O F ---

[guestolo]

Does the flash drive have write protection enabled, locked down?

Can you try the following
 download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

• Save it to your desktop.
  
• Double-click OTMoveIt2.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  ==============================================================================
  
  H:\awda2.exe
  H:\d.com
  H:\juok3st.bat
  H:\m1t8ta.com
  H:\qd.cmd
  H:\xn1i9x.com
  H:\autorun.inf
  H:\awda2.exe
  H:\d.com
  H:\juok3st.bat
  H:\m1t8ta.com
  H:\qd.cmd
  H:\xn1i9x.com
  
  ==============================================================================
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window  and choose Paste.
  
  
• Click the red [color=\"red\"]Moveit![/color] button.
  
• Close OTMoveIt2
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Post that log please

[ixjerryxi]

[quote name=\'guestolo\' post=\'420416\' date=\'Jan 29 2008, 11:06 PM\']Does the flash drive have write protection enabled, locked down?

Can you try the following
download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

• Save it to your desktop.
  
• Double-click OTMoveIt2.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  ==============================================================================
  
  H:\awda2.exe
  H:\d.com
  H:\juok3st.bat
  H:\m1t8ta.com
  H:\qd.cmd
  H:\xn1i9x.com
  H:\autorun.inf
  H:\awda2.exe
  H:\d.com
  H:\juok3st.bat
  H:\m1t8ta.com
  H:\qd.cmd
  H:\xn1i9x.com
  
  ==============================================================================
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window and choose Paste.
  
• Click the red [color=\"red\"]Moveit![/color] button.
  
• Close OTMoveIt2
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Post that log please[/quote]

The write protect is not enabled

[Custom Input]
< H:\awda2.exe  >
File/Folder H:\awda2.exe not found.
< H:\d.com >
File/Folder H:\d.com not found.
< H:\juok3st.bat >
File/Folder H:\juok3st.bat not found.
< H:\m1t8ta.com >
File/Folder H:\m1t8ta.com not found.
< H:\qd.cmd >
File/Folder H:\qd.cmd not found.
< H:\xn1i9x.com >
File/Folder H:\xn1i9x.com not found.
< H:\autorun.inf >
File delete failed. H:\autorun.inf\lpt3.This folder was created by Flash_Disinfector scheduled to be deleted on reboot.
Folder move failed. H:\autorun.inf scheduled to be moved on reboot.
< H:\awda2.exe >
File/Folder H:\awda2.exe not found.
< H:\d.com >
File/Folder H:\d.com not found.
< H:\juok3st.bat >
File/Folder H:\juok3st.bat not found.
< H:\m1t8ta.com >
File/Folder H:\m1t8ta.com not found.
< H:\qd.cmd  >
File/Folder H:\qd.cmd not found.
< H:\xn1i9x.com >
File/Folder H:\xn1i9x.com not found.
 
OTMoveIt2 v1.0.16 log created on 01302008_203737

[ixjerryxi]

Just want to let you know that everytime I reboot my printer driver installation boots up also and when I open certain programs the Roxio Easy CD creator starts installing itself again.

[guestolo]

I'm more worried about your flash drive right now
Can you insert it to  the computer and hold down the SHIFT key as you do so
so it wont autostart
Navigate to MyComputer,  it you have nothing  to save on it
Right click on it and FORMAT it

What printer do  you have, there's thousand's out there
Give me a clue as to the one that's not  working for you

[ixjerryxi]

[quote name=\'guestolo\' post=\'420538\' date=\'Jan 31 2008, 01:05 AM\']I'm more worried about your flash drive right now
Can you insert it to the computer and hold down the SHIFT key as you do so
so it wont autostart
Navigate to MyComputer, it you have nothing to save on it
Right click on it and FORMAT it

What printer do you have, there's thousand's out there
Give me a clue as to the one that's not working for you[/quote]


I have HP PSC 2400 it's working fine but it'll reinstall itself once I put in the flashdrive or sometimes when I restart my computer.  It hasn't done that since you told me to do all those scans, but once I put in the flashdrive it popped up again.  I'm thinking it has something to do with the trojan on my computer.  There's not way to save the date on the flashdrive?

Also when I right click on the flashdrive from my computer it starts installing Roxio Easy CD Creator and when I plug in the flashdrive I held down shift the printer driver installation popped up again.

[guestolo]

Unfortunately, some files that were infected earlier were related to your Printer and Roxio

I don't know what happened to those files, unless you had a scanner delete them or you used combofix more than the times I had you use it

Let's try the following
Delete your version of combofix

Then redownload it
Before doing anything else
Insert your Flash drive to the computer, hold down the Shift key so it won't autostart
Then transfer any files you want to keep on it to your computer harddrive
Then format it

Afterwards:
Do the following
Delete cfscript.txt as we're going to redo it and see if it's some help

==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

RenV::
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\ATI Multimedia\main\ATIDtct .EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML .exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET .EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon .exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe
C:\Program Files\Winamp\winampa .exe
C:\WINDOWS\UpdReg .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\NeroCheck .exe

Save this as txtfile on your desktop
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..

Post back all the following

1. Post the log from combofix >>C:\Combofix.txt
2. Run a fresh Scan>>save logfile with Hijackthis and post it's log too

[ixjerryxi]

ComboFix 08-02.01.2 - Administrator 2008-01-31 21:56:37.10 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.628 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((   Files Created from 2008-01-01 to 2008-02-01  )))))))))))))))))))))))))))))))
.

2008-01-30 20:14 . 2008-01-30 20:14   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-01-30 20:14 . 2008-01-30 20:14   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-25 09:11 . 2008-01-28 17:58   15,360   --a--c---   C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-25 09:11 . 2008-01-28 17:58   15,360   --a------   C:\WINDOWS\system32\ctfmon.exe
2008-01-24 04:16 . 2008-01-24 04:16   <DIR>   d--------   C:\Program Files\Abexo
2008-01-24 00:38 . 2004-08-04 03:56   116,224   --a--c---   C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-24 00:38 . 2001-08-17 22:37   99,865   --a--c---   C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-24 00:38 . 2004-08-04 07:00   28,288   --a--c---   C:\WINDOWS\system32\dllcache\xjis.nls
2008-01-24 00:38 . 2001-08-17 22:37   27,648   --a--c---   C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-24 00:38 . 2001-08-17 22:36   23,040   --a--c---   C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-24 00:38 . 2001-08-17 22:36   17,408   --a--c---   C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-24 00:38 . 2001-08-17 12:11   16,970   --a--c---   C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-24 00:38 . 2001-08-17 22:37   4,608   --a--c---   C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-24 00:36 . 2001-08-17 13:28   794,654   --a--c---   C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-24 00:35 . 2001-08-17 22:36   495,616   --a--c---   C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-24 00:34 . 2001-08-17 13:28   899,146   --a--c---   C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-24 00:33 . 2004-08-04 01:31   132,695   --a--c---   C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-24 00:32 . 2001-08-17 13:28   802,683   --a--c---   C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-24 00:31 . 2001-08-17 13:28   907,456   --a--c---   C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-01-24 00:30 . 2001-08-17 14:56   1,733,120   --a--c---   C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-24 00:29 . 2001-08-17 12:13   980,034   --a--c---   C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-24 00:28 . 2001-08-17 13:28   871,388   --a--c---   C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-24 00:27 . 2001-08-17 13:28   762,780   --a--c---   C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-24 00:26 . 2001-08-17 14:56   66,048   --a--c---   C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-23 23:01 . 2008-01-28 22:17   <DIR>   d--------   C:\VundoFix Backups
2008-01-23 00:45 . 2008-01-23 00:45   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-22 22:02 . 2008-01-22 22:02   435   --a------   C:\WINDOWS\system32\Shortcut to system32.lnk
2008-01-22 22:00 . 2008-01-22 23:55   289   --a------   C:\WINDOWS\wininit.ini
2008-01-22 20:40 . 2008-01-22 20:40   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-01-11 18:07 . 2008-01-11 18:07   <DIR>   d--------   C:\Program Files\Jabra
2008-01-11 18:07 . 2008-01-11 18:07   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Jabra

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 07:04   ---------   d-----w   C:\Program Files\Microsoft Silverlight
2008-01-31 01:24   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\U3
2008-01-29 07:47   ---------   d-----w   C:\Program Files\Viewpoint
2008-01-29 07:47   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-29 07:47   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\Viewpoint
2008-01-27 18:25   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-25 07:25   ---------   d-----w   C:\Program Files\HP
2008-01-24 08:04   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-24 00:38   ---------   d-----w   C:\Program Files\Winamp
2008-01-24 00:37   ---------   d-----w   C:\Program Files\QuickTime
2008-01-24 00:37   ---------   d-----w   C:\Program Files\Microsoft ActiveSync
2008-01-24 00:37   ---------   d-----w   C:\Program Files\iTunes
2008-01-16 02:24   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-03 05:55   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Creative
2008-01-03 02:22   ---------   d-----w   C:\Program Files\Creative
2008-01-03 02:21   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-16 23:27   ---------   d-----w   C:\Program Files\mIRC
2007-12-15 23:51   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2007-12-07 22:32   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-06 22:19   ---------   d-----w   C:\Program Files\iPod
2007-12-06 03:36   ---------   d-----w   C:\Program Files\AIM6
2007-12-06 03:35   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-02 21:11   22,528   ----a-w   C:\WINDOWS\system32\wsock32.dll
2007-11-07 09:26   721,920   ----a-w   C:\WINDOWS\system32\lsasrv.dll
2007-09-19 01:07   20,688   -c--a-w   C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-04-12 04:41   92,064   ----a-w   C:\Documents and Settings\Administrator\mqdmmdm.sys
2007-04-12 04:41   9,232   ----a-w   C:\Documents and Settings\Administrator\mqdmmdfl.sys
2007-04-12 04:41   79,328   ----a-w   C:\Documents and Settings\Administrator\mqdmserd.sys
2007-04-12 04:41   66,656   ----a-w   C:\Documents and Settings\Administrator\mqdmbus.sys
2007-04-12 04:41   6,208   ----a-w   C:\Documents and Settings\Administrator\mqdmcmnt.sys
2007-04-12 04:41   5,936   ----a-w   C:\Documents and Settings\Administrator\mqdmwhnt.sys
2007-04-12 04:41   4,048   ----a-w   C:\Documents and Settings\Administrator\mqdmcr.sys
2007-04-12 04:41   25,600   ----a-w   C:\Documents and Settings\Administrator\usbsermptxp.sys
2007-04-12 04:41   22,768   ----a-w   C:\Documents and Settings\Administrator\usbsermpt.sys
2005-01-14 06:28   0   -c-h--w   C:\Program Files\ENYOLINK Settings
2004-11-19 05:05   3,546   -c--a-w   C:\Program Files\uninstal.log
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-28 17:58 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-30 12:19 4628480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-11-30 12:19 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 11:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [2005-08-07 17:10 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 17:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-07-22 15:50:16 577597]
Color Calibration.lnk - C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe [2005-01-17 21:40:40 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-10-08 19:34:22 434176]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-01-17 21:40:17 155715]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-11-30 12:19 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"IDriverT"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)

R3 ATIDACXX;ATI DTV Wonder Analog Audio Capture Device;C:\WINDOWS\system32\drivers\atidacxx.sys [2005-09-26 20:21]
R3 ATIDDCXX;ATI DTV Wonder Digital BDA Capture Device;C:\WINDOWS\system32\drivers\atiddcxx.sys [2005-09-26 20:20]
R3 ATIDTUXX;ATI DTV Wonder Digital And Analog Tuner Device;C:\WINDOWS\system32\drivers\atidtuxx.sys [2005-09-26 20:21]
R3 ATIDVCXX;ATI DTV Wonder Analog AV Capture Device;C:\WINDOWS\system32\drivers\atidvcxx.sys [2005-09-26 20:20]
R3 ATIDXBXX;ATI DTV Wonder Analog AV Crossbar Device;C:\WINDOWS\system32\drivers\atidxbxx.sys [2005-09-26 20:20]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 16:54]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 09:05]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 09:05]
S3 S3SAV2K;S3SAV2K;C:\WINDOWS\system32\DRIVERS\s3sav2km.sys [2004-09-25 21:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 19:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:00:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Logitech\SetPoint\GameHook.dll
.
Completion time: 2008-01-31 22:01:35
ComboFix-quarantined-files.txt  2008-02-01 03:01:06
ComboFix2.txt  2008-01-31 07:16:08
ComboFix3.txt  2008-01-31 06:54:00
ComboFix4.txt  2008-01-31 01:35:23
ComboFix5.txt  2008-01-30 03:21:56
.
2008-01-13 01:42:12   --- E O F ---  


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:59 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = forbin.qc.edu:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095300908968
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7385 bytes

[guestolo]

Is AVAST running properly?
If it's realtime protections are disabled can you reenable them and post a fresh hijackthis log
Let me know if it's running ok

Also, can you enter your Windows Control panel and open Printer and Faxes
How many printer do you have installed?
Are they all the same printer?

Can you also post the next log
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

[ixjerryxi]

[quote name=\'guestolo\' post=\'420612\' date=\'Jan 31 2008, 10:12 PM\']Is AVAST running properly?
If it's realtime protections are disabled can you reenable them and post a fresh hijackthis log
Let me know if it's running ok

Also, can you enter your Windows Control panel and open Printer and Faxes
How many printer do you have installed?
Are they all the same printer?

Can you also post the next log
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents[/quote]

I can't reenable the resident protection.  There's no option for it.  I have 4 printers installed one of them is a fax, the 2400 is a printer scanner copier and fax.  


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:32 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = forbin.qc.edu:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095300908968
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7418 bytes




Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
AIM 6
AOL Instant Messenger
Apache HTTP Server 1.3.29
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Decoder
ATI Decoder
ATI Multimedia Center 9.13
ATI Parental Control & Encoder
ATI Remote Wonder 3.0
Avanquest update
avast! Antivirus
AviSynth 2.5
BiAdmin
BitPim 0.9.03
BitTorrent 3.4.2
Blaze Media Pro
BT8010 Control Center version 1.3
Combined Community Codec Pack 2007-02-22
Commandos 3 - Destination Berlin
Cool Edit Pro 2.0
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
DAO
Data Lifeguard Tools
DivX Web Player
DVD Shrink 3.2
Easy CD & DVD Creator 6
Free CD Ripper 3.1
GdiplusUpgrade
Ghost Recon
Google Talk (remove only)
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV IR Blaster
Hauppauge WinTV Scheduler
Hauppauge WinTV2000
Hauppauge WinTV-PVR 150 Drivers
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Image Zone 3.5
HP Product Detection
HP PSC & OfficeJet 3.5
HP Update
Intel® PRO Network Adapters and Drivers
InterVideo FilterSDK for Hauppauge
InterVideo WinDVD 4
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Java(tm) 6 Update 3
Kaspersky Online Scanner
LimeWire PRO 4.8.1
Logitech Desktop Messenger
Logitech SetPoint
MagicTune 2.5
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Motorola Driver Installation
Motorola Phone Tools
Motorola PST
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Natural Color
Nero 6 Ultra Edition
NVIDIA Drivers
overland
PHP 4.3.9
Print Server Driver
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sniffy Pro For Windows
Sound Blaster X-Fi
SPSS 8.0 for Windows
SSH Secure Shell
Steam
TeamSpeak 2 RC2
TitanTV Client components for ATI
TVUPlayer 2.2.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Ventrilo Client
VideoLAN VLC media player 0.8.2
Videora iPod Converter 0.91
WIBU-KEY Setup (WIBU-KEY Remove)
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec

[guestolo]

Let's try a couple steps
Avast need replacing and also appears Sun Java

Go to the following link and redownload Avast
and save too desktop for now
http://www.avast.com/eng/download-avast-home.html

Go to the next link and save the latest version of Sun Java to desktop
http://java.sun.com/javase/downloads/?intcmp=1281
At the link click on DOWNLOAD beside>>Java Runtime Environment (JRE) 6 Update 4
Select WINDOWS platform and then put a tick in "I agree to the Java SE Runtime Environment 6 License Agreement"
Then select CONTINUE

Next page select the Windows Offline Installation >>15.12 MB
jre-6u4-windows-i586-p.exe

Access your add/remove programs and remove all older versions of Sun Java
This includes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Javaâ„¢ 6 Update 3

Afterwards: Remove your version of avast! Antivirus
Reboot the computer afterwards

If you have trouble removing Avast
Download and run their uninstaller
http://www.avast.com/eng/avast-uninstall-utility.html

After the above has been uninstalled and you have restarted
Go ahead and install the latest version of Sun Java and Avast again
Don't forget to reregister Avast

Run a complete scan with Avast rebooting afterwards
Come back and let me know how things are running and we'll take it from there

[ixjerryxi]

[quote name=\'guestolo\' post=\'420701\' date=\'Feb 1 2008, 08:08 PM\']Let's try a couple steps
Avast need replacing and also appears Sun Java

Go to the following link and redownload Avast
and save too desktop for now
http://www.avast.com/eng/download-avast-home.html

Go to the next link and save the latest version of Sun Java to desktop
http://java.sun.com/javase/downloads/?intcmp=1281
At the link click on DOWNLOAD beside>>Java Runtime Environment (JRE) 6 Update 4
Select WINDOWS platform and then put a tick in "I agree to the Java SE Runtime Environment 6 License Agreement"
Then select CONTINUE

Next page select the Windows Offline Installation >>15.12 MB
jre-6u4-windows-i586-p.exe

Access your add/remove programs and remove all older versions of Sun Java
This includes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Javaâ„¢ 6 Update 3

Afterwards: Remove your version of avast! Antivirus
Reboot the computer afterwards

If you have trouble removing Avast
Download and run their uninstaller
http://www.avast.com/eng/avast-uninstall-utility.html

After the above has been uninstalled and you have restarted
Go ahead and install the latest version of Sun Java and Avast again
Don't forget to reregister Avast

Run a complete scan with Avast rebooting afterwards
Come back and let me know how things are running and we'll take it from there[/quote]


Avast found a lot of trojans and viruses.  I try to move it to the chest but it says error.

[guestolo]

Can you post the log from Avast?
Right click the Avast icon by the clock you should have an option to view logs

[ixjerryxi]

2/2/2008 1:27:53 PM   Administrator   2156   Function setifaceUpdatePackages() has failed. Return code is 0x2000001A, dwRes is 2000001A.  
2/2/2008 1:47:50 PM   Administrator   1164   Sign of "Other:Malware-gen" has been found in "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-42399452.zip\vmain.class" file.  
2/2/2008 2:18:53 PM   Administrator   1164   Sign of "Other:Malware-gen" has been found in "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-1dadae47.zip\vmain.class" file.  
2/2/2008 2:18:55 PM   Administrator   1164   Sign of "Other:Malware-gen" has been found in "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-6c9447f2.zip\vmain.class" file.  
2/2/2008 3:21:34 PM   Administrator   1164   Sign of "Win32:AutoRun-OM [Wrm]" has been found in "C:\QooBox\Quarantine\C\d.com.vir" file.  
2/2/2008 3:21:53 PM   Administrator   1164   Sign of "Win32:AutoRun-OK [Wrm]" has been found in "C:\QooBox\Quarantine\C\juok3st.bat.vir" file.  
2/2/2008 3:21:55 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAA [Trj]" has been found in "C:\QooBox\Quarantine\C\m1t8ta.com.vir" file.  
2/2/2008 3:21:57 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVY [Trj]" has been found in "C:\QooBox\Quarantine\C\n1deiect.com.vir" file.  
2/2/2008 3:21:57 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVH [Trj]" has been found in "C:\QooBox\Quarantine\C\nideiect.com.vir" file.  
2/2/2008 3:21:58 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\QooBox\Quarantine\C\ntde1ect.com.vir" file.  
2/2/2008 3:21:59 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\C\qd.cmd.vir" file.  
2/2/2008 3:22:00 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\QooBox\Quarantine\C\tio8x6.cmd.vir" file.  
2/2/2008 3:22:00 PM   Administrator   1164   Sign of "Win32:Agent-PSQ [Rtk]" has been found in "C:\QooBox\Quarantine\C\usdeiect.com.vir" file.  
2/2/2008 3:22:01 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\avpo.exe.vir" file.  
2/2/2008 3:22:01 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\avpo0.dll.vir" file.  
2/2/2008 3:22:02 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\avpo1.dll.vir" file.  
2/2/2008 3:22:03 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\C\xn1i9x.com.vir" file.  
2/2/2008 3:22:04 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\C\xo8wr9.exe.vir" file.  
2/2/2008 3:22:04 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 03142.29.zip\jkhhe.dll" file.  
2/2/2008 3:22:05 PM   Administrator   1164   Sign of "Win32:AutoRun-OM [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\d.com" file.  
2/2/2008 3:22:06 PM   Administrator   1164   Sign of "Win32:AutoRun-OK [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\juok3st.bat" file.  
2/2/2008 3:22:07 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAA [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\m1t8ta.com" file.  
2/2/2008 3:22:07 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVY [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\n1deiect.com" file.  
2/2/2008 3:22:08 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVH [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\nideiect.com" file.  
2/2/2008 3:22:09 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\ntde1ect.com" file.  
2/2/2008 3:22:09 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\qd.cmd\[Embedded#1a650]" file.  
2/2/2008 3:22:10 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\qd.cmd" file.  
2/2/2008 3:22:11 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\tio8x6.cmd" file.  
2/2/2008 3:22:11 PM   Administrator   1164   Sign of "Win32:Agent-PSQ [Rtk]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\usdeiect.com" file.  
2/2/2008 3:22:12 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\xn1i9x.com\[Embedded#1a7c8]" file.  
2/2/2008 3:22:14 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\xn1i9x.com" file.  
2/2/2008 3:22:14 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\xo8wr9.exe\[Embedded#1a828]" file.  
2/2/2008 3:22:15 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\xo8wr9.exe" file.  
2/2/2008 3:22:16 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\qd.cmd.1\[Embedded#1a650]" file.  
2/2/2008 3:22:16 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip\qd.cmd.1" file.  
2/2/2008 3:22:17 PM   Administrator   1164   Sign of "Win32:AutoRun-OM [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_ 13419.00.zip" file.  
2/2/2008 3:22:18 PM   Administrator   1164   Sign of "Win32:AutoRun-OM [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\d.com" file.  
2/2/2008 3:22:19 PM   Administrator   1164   Sign of "Win32:AutoRun-OK [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\juok3st.bat" file.  
2/2/2008 3:22:19 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAA [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\m1t8ta.com" file.  
2/2/2008 3:22:21 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVY [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\n1deiect.com" file.  
2/2/2008 3:22:22 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVH [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\nideiect.com" file.  
2/2/2008 3:22:22 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\ntde1ect.com" file.  
2/2/2008 3:22:23 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\qd.cmd\[Embedded#1a650]" file.  
2/2/2008 3:22:24 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\qd.cmd" file.  
2/2/2008 3:22:24 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\tio8x6.cmd" file.  
2/2/2008 3:22:25 PM   Administrator   1164   Sign of "Win32:Agent-PSQ [Rtk]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\usdeiect.com" file.  
2/2/2008 3:22:26 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\xn1i9x.com\[Embedded#1a7c8]" file.  
2/2/2008 3:22:26 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\xn1i9x.com" file.  
2/2/2008 3:22:27 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\xo8wr9.exe\[Embedded#1a828]" file.  
2/2/2008 3:22:28 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\xo8wr9.exe" file.  
2/2/2008 3:22:28 PM   Administrator   1164   Sign of "Win32:AutoRun-OK [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\juok3st.bat.1" file.  
2/2/2008 3:22:29 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAA [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\m1t8ta.com.1" file.  
2/2/2008 3:22:30 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\qd.cmd.1\[Embedded#1a650]" file.  
2/2/2008 3:22:30 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\qd.cmd.1" file.  
2/2/2008 3:22:31 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\xn1i9x.com.1\[Embedded#1a7c8]" file.  
2/2/2008 3:22:31 PM   Administrator   1164   Sign of "Win32:Agent-PSG [Drp]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip\xn1i9x.com.1" file.  
2/2/2008 3:22:32 PM   Administrator   1164   Sign of "Win32:AutoRun-OM [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-01-29_221617.40.zip" file.  
2/2/2008 3:22:38 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000785.com" file.  
2/2/2008 3:22:47 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000802.dll" file.  
2/2/2008 3:22:51 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000804.com" file.  
2/2/2008 3:22:52 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000815.dll" file.  
2/2/2008 3:22:53 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000817.com" file.  
2/2/2008 3:22:54 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000828.dll" file.  
2/2/2008 3:22:55 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000830.com" file.  
2/2/2008 3:22:56 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000841.dll" file.  
2/2/2008 3:22:57 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000843.com" file.  
2/2/2008 3:22:58 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000857.dll" file.  
2/2/2008 3:22:58 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000859.com" file.  
2/2/2008 3:22:59 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000870.dll" file.  
2/2/2008 3:23:00 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000872.com" file.  
2/2/2008 3:23:00 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000883.dll" file.  
2/2/2008 3:23:01 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP10\A0000885.com" file.  
2/2/2008 3:23:02 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP11\A0000888.com" file.  
2/2/2008 3:23:50 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002405.dll" file.  
2/2/2008 3:23:57 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002409.com" file.  
2/2/2008 3:23:58 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002413.exe" file.  
2/2/2008 3:23:59 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002428.dll" file.  
2/2/2008 3:23:59 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002430.com" file.  
2/2/2008 3:24:00 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002431.com" file.  
2/2/2008 3:24:01 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002436.exe" file.  
2/2/2008 3:24:01 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002438.exe" file.  
2/2/2008 3:24:02 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002455.dll" file.  
2/2/2008 3:24:03 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002459.com" file.  
2/2/2008 3:24:04 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002460.com" file.  
2/2/2008 3:24:04 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002463.exe" file.  
2/2/2008 3:24:05 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002464.exe" file.  
2/2/2008 3:24:06 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002490.dll" file.  
2/2/2008 3:24:07 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002492.com" file.  
2/2/2008 3:24:08 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002493.com" file.  
2/2/2008 3:24:09 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002498.exe" file.  
2/2/2008 3:24:10 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002515.dll" file.  
2/2/2008 3:24:11 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002516.com" file.  
2/2/2008 3:24:11 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002518.com" file.  
2/2/2008 3:24:12 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP12\A0002521.exe" file.  
2/2/2008 3:24:13 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP13\A0002524.com" file.  
2/2/2008 3:24:15 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP13\A0002554.dll" file.  
2/2/2008 3:24:15 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP13\A0002556.com" file.  
2/2/2008 3:24:16 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP13\A0002557.com" file.  
2/2/2008 3:24:18 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP14\A0002582.dll" file.  
2/2/2008 3:24:18 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP14\A0002584.com" file.  
2/2/2008 3:24:19 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP14\A0002585.com" file.  
2/2/2008 3:24:20 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP14\A0002589.exe" file.  
2/2/2008 3:24:21 PM   Administrator   1164   Sign of "Win32:OnLineGames-BRH [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP14\A0002590.dll" file.  
2/2/2008 3:24:23 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP14\A0002665.dll" file.  
2/2/2008 3:24:24 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP14\A0002669.com" file.  
2/2/2008 3:24:25 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVH [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002687.com" file.  
2/2/2008 3:24:26 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002689.com" file.  
2/2/2008 3:24:27 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002715.dll" file.  
2/2/2008 3:24:28 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002716.dll" file.  
2/2/2008 3:24:29 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002718.com" file.  
2/2/2008 3:24:30 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVH [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002720.com" file.  
2/2/2008 3:24:30 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVH [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002724.exe" file.  
2/2/2008 3:24:31 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002725.dll" file.  
2/2/2008 3:24:32 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002741.dll" file.  
2/2/2008 3:24:37 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP15\A0002745.com" file.  
2/2/2008 3:24:38 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP16\A0002765.com" file.  
2/2/2008 3:24:49 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002874.dll" file.  
2/2/2008 3:24:56 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002879.com" file.  
2/2/2008 3:24:59 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002899.dll" file.  
2/2/2008 3:25:04 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002901.com" file.  
2/2/2008 3:25:05 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002927.dll" file.  
2/2/2008 3:25:05 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002929.com" file.  
2/2/2008 3:25:06 PM   Administrator   1164   Sign of "Win32:WOW-FWN [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002951.dll" file.  
2/2/2008 3:25:07 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002952.dll" file.  
2/2/2008 3:25:08 PM   Administrator   1164   Sign of "Win32:OnLineGames-BRI [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002954.com" file.  
2/2/2008 3:25:08 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002955.com" file.  
2/2/2008 3:25:09 PM   Administrator   1164   Sign of "Win32:OnLineGames-BRI [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP17\A0002961.exe" file.  
2/2/2008 3:25:10 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0002985.com" file.  
2/2/2008 3:25:13 PM   Administrator   1164   Sign of "Win32:OnLineGames-BRI [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0002987.com" file.  
2/2/2008 3:25:14 PM   Administrator   1164   Sign of "Win32:WOW-FWN [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003003.dll" file.  
2/2/2008 3:25:14 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003004.dll" file.  
2/2/2008 3:25:15 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003006.com" file.  
2/2/2008 3:25:16 PM   Administrator   1164   Sign of "Win32:OnLineGames-BRI [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003007.com" file.  
2/2/2008 3:25:16 PM   Administrator   1164   Sign of "Win32:OnLineGames-BRI [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003012.exe" file.  
2/2/2008 3:25:18 PM   Administrator   1164   Sign of "Win32:WOW-FWN [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003029.dll" file.  
2/2/2008 3:25:18 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003030.dll" file.  
2/2/2008 3:25:19 PM   Administrator   1164   Sign of "Win32:OnLineGames-BRI [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003032.com" file.  
2/2/2008 3:25:20 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003034.com" file.  
2/2/2008 3:25:21 PM   Administrator   1164   Sign of "Win32:OnLineGames-BRI [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003037.exe" file.  
2/2/2008 3:25:21 PM   Administrator   1164   Sign of "Win32:WOW-FWN [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003038.dll" file.  
2/2/2008 3:25:22 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003054.dll" file.  
2/2/2008 3:25:23 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003057.com" file.  
2/2/2008 3:25:23 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVK [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP18\A0003062.dll" file.  
2/2/2008 3:25:25 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP19\A0003077.com" file.  
2/2/2008 3:25:26 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP19\A0003100.dll" file.  
2/2/2008 3:25:26 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP19\A0003102.com" file.  
2/2/2008 3:25:27 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVK [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP19\A0003120.dll" file.  
2/2/2008 3:25:29 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP19\A0003174.dll" file.  
2/2/2008 3:25:30 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP19\A0003177.com" file.  
2/2/2008 3:25:32 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP20\A0003213.com" file.  
2/2/2008 3:25:34 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP21\A0003254.com" file.  
2/2/2008 3:25:41 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP22\A0003266.com" file.  
2/2/2008 3:25:42 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP23\A0003268.com" file.  
2/2/2008 3:25:57 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP23\A0003430.dll" file.  
2/2/2008 3:26:02 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP23\A0003431.dll" file.  
2/2/2008 3:26:03 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP23\A0003435.com" file.  
2/2/2008 3:26:05 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP24\A0003472.dll" file.  
2/2/2008 3:26:06 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP24\A0003473.dll" file.  
2/2/2008 3:26:09 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP24\A0003479.com" file.  
2/2/2008 3:26:10 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP24\A0003484.dll" file.  
2/2/2008 3:26:21 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP24\A0003564.dll" file.  
2/2/2008 3:26:29 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP24\A0003565.dll" file.  
2/2/2008 3:26:29 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSQ [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP24\A0003569.com" file.  
2/2/2008 3:26:30 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP24\A0003573.dll" file.  
2/2/2008 3:26:35 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003795.dll" file.  
2/2/2008 3:26:36 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003801.dll" file.  
2/2/2008 3:26:36 PM   Administrator   1164   Sign of "Win32:Nilage-LK [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003814.com" file.  
2/2/2008 3:26:37 PM   Administrator   1164   Sign of "Win32:Nilage-LK [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003817.exe" file.  
2/2/2008 3:26:38 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVY [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003828.com" file.  
2/2/2008 3:26:39 PM   Administrator   1164   Sign of "Win32:WOW-JT [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003841.dll" file.  
2/2/2008 3:26:39 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVY [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003843.com" file.  
2/2/2008 3:26:40 PM   Administrator   1164   Sign of "Win32:OnLineGames-BVY [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003846.exe" file.  
2/2/2008 3:26:40 PM   Administrator   1164   Sign of "Win32:WOW-JT [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003847.dll" file.  
2/2/2008 3:26:41 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSV [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003857.com" file.  
2/2/2008 3:26:41 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSV [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003862.exe" file.  
2/2/2008 3:26:42 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003863.dll" file.  
2/2/2008 3:26:43 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSX [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003874.com" file.  
2/2/2008 3:26:43 PM   Administrator   1164   Sign of "Win32:WOW-JU [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003887.dll" file.  
2/2/2008 3:26:44 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSX [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003889.com" file.  
2/2/2008 3:26:44 PM   Administrator   1164   Sign of "Win32:OnLineGames-BSX [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003892.exe" file.  
2/2/2008 3:26:45 PM   Administrator   1164   Sign of "Win32:WOW-JU [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003893.dll" file.  
2/2/2008 3:26:47 PM   Administrator   1164   Sign of "Win32:AutoRun-NP [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003931.com" file.  
2/2/2008 3:26:48 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003940.dll" file.  
2/2/2008 3:26:49 PM   Administrator   1164   Sign of "Win32:AutoRun-NP [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003943.com" file.  
2/2/2008 3:26:50 PM   Administrator   1164   Sign of "Win32:AutoRun-NP [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003947.exe" file.  
2/2/2008 3:26:50 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP25\A0003948.dll" file.  
2/2/2008 3:26:51 PM   Administrator   1164   Sign of "Win32:AutoRun-NQ [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP26\A0003951.com" file.  
2/2/2008 3:26:52 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP26\A0003970.dll" file.  
2/2/2008 3:26:52 PM   Administrator   1164   Sign of "Win32:AutoRun-NQ [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP26\A0003972.com" file.  
2/2/2008 3:26:53 PM   Administrator   1164   Sign of "Win32:AutoRun-NQ [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP26\A0003976.exe" file.  
2/2/2008 3:26:57 PM   Administrator   1164   Sign of "Win32:Agent-PSQ [Rtk]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP29\A0004107.com" file.  
2/2/2008 3:27:00 PM   Administrator   1164   Sign of "Win32:Agent-PSQ [Rtk]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP30\A0004114.com" file.  
2/2/2008 3:27:01 PM   Administrator   1164   Sign of "Win32:Agent-PSQ [Rtk]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP30\A0004132.com" file.  
2/2/2008 3:27:01 PM   Administrator   1164   Sign of "Win32:Agent-PSQ [Rtk]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP30\A0004136.exe" file.  
2/2/2008 3:27:03 PM   Administrator   1164   Sign of "Win32:AutoRun-LX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP32\A0005182.com" file.  
2/2/2008 3:27:04 PM   Administrator   1164   Sign of "Win32:AutoRun-LX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP32\A0005202.com" file.  
2/2/2008 3:27:04 PM   Administrator   1164   Sign of "Win32:AutoRun-LX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP32\A0005220.com" file.  
2/2/2008 3:27:05 PM   Administrator   1164   Sign of "Win32:AutoRun-LX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP32\A0005224.exe" file.  
2/2/2008 3:27:05 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP33\A0005226.exe" file.  
2/2/2008 3:27:06 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP34\A0005232.exe" file.  
2/2/2008 3:27:06 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP36\A0005236.exe" file.  
2/2/2008 3:27:07 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP38\A0005240.exe" file.  
2/2/2008 3:27:07 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP39\A0005248.exe" file.  
2/2/2008 3:27:08 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP40\A0005251.exe" file.  
2/2/2008 3:27:09 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP40\A0005285.exe" file.  
2/2/2008 3:27:10 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP40\A0005317.exe" file.  
2/2/2008 3:27:10 PM   Administrator   1164   Sign of "Win32:OnLineGames-BTB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP40\A0005319.exe" file.  
2/2/2008 3:27:12 PM   Administrator   1164   Sign of "Win32:AutoRun-MH [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP42\A0005354.bat" file.  
2/2/2008 3:27:12 PM   Administrator   1164   Sign of "Win32:AutoRun-MH [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP42\A0005381.bat" file.  
2/2/2008 3:27:13 PM   Administrator   1164   Sign of "Win32:AutoRun-MH [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP42\A0005385.exe" file.  
2/2/2008 3:27:17 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP43\A0005430.cmd" file.  
2/2/2008 3:27:18 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP43\A0005457.cmd" file.  
2/2/2008 3:27:19 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP43\A0005475.cmd" file.  
2/2/2008 3:27:19 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP43\A0005491.cmd" file.  
2/2/2008 3:27:19 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP43\A0005495.exe" file.  
2/2/2008 3:27:20 PM   Administrator   1164   Sign of "Win32:AutoRun-OX [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP43\A0005497.com" file.  
2/2/2008 3:27:42 PM   Administrator   1164   Sign of "Win32:AutoRun-ON [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP45\A0005666.com" file.  
2/2/2008 3:27:46 PM   Administrator   1164   Sign of "Win32:AutoRun-ON [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP45\A0005670.exe" file.  
2/2/2008 3:27:50 PM   Administrator   1164   Sign of "Win32:OnLineGames-BZN [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP46\A0005752.dll" file.  
2/2/2008 3:27:52 PM   Administrator   1164   Sign of "Win32:AutoRun-OM [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP46\A0005787.com" file.  
2/2/2008 3:27:53 PM   Administrator   1164   Sign of "Win32:AutoRun-OM [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP46\A0005791.exe" file.  
2/2/2008 3:27:53 PM   Administrator   1164   Sign of "Win32:AutoRun-OW [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP46\A0005792.dll" file.  
2/2/2008 3:27:59 PM   Administrator   1164   Sign of "Win32:AutoRun-OK [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0005961.bat" file.  
2/2/2008 3:28:07 PM   Administrator   1164   Sign of "Win32:AutoRun-OK [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0005996.bat" file.  
2/2/2008 3:28:08 PM   Administrator   1164   Sign of "Win32:AutoRun-OK [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006000.exe" file.  
2/2/2008 3:28:08 PM   Administrator   1164   Sign of "Win32:AutoRun-PB [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006001.dll" file.  
2/2/2008 3:28:09 PM   Administrator   1164   Sign of "Win32:AutoRun-PB [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006011.dll" file.  
2/2/2008 3:28:09 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAA [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006012.com" file.  
2/2/2008 3:28:10 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006024.dll" file.  
2/2/2008 3:28:10 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAA [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006026.com" file.  
2/2/2008 3:28:11 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006042.dll" file.  
2/2/2008 3:28:11 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAA [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006044.com" file.  
2/2/2008 3:28:11 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAA [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006050.exe" file.  
2/2/2008 3:28:12 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP48\A0006051.dll" file.  
2/2/2008 3:28:13 PM   Administrator   1164   Sign of "Win32:OnLineGames-CAB [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP49\A0006072.dll" file.  
2/2/2008 3:28:16 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP5\A0000184.dll" file.  
2/2/2008 3:28:29 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP5\A0000370.dll" file.  
2/2/2008 3:28:34 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP5\A0000387.dll" file.  
2/2/2008 3:28:37 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP5\A0000439.dll" file.  
2/2/2008 3:28:38 PM   Administrator   1164   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP5\A0000461.dll" file.  
2/2/2008 3:28:40 PM   Administrator   1164   Sign of "Win32:AutoRun-PD [Wrm]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP51\A0006171.dll" file.  
2/2/2008 3:28:44 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006253.com\[Embedded#1a83c]" file.  
2/2/2008 3:28:45 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006270.exe\[Embedded#11550]" file.  
2/2/2008 3:28:46 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006271.exe\[Embedded#19ea0]" file.  
2/2/2008 3:28:47 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006273.exe\[Embedded#16b020]" file.  
2/2/2008 3:28:47 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006274.EXE\[Embedded#0ef30]" file.  
2/2/2008 3:28:48 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006276.exe\[Embedded#13bf68]" file.  
2/2/2008 3:28:49 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006277.exe\[Embedded#1a83c]" file.  
2/2/2008 3:28:49 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006278.exe\[Embedded#3bde0]" file.  
2/2/2008 3:28:50 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006279.exe\[Embedded#11de0]" file.  
2/2/2008 3:28:50 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006280.exe\[Embedded#0b9f00]" file.  
2/2/2008 3:28:51 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006281.exe\[Embedded#3ef00]" file.  
2/2/2008 3:28:51 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006282.exe\[Embedded#26d20]" file.  
2/2/2008 3:28:52 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006283.exe\[Embedded#2cd50]" file.  
2/2/2008 3:28:52 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006284.exe\[Embedded#213a0]" file.  
2/2/2008 3:28:53 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006285.EXE\[Embedded#0bea0]" file.  
2/2/2008 3:28:53 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006286.exe\[Embedded#0cd20]" file.  
2/2/2008 3:28:54 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006287.EXE\[Embedded#16de0]" file.  
2/2/2008 3:28:54 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006288.exe\[Embedded#098e8]" file.  
2/2/2008 3:28:55 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006289.exe\[Embedded#0cdb0]" file.  
2/2/2008 3:28:55 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006290.exe\[Embedded#144a8]" file.  
2/2/2008 3:28:56 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006291.exe\[Embedded#46f60]" file.  
2/2/2008 3:28:56 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006292.exe\[Embedded#4220c]" file.  
2/2/2008 3:28:56 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006293.exe\[Embedded#00cdc]" file.  
2/2/2008 3:28:57 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006296.exe\[Embedded#049b0]" file.  
2/2/2008 3:28:57 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006297.com\[Embedded#1a83c]" file.  
2/2/2008 3:28:58 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006299.exe\[Embedded#049b0]" file.  
2/2/2008 3:28:59 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006319.exe\[Embedded#11550]" file.  
2/2/2008 3:28:59 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006321.exe\[Embedded#19ea0]" file.  
2/2/2008 3:29:01 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006322.exe\[Embedded#16b020]" file.  
2/2/2008 3:29:01 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006323.EXE\[Embedded#0ef30]" file.  
2/2/2008 3:29:02 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006326.exe\[Embedded#1a83c]" file.  
2/2/2008 3:29:02 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006327.exe\[Embedded#3bde0]" file.  
2/2/2008 3:29:03 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006328.exe\[Embedded#11de0]" file.  
2/2/2008 3:29:03 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006329.exe\[Embedded#0b9f00]" file.  
2/2/2008 3:29:04 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006330.exe\[Embedded#3ef00]" file.  
2/2/2008 3:29:04 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006331.exe\[Embedded#26d20]" file.  
2/2/2008 3:29:05 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006332.exe\[Embedded#2cd50]" file.  
2/2/2008 3:29:05 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006333.exe\[Embedded#213a0]" file.  
2/2/2008 3:29:06 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006334.EXE\[Embedded#0bea0]" file.  
2/2/2008 3:29:06 PM   Administrator   1164   Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{40A9FE23-7728-40A3-A0D6-E183A3548376}\RP53\A0006335.exe\[Embedded#0cd20]" file.  
2/2/2008 3:29:07 PM   Administrator   1164   Sign of "Win32:TratBHO [T

[guestolo]

Most of the files found are harmless for now, unless you try to use System Restore to an infected point
How are things now running to this point?

Did you run Avenger on this computer, possibly advised by someone else to do so?

[ixjerryxi]

[quote name=\'guestolo\' post=\'420863\' date=\'Feb 4 2008, 08:12 PM\']Most of the files found are harmless for now, unless you try to use System Restore to an infected point
How are things now running to this point?

Did you run Avenger on this computer, possibly advised by someone else to do so?[/quote]


yeah I was told to run avenger by another forum before coming to this forum.  Things are running fine now, except that the printer driver still reinstalls itself at startup.  Also my roxio easy cd creator and my microsoft active sync when I plug in my cell phone.  Other then that my computer is fine.  Is it safe to use my computer now?  I still haven't solve the problem with my flashdrive.  Will I have to format it? Is there anyway to recover the data on it?