PDA

View Full Version : Virtumonde is at it again!



gec1030
2008-05-15, 23:20
HijackThis LogFile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:10 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\AirPort\APAgent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\AirPort\APAgent .exe
C:\WINDOWS\system32\ezSP_Px .exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\tustt.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34907F86-EC03-4994-B969-8C24A80FD495} - (no file)
O2 - BHO: (no name) - {386F2768-7CE4-4199-9BE1-4B4C1FAFD288} - C:\WINDOWS\system32\tustt.dll (file missing)
O2 - BHO: (no name) - {3de14fae-96af-415d-9323-86ebd5a3a8ad} - (no file)
O2 - BHO: (no name) - {4d35a57d-b630-4321-95f0-df881ba78df8} - (no file)
O2 - BHO: (no name) - {5297CA38-AC51-4A08-A339-C1984120DE53} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53D54B61-6A2E-4FBB-8753-74B61EA29934} - (no file)
O2 - BHO: {77e776d1-8c8b-5178-ed04-0fdf02811506} - {60511820-fdf0-40de-8715-b8c81d677e77} - C:\WINDOWS\system32\hwanbppd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7686ab61-2568-4acd-b6e5-2d2240d2accd} - (no file)
O2 - BHO: (no name) - {849C373C-A24A-4BCB-BEDA-A6E1E772A1AC} - (no file)
O2 - BHO: (no name) - {9E019B2C-560F-4ADE-AB04-252E00BEF837} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF849ED0-66ED-48EA-A956-E5F96D8636D6} - (no file)
O2 - BHO: (no name) - {C2DB8110-8A1D-4FEC-A7EC-C5967A49A4F1} - (no file)
O2 - BHO: (no name) - {CEA23D76-8D19-4B32-8425-005971DE976C} - (no file)
O2 - BHO: (no name) - {D2EBA1CA-3BE7-4697-A4EC-9DD6529302AF} - (no file)
O2 - BHO: (no name) - {e719c49b-7f9a-43ea-b410-c8853a765a7d} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BMbfc5ef27] Rundll32.exe "C:\WINDOWS\system32\ajbcthwe.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7571] command /c del "C:\WINDOWS\system32\tustt.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2110] cmd /c del "C:\WINDOWS\system32\tustt.dll_old"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB949] command /c del "C:\WINDOWS\system32\tustt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5724] cmd /c del "C:\WINDOWS\system32\tustt.dll_old"
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200968810483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200968748714
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: byxwwvu - byxwwvu.dll (file missing)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.thehealthcarenet.com/IMAGES/ACC_1-58779-805-0.jpg

--
End of file - 11265 bytes

------


I was taking a quick look at all of the logs and it seemed that Virtumonde isn't my only problem! But whenever I run Spybot, Virtumonde and Virtumonde DLLs are all that I find. I tried running Spybot in Safe Mode, but I couldn't access safe mode. My logs were too long so I'll put my Kaspersky in Post #2.

Thank you in advance for all your help!

gec1030
2008-05-15, 23:22
-------------------------

Kaspersky Online Scanner Log:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 15, 2008 8:02:32 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/05/2008
Kaspersky Anti-Virus database records: 774093
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 55905
Number of viruses found: 134
Number of infected objects: 631
Number of suspicious objects: 0
Duration of the scan process: 10:30:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/viruxz.dll Infected: not-virus:Hoax.Win32.Renos.dp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/popinstall.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde15.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde20.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde20.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde23.zip/tustt.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde25.zip/tustt.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde26.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde26.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde30.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde30.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde31.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde31.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde32.zip/tustt.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde32.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde36.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde36.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde40.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde40.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde44.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde44.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde45.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde45.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde49.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde49.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde53.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde53.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde57.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde57.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde61.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde61.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde65.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde65.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde68.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde68.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde71.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde71.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde74.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde74.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip/fxgraybm.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll1.zip/ypolhwet.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll10.zip/agaopuhu.dll Infected: Trojan.Win32.Monder.au skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip/ambqfhtk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip/angynbki.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qoy skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip/aqrplgyw.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip/axyflstq.dll Infected: Trojan.Win32.Monder.cm skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip/ayaeqrsg.dll Infected: Trojan.Win32.Monder.au skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip/aywytgud.dll Infected: Trojan.Win32.Monder.ad skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll17.zip/baadfrjl.dll Infected: Trojan.Win32.Monder.aw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll18.zip/bahairyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pil skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll18.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll19.zip/beijofex.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip/aaexutnp.dll Infected: Trojan.Win32.Monder.au skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll20.zip/bgdmqdeq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll20.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll21.zip/bgwikspr.dll Infected: Trojan.Win32.Monder.ai skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll22.zip/bidlbohv.dll Infected: Trojan.Win32.Monder.at skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll23.zip/bnoyossc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll24.zip/cbpvxxdl.dll Infected: Trojan.Win32.Monder.bw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll24.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll25.zip/ccndxapj.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll26.zip/ceipgqju.dll Infected: Trojan.Win32.Monder.br skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll26.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll27.zip/ckalipai.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll27.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll28.zip/cmpgelem.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpb skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll28.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll29.zip/cngkvavb.dll Infected: Trojan.Win32.Monder.aw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll29.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip/aapqbnjc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll30.zip/cnwwtsnh.dll Infected: Trojan.Win32.Monder.aw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll30.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll31.zip/cpgkhkpg.dll Infected: Trojan.Win32.Monder.v skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll31.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll32.zip/ctqsvlhj.dll Infected: Trojan.Win32.Monder.bw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll32.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll33.zip/ctxsjoxc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll33.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll34.zip/daqwkugi.dll Infected: Trojan.Win32.Monder.au skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll34.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll35.zip/dcrbfoxx.dll Infected: Trojan.Win32.Monder.bx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll35.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll36.zip/djsomvkg.dll Infected: Trojan.Win32.Monder.p skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll36.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip/aapqbnjc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip/aapqbnjc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip/adkficap.dll Infected: Trojan.Win32.Monder.bs skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip/aevplgia.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll8.zip/afajqdnm.dll Infected: Trojan.Win32.Monder.bw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip/afnbfyik.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip/winable.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl7.zip/Dot1XCfg.exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\ntuser.dat Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Gary\.jpi_cache\file\1.0\Dummy.class-54303564-4f063d22.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\Gary\.jpi_cache\file\1.0\VerifierBug.class-62b5f03a-7d414e92.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Gary\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Gary\Incomplete\Preview-T-3545425-havana soundtrack.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\History\History.IE5\MSHist012008051420080515\index.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\Temp\Perflib_Perfdata_f28.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\Temp\RCX1E.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Gary\Local Settings\Temp\RCX1EE.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Gary\Local Settings\Temp\RCX203.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Gary\Local Settings\Temp\RCX22A.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Gary\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gary\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Gary\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Inetpub\catalog.wci\00000002.ps1 Object is locked skipped
C:\Inetpub\catalog.wci\00000002.ps2 Object is locked skipped
C:\Inetpub\catalog.wci\00010002.ci Object is locked skipped
C:\Inetpub\catalog.wci\cicat.fid Object is locked skipped
C:\Inetpub\catalog.wci\cicat.hsh Object is locked skipped
C:\Inetpub\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiP10000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiP20000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiST0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\INDEX.000 Object is locked skipped
C:\Inetpub\catalog.wci\propstor.bk1 Object is locked skipped
C:\Inetpub\catalog.wci\propstor.bk2 Object is locked skipped
C:\Program Files\AirPort\APAgent.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Infected: Trojan-Dropper.Win32.Small.ge skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Gary.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Gary.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Gary.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010008.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090932.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090933.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090936.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090955.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090957.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090958.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090959.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090961.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090980.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP547\A0090982.dll Infected: Trojan.Win32.Monder.au skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP548\A0091060.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP548\A0091061.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP548\A0091064.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP548\A0091072.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP548\A0091074.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP548\A0091075.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP548\A0091076.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP548\A0091078.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0091222.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0091223.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0091318.dll Infected: Trojan.Win32.Monder.df skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0091328.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0091330.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0091331.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0091332.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0091335.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0092324.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0092325.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0092329.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0092358.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093327.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093328.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093340.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093342.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093343.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093344.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093346.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093363.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093364.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093367.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093405.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093407.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093408.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093409.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093420.dll Infected: Trojan.Win32.Monder.dj skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093424.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093426.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093427.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0093428.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094427.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094428.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094491.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094492.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094494.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094495.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094496.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094497.dll Infected: Trojan.Win32.Monder.bw skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094498.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094499.dll Infected: Trojan.Win32.Monder.au skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094500.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094501.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qoy skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094502.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094503.dll Infected: Trojan.Win32.Monder.cm skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094504.dll Infected: Trojan.Win32.Monder.au skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094505.dll Infected: Trojan.Win32.Monder.ad skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094506.dll Infected: Trojan.Win32.Monder.aw skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094507.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pil skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094508.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094509.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094510.dll Infected: Trojan.Win32.Monder.ai skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094511.dll Infected: Trojan.Win32.Monder.at skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094512.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094513.dll Infected: Trojan.Win32.Monder.bw skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094514.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094515.dll Infected: Trojan.Win32.Monder.br skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094516.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094517.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpb skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094518.dll Infected: Trojan.Win32.Monder.aw skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094519.dll Infected: Trojan.Win32.Monder.aw skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094520.dll Infected: Trojan.Win32.Monder.v skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094521.dll Infected: Trojan.Win32.Monder.bw skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094522.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094523.dll Infected: Trojan.Win32.Monder.au skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094524.dll Infected: Trojan.Win32.Monder.bx skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094525.dll Infected: Trojan.Win32.Monder.p skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094527.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094528.dll Infected: Trojan.Win32.Monder.ck skipped

gec1030
2008-05-15, 23:23
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094529.dll Infected: Trojan.Win32.Monder.ai skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094530.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094531.dll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094532.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094534.dll Infected: Trojan.Win32.Monder.p skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094535.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094536.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094537.dll Infected: Trojan.Win32.Monder.cs skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094538.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094539.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094540.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094541.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094542.dll Infected: Trojan.Win32.Monder.cs skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094543.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094544.dll Infected: Trojan.Win32.Monder.x skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094545.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094546.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094547.dll Infected: Trojan.Win32.Monder.au skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094548.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\A0094549.dll Infected: Trojan.Win32.Monder.ai skipped
C:\System Volume Information\_restore{D9F925E7-D806-4652-BE48-EA4C7EBD658B}\RP549\change.log Object is locked skipped
C:\WINDOWS\96wu19rd.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h skipped
C:\WINDOWS\bundles\setup_silent_14765.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\WINDOWS\bundles\setup_silent_14765.exe AWInstall: infected - 1 skipped
C:\WINDOWS\bundles\setup_silent_14765.exe UPX: infected - 1 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped
C:\WINDOWS\launchurl.exe Infected: Trojan.Win32.Zapchast skipped
C:\WINDOWS\mrofinu72.exe.tmp Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bcvvskmv.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\bH.dll Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\WINDOWS\system32\calsdr.exe Infected: Trojan-Dropper.Win32.Small.ff skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\dbbrq.exe Infected: Backdoor.Win32.Agent.ec skipped
C:\WINDOWS\system32\dkafpiyf.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\eaqctvno.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\egfjromb.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\elvcvdxb.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\eopmdpwi.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\euwbsudw.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\euxuvxxj.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\exkywnxu.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\ezSP_Px.exe Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\system32\fcgbvjgv.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\fealiftd.dll Infected: Trojan.Win32.Monder.bs skipped
C:\WINDOWS\system32\fftiwewf.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\ffvandmc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\fgaafuly.dll Infected: Trojan.Win32.Monder.cl skipped
C:\WINDOWS\system32\fgbicrlf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qot skipped
C:\WINDOWS\system32\fgjdyppk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\fgvvspyd.dll Infected: Trojan.Win32.Monder.an skipped
C:\WINDOWS\system32\fhfjsyvo.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\fqakylmk.dll Infected: Trojan.Win32.Monder.cs skipped
C:\WINDOWS\system32\frbxjrnd.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\fseyyfra.dll Infected: Trojan.Win32.Monder.ag skipped
C:\WINDOWS\system32\fsjaxeum.dll Infected: Trojan.Win32.Monder.do skipped
C:\WINDOWS\system32\fsljrvoj.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\ftxpfgeg.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\fufgmvyo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\WINDOWS\system32\fxjkgyfo.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\gddpdtlj.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\gjlgucrf.dll Infected: Trojan.Win32.Monder.cj skipped
C:\WINDOWS\system32\gkckoidt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\goahmkye.dll Infected: Trojan.Win32.Monder.ab skipped
C:\WINDOWS\system32\goxcdkfr.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hdcxpobi.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\herqerxq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\hgaaemkf.dll Infected: Trojan.Win32.Monder.cd skipped
C:\WINDOWS\system32\hgfvfnfc.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\hgkysssm.dll Infected: Trojan.Win32.Monder.az skipped
C:\WINDOWS\system32\hivjmktf.dll Infected: Trojan.Win32.Monder.cc skipped
C:\WINDOWS\system32\hjggaojj.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\hjpmbcpn.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\hkresppo.dll Infected: Trojan.Win32.Monder.u skipped
C:\WINDOWS\system32\hlrheekx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\WINDOWS\system32\hqyhsoxo.dll Infected: Trojan.Win32.Monder.cf skipped
C:\WINDOWS\system32\huxdwuld.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\hywesiss.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\hywlvlee.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\iemktnmn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpi skipped
C:\WINDOWS\system32\iewghuaf.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ihkkstvo.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\ihlplxxb.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\in10b6s.dll Infected: Trojan-Dropper.Win32.Small.abe skipped
C:\WINDOWS\system32\ixdiggvd.dll Infected: Trojan.Win32.Monder.t skipped
C:\WINDOWS\system32\jbkosvma.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\WINDOWS\system32\jdrbbqqe.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\jefefqed.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qof skipped
C:\WINDOWS\system32\jekbttnj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\WINDOWS\system32\jeypuote.dll Infected: Trojan.Win32.Monder.ac skipped
C:\WINDOWS\system32\jggfotvc.dll Infected: Trojan.Win32.Monder.bs skipped
C:\WINDOWS\system32\jhlcvkvf.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\jjgssdos.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\jkvqsbfl.dll Infected: Trojan.Win32.Monder.cs skipped
C:\WINDOWS\system32\jllmjfmt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\jmjgdiiu.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\jnogoswe.dll Infected: Trojan.Win32.Monder.ax skipped
C:\WINDOWS\system32\jsrdgkjq.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\jtolhhpi.dll Infected: Trojan.Win32.Monder.s skipped
C:\WINDOWS\system32\kenkutfl.dll Infected: Trojan.Win32.Monder.bd skipped
C:\WINDOWS\system32\kesbehsq.dll Infected: Trojan.Win32.Monder.dk skipped
C:\WINDOWS\system32\kffnutna.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\kgwxokho.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qoh skipped
C:\WINDOWS\system32\khajyegc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\WINDOWS\system32\khqetugh.dll Infected: Trojan.Win32.Monder.ak skipped
C:\WINDOWS\system32\kiijlwxd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lub skipped
C:\WINDOWS\system32\kqgecfph.dll Infected: Trojan.Win32.Monder.bj skipped
C:\WINDOWS\system32\krxsbfcs.dll Infected: Trojan.Win32.Monder.bk skipped
C:\WINDOWS\system32\ktrorxwf.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\kybxqgrg.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\L3BCE.tmp/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\WINDOWS\system32\L3BCE.tmp NSIS: infected - 1 skipped
C:\WINDOWS\system32\lcumkwrx.dll Infected: Trojan.Win32.Monder.aw skipped
C:\WINDOWS\system32\LFA8C.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.q skipped
C:\WINDOWS\system32\LFA8C.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.bgv skipped
C:\WINDOWS\system32\LFA8C.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aev skipped
C:\WINDOWS\system32\LFA8C.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.aev skipped
C:\WINDOWS\system32\LFA8C.tmp NSIS: infected - 4 skipped
C:\WINDOWS\system32\lfrygnfg.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\lftuurxm.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\lgtihhgc.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\lhanyouc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\WINDOWS\system32\lilctuhn.dll Infected: Trojan.Win32.Monder.af skipped
C:\WINDOWS\system32\lklfwxgy.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\lpvwtygm.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\lqktohoe.dll Infected: Trojan.Win32.Monder.aw skipped
C:\WINDOWS\system32\luvshsey.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\lvafxpok.dll Infected: Trojan.Win32.Monder.ap skipped
C:\WINDOWS\system32\lxwdjgrw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qvn skipped
C:\WINDOWS\system32\lydcfqyi.dll Infected: Trojan.Win32.Monder.at skipped
C:\WINDOWS\system32\makstile.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\mdkujemj.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\WINDOWS\system32\mdlkpmfb.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\mdoshebl.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\meyafekl.dll Infected: Trojan.Win32.Monder.aq skipped
C:\WINDOWS\system32\mgddcnpt.dll Infected: Trojan.Win32.Monder.at skipped
C:\WINDOWS\system32\mgriypuc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\mjtbwinu.dll Infected: Trojan.Win32.Monder.ay skipped
C:\WINDOWS\system32\mnnllnnb.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\mqwekrwu.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\msbar.exe/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped
C:\WINDOWS\system32\msbar.exe/data0003/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped
C:\WINDOWS\system32\msbar.exe/data0003 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped
C:\WINDOWS\system32\msbar.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\msuabmfs.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\mtwirl.dll Infected: Trojan.Win32.StartPage.kv skipped
C:\WINDOWS\system32\nayomycc.dll Infected: Trojan.Win32.Monder.aj skipped
C:\WINDOWS\system32\nmlvadyu.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\nnapkiah.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\WINDOWS\system32\nnolpxes.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\nnuaxbix.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\npdypikh.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\nqptbfmj.dll Infected: Trojan.Win32.Monder.cs skipped
C:\WINDOWS\system32\nqyugjgd.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\nutraavf.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\nwkqmwtp.dll Infected: Trojan.Win32.Monder.bp skipped
C:\WINDOWS\system32\nxkdehie.dll Infected: Trojan.Win32.Monder.aw skipped
C:\WINDOWS\system32\nxuciidv.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\ocksidiv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pon skipped
C:\WINDOWS\system32\ohlmalmi.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\okekmatp.dll Infected: Trojan.Win32.Monder.cz skipped
C:\WINDOWS\system32\oqhbknxr.dll Infected: Trojan.Win32.Monder.cc skipped
C:\WINDOWS\system32\owvqtyyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qur skipped
C:\WINDOWS\system32\pfasmkca.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\pgqjyycq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qvg skipped
C:\WINDOWS\system32\phafgqqm.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\pjkjigag.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\plchyfdx.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\pmnxtkjg.dll Infected: Trojan.Win32.Monder.bg skipped
C:\WINDOWS\system32\pofmjeuo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrg skipped
C:\WINDOWS\system32\pvfqeseh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qvm skipped
C:\WINDOWS\system32\pvggbgnp.dll Infected: Trojan.Win32.Monder.at skipped
C:\WINDOWS\system32\pynlywba.dll Infected: Trojan.Win32.Monder.ce skipped
C:\WINDOWS\system32\pywmubna.dll Infected: Trojan.Win32.Monder.af skipped
C:\WINDOWS\system32\pyyngcue.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.okj skipped
C:\WINDOWS\system32\qcsjelno.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\WINDOWS\system32\qgahbtnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
C:\WINDOWS\system32\qprafpau.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\qpsoyudc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\qqpfkdhj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\WINDOWS\system32\qsrwpqvk.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\qujisnyf.dll Infected: Trojan.Win32.Monder.be skipped
C:\WINDOWS\system32\qyreuskq.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\rbjsklnv.dll Infected: Trojan.Win32.Monder.y skipped
C:\WINDOWS\system32\rfvhihjp.dll Infected: Trojan.Win32.Monder.aw skipped
C:\WINDOWS\system32\rgxwqfab.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\rhhcghmk.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\rieqfixv.dll Infected: Trojan.Win32.Monder.cq skipped
C:\WINDOWS\system32\rilabhtx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\rlgauseu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\WINDOWS\system32\rselryrf.dll Infected: Trojan.Win32.Monder.cd skipped
C:\WINDOWS\system32\ruvcpjjw.dll Infected: Trojan.Win32.Monder.cs skipped
C:\WINDOWS\system32\saemilan.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\samldumd.dll Infected: not-a-virus:AdWare.Win32.Agent.asj skipped
C:\WINDOWS\system32\seiofkir.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\sfbbivtc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssolnmsy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\WINDOWS\system32\ssreomad.dll Infected: Trojan.Win32.Monder.cs skipped
C:\WINDOWS\system32\stpbmuot.dll Infected: Trojan.Win32.Monder.bb skipped
C:\WINDOWS\system32\subujalg.dll Infected: Trojan.Win32.Monder.bs skipped
C:\WINDOWS\system32\svtcrjvm.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\sxpnlalv.dll Infected: Trojan.Win32.Monder.t skipped
C:\WINDOWS\system32\tcbwgfmx.dll Infected: Trojan.Win32.Monder.de skipped
C:\WINDOWS\system32\tcqcpnoa.dll Infected: Trojan.Win32.Monder.at skipped
C:\WINDOWS\system32\tivukofi.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\tknowamp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\WINDOWS\system32\tlwixoot.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\tneykyhx.dll Infected: Trojan.Win32.Monder.bm skipped
C:\WINDOWS\system32\tpcwinse.dll Infected: Trojan.Win32.Monder.cy skipped
C:\WINDOWS\system32\tskohyii.dll Infected: Trojan.Win32.Monder.cp skipped
C:\WINDOWS\system32\ttlqvhfq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\tubpjvom.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\tustt.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\tustt.exe Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\system32\txnwuvmn.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\tyxcmmut.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\tyyfmxra.dll Infected: Trojan.Win32.Monder.da skipped
C:\WINDOWS\system32\uacfmvyr.dll Infected: Trojan.Win32.Monder.an skipped
C:\WINDOWS\system32\ucpwalaw.dll Infected: Trojan.Win32.Monder.cs skipped
C:\WINDOWS\system32\udamognq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\uihhyhwx.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\umvhiwxx.dll Infected: Trojan.Win32.Monder.ao skipped
C:\WINDOWS\system32\unqaneqy.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\usiippuf.dll Infected: Trojan.Win32.Monder.cq skipped
C:\WINDOWS\system32\uvumgdxc.dll Infected: Trojan.Win32.Monder.bc skipped
C:\WINDOWS\system32\uxisemqw.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\uxwaxwhh.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\uybvgigx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lsa skipped
C:\WINDOWS\system32\vaakytvy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\vagdllhr.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\vkbjtnog.dll Infected: Trojan.Win32.Monder.aw skipped
C:\WINDOWS\system32\vskplccl.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\vxyvdkqg.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\vyrrlkpt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\warbqdiv.dll Infected: Trojan.Win32.Monder.cs skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wdogedoi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qok skipped
C:\WINDOWS\system32\wemexgdc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\WINDOWS\system32\weouhijg.dll Infected: Trojan.Win32.Monder.cw skipped
C:\WINDOWS\system32\wgqddbkt.dll Infected: Trojan.Win32.Monder.di skipped
C:\WINDOWS\system32\whevxqdy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\WINDOWS\system32\windump.exe Infected: not-a-virus:Monitor.Win32.EliteKeyLogger.25 skipped
C:\WINDOWS\system32\wkhwtbfy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\wknhmpwy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\wkywcskh.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\wmuucvpk.dll Infected: Trojan.Win32.Monder.cv skipped
C:\WINDOWS\system32\wosxdhtf.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\wsxharlu.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\wwgunyeh.dll Infected: Trojan.Win32.Monder.ah skipped
C:\WINDOWS\system32\xbqovqay.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\xdccltse.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\xefsbbam.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\xfcmhhpe.dll Infected: Trojan.Win32.Monder.bn skipped
C:\WINDOWS\system32\xfepecam.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\xgnrpbtm.dll Infected: Trojan.Win32.Monder.at skipped
C:\WINDOWS\system32\xicadcfi.dll Infected: Trojan.Win32.Monder.at skipped
C:\WINDOWS\system32\xprkoymn.dll Infected: Trojan.Win32.Monder.q skipped
C:\WINDOWS\system32\xyijbidq.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\ycuoexjn.dll Infected: Trojan.Win32.Monder.bf skipped
C:\WINDOWS\system32\yjrtidcd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jxa skipped
C:\WINDOWS\system32\ylqqlcrj.dll Infected: Trojan.Win32.Monder.ai skipped
C:\WINDOWS\system32\yocpfdnb.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\yoxunfjp.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\yscwqakc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qua skipped
C:\WINDOWS\system32\yttfnvix.dll Infected: Trojan.Win32.Monder.al skipped
C:\WINDOWS\system32\yxfaxyun.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\yyfiiydn.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped
C:\WINDOWS\unstall.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.a skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\Wrapper.exe Infected: Trojan-Dropper.Win32.Small.nm skipped

Scan process completed.



------------------


Sorry I took 3 posts to post all of my logs! Looks my computer is really, really not in good shape. Thank you all again!

Shaba
2008-05-20, 15:36
Hi gec1030

You are heavily infected.

Luckily there are not very dangerous infections present.

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

gec1030
2008-05-21, 01:48
When I ran ComboFix, it definitely took more than 20 minutes, so I tried ending processes. I only ended one because it was the only one I saw and it only showed up once. Even though I ended it, it still moved very, very slow. The process I ended was sed.cfexe.

Then after the reboot and stuff, when it was creating the log file, it took like 45 minutes and then it just quit. The screen just went away and I had to look and find the log file. I don't know if the log file is complete but I'll post it anyway:

ComboFix 08-05-19.4 - Gary 2008-05-20 17:28:37.1 - NTFSx86
Running from: G:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gary\Application Data\PPATCH~1
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Temporary
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\bundles
C:\WINDOWS\bundles\setup_silent_14765.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\fnts~1
C:\WINDOWS\pskt.ini
C:\WINDOWS\ssembl~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\abfkdlij.ini
C:\WINDOWS\system32\amvsokbj.ini
C:\WINDOWS\system32\bcvvskmv.dll
C:\WINDOWS\system32\bllihsgh.dll
C:\WINDOWS\system32\brbihgku.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cosyporg.ini
C:\WINDOWS\system32\cyfygeog.ini
C:\WINDOWS\system32\dbbkijjc.ini
C:\WINDOWS\system32\dfrahber.exe
C:\WINDOWS\system32\dkafpiyf.dll
C:\WINDOWS\system32\dluwdxuh.ini
C:\WINDOWS\system32\dyifmyqe.ini
C:\WINDOWS\system32\dypsvvgf.ini
C:\WINDOWS\system32\ebxrqawl.exe
C:\WINDOWS\system32\elrhilao.ini
C:\WINDOWS\system32\eqfvavov.ini
C:\WINDOWS\system32\eqqbbrdj.ini
C:\WINDOWS\system32\evdbcdhy.exe
C:\WINDOWS\system32\evljeujx.dll
C:\WINDOWS\system32\exkywnxu.dll
C:\WINDOWS\system32\ezSP_Px .exe
C:\WINDOWS\system32\fwlouyap.exe
C:\WINDOWS\system32\gakxhaia.exe
C:\WINDOWS\system32\gfngyrfl.ini
C:\WINDOWS\system32\gjihuoew.ini
C:\WINDOWS\system32\gjmodbvn.ini
C:\WINDOWS\system32\gkwfdgli.exe
C:\WINDOWS\system32\glfjvyqt.ini
C:\WINDOWS\system32\glyewmao.dll
C:\WINDOWS\system32\haikpann.ini
C:\WINDOWS\system32\hdcxpobi.dll
C:\WINDOWS\system32\herqerxq.dll
C:\WINDOWS\system32\hgaaemkf.dll
C:\WINDOWS\system32\hgfvfnfc.dll
C:\WINDOWS\system32\hgkysssm.dll
C:\WINDOWS\system32\hivjmktf.dll
C:\WINDOWS\system32\hjggaojj.dll
C:\WINDOWS\system32\hjpmbcpn.dll
C:\WINDOWS\system32\hkresppo.dll
C:\WINDOWS\system32\hlrheekx.dll
C:\WINDOWS\system32\hlskplfj.ini
C:\WINDOWS\system32\hqyhsoxo.dll
C:\WINDOWS\system32\huxdwuld.dll
C:\WINDOWS\system32\hvkwhmre.dll
C:\WINDOWS\system32\hwanbppd.dll
C:\WINDOWS\system32\hywesiss.dll
C:\WINDOWS\system32\hywlvlee.dll
C:\WINDOWS\system32\ibedncxl.ini
C:\WINDOWS\system32\iceaveab.ini
C:\WINDOWS\system32\iemktnmn.dll
C:\WINDOWS\system32\iewghuaf.dll
C:\WINDOWS\system32\ihkkstvo.dll
C:\WINDOWS\system32\ihlplxxb.dll
C:\WINDOWS\system32\ixdiggvd.dll
C:\WINDOWS\system32\jbkosvma.dll
C:\WINDOWS\system32\jdrbbqqe.dll
C:\WINDOWS\system32\jdviclws.ini
C:\WINDOWS\system32\jefefqed.dll
C:\WINDOWS\system32\jekbttnj.dll
C:\WINDOWS\system32\jeypuote.dll
C:\WINDOWS\system32\jhlcvkvf.dll
C:\WINDOWS\system32\jjgssdos.dll
C:\WINDOWS\system32\jkeqnlvs.ini
C:\WINDOWS\system32\jkvqsbfl.dll
C:\WINDOWS\system32\jllmjfmt.dll
C:\WINDOWS\system32\jmjgdiiu.dll
C:\WINDOWS\system32\jnogoswe.dll
C:\WINDOWS\system32\jsrdgkjq.dll
C:\WINDOWS\system32\jtolhhpi.dll
C:\WINDOWS\system32\jxayycuq.ini
C:\WINDOWS\system32\kenkutfl.dll
C:\WINDOWS\system32\kesbehsq.dll
C:\WINDOWS\system32\kffnutna.dll
C:\WINDOWS\system32\kgwxokho.dll
C:\WINDOWS\system32\khajyegc.dll
C:\WINDOWS\system32\khqetugh.dll
C:\WINDOWS\system32\kiijlwxd.dll
C:\WINDOWS\system32\kqgecfph.dll
C:\WINDOWS\system32\krmecpgm.exe
C:\WINDOWS\system32\krxsbfcs.dll
C:\WINDOWS\system32\ksmpigax.ini
C:\WINDOWS\system32\ktrorxwf.dll
C:\WINDOWS\system32\kybxqgrg.dll
C:\WINDOWS\system32\lcumkwrx.dll
C:\WINDOWS\system32\lcwfdkaw.ini
C:\WINDOWS\system32\lfrygnfg.dll
C:\WINDOWS\system32\lftuknek.ini
C:\WINDOWS\system32\lftuurxm.dll
C:\WINDOWS\system32\lgtihhgc.dll
C:\WINDOWS\system32\lhanyouc.dll
C:\WINDOWS\system32\lhlnacrf.dll
C:\WINDOWS\system32\lilctuhn.dll
C:\WINDOWS\system32\lklfwxgy.dll
C:\WINDOWS\system32\lpvwtygm.dll
C:\WINDOWS\system32\lqktohoe.dll
C:\WINDOWS\system32\ltkaldfc.ini
C:\WINDOWS\system32\luvshsey.dll
C:\WINDOWS\system32\lvafxpok.dll
C:\WINDOWS\system32\lxwdjgrw.dll
C:\WINDOWS\system32\lydcfqyi.dll
C:\WINDOWS\system32\makstile.dll
C:\WINDOWS\system32\mbyargxf.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdkujemj.dll
C:\WINDOWS\system32\mdlkpmfb.dll
C:\WINDOWS\system32\mdoshebl.dll
C:\WINDOWS\system32\meyafekl.dll
C:\WINDOWS\system32\mgddcnpt.dll
C:\WINDOWS\system32\mgriypuc.dll
C:\WINDOWS\system32\miodfcin.exe
C:\WINDOWS\system32\mjtbwinu.dll
C:\WINDOWS\system32\mkxhybfr.dll
C:\WINDOWS\system32\mnnllnnb.dll
C:\WINDOWS\system32\mqemyocf.ini
C:\WINDOWS\system32\mqwekrwu.dll
C:\WINDOWS\system32\mrtnatdo.ini
C:\WINDOWS\system32\msuabmfs.dll
C:\WINDOWS\system32\mxeexvlt.dll
C:\WINDOWS\system32\nayomycc.dll
C:\WINDOWS\system32\nmlvadyu.dll
C:\WINDOWS\system32\nnapkiah.dll
C:\WINDOWS\system32\nnolpxes.dll
C:\WINDOWS\system32\nnuaxbix.dll
C:\WINDOWS\system32\npdypikh.dll
C:\WINDOWS\system32\nqptbfmj.dll
C:\WINDOWS\system32\nqthxugu.exe
C:\WINDOWS\system32\nqyugjgd.dll
C:\WINDOWS\system32\nutraavf.dll
C:\WINDOWS\system32\nvdbavto.ini
C:\WINDOWS\system32\nwkqmwtp.dll
C:\WINDOWS\system32\nxkdehie.dll
C:\WINDOWS\system32\nxuciidv.dll
C:\WINDOWS\system32\ocksidiv.dll
C:\WINDOWS\system32\ohlmalmi.dll
C:\WINDOWS\system32\okekmatp.dll
C:\WINDOWS\system32\omvmvtdu.ini
C:\WINDOWS\system32\oqhbknxr.dll
C:\WINDOWS\system32\owvqtyyv.dll
C:\WINDOWS\system32\pfasmkca.dll
C:\WINDOWS\system32\pgqjyycq.dll
C:\WINDOWS\system32\phafgqqm.dll
C:\WINDOWS\system32\pjkjigag.dll
C:\WINDOWS\system32\plchyfdx.dll
C:\WINDOWS\system32\pmnxtkjg.dll
C:\WINDOWS\system32\pofmjeuo.dll
C:\WINDOWS\system32\pudvgtvm.dll
C:\WINDOWS\system32\pvfqeseh.dll
C:\WINDOWS\system32\pvggbgnp.dll
C:\WINDOWS\system32\pxlcxvuu.dll
C:\WINDOWS\system32\pynlywba.dll
C:\WINDOWS\system32\pywmubna.dll
C:\WINDOWS\system32\pyyngcue.dll
C:\WINDOWS\system32\qcsjelno.dll
C:\WINDOWS\system32\qfnynwgq.dll
C:\WINDOWS\system32\qgahbtnc.dll
C:\WINDOWS\system32\qgwnynfq.ini
C:\WINDOWS\system32\qlxmwcwt.ini
C:\WINDOWS\system32\qprafpau.dll
C:\WINDOWS\system32\qpsoyudc.dll
C:\WINDOWS\system32\qqpfkdhj.dll
C:\WINDOWS\system32\qreosmck.ini
C:\WINDOWS\system32\qsrwpqvk.dll
C:\WINDOWS\system32\qssvspjd.ini
C:\WINDOWS\system32\qujisnyf.dll
C:\WINDOWS\system32\qujrbskk.dll
C:\WINDOWS\system32\qyreowbt.dll
C:\WINDOWS\system32\qyreuskq.dll
C:\WINDOWS\system32\rbjsklnv.dll
C:\WINDOWS\system32\rfvhihjp.dll
C:\WINDOWS\system32\rgqemwqw.dll
C:\WINDOWS\system32\rgxwqfab.dll
C:\WINDOWS\system32\rhhcghmk.dll
C:\WINDOWS\system32\rieqfixv.dll
C:\WINDOWS\system32\rilabhtx.dll
C:\WINDOWS\system32\rlgauseu.dll
C:\WINDOWS\system32\rmogmpxn.dll
C:\WINDOWS\system32\rphfpega.ini
C:\WINDOWS\system32\rselryrf.dll
C:\WINDOWS\system32\rshnxhjl.ini
C:\WINDOWS\system32\ruvcpjjw.dll
C:\WINDOWS\system32\saemilan.dll
C:\WINDOWS\system32\samldumd.dll
C:\WINDOWS\system32\sbexdasw.exe
C:\WINDOWS\system32\sdvrhplj.ini
C:\WINDOWS\system32\seiofkir.dll
C:\WINDOWS\system32\sfbbivtc.dll
C:\WINDOWS\system32\sschypfb.dll
C:\WINDOWS\system32\ssolnmsy.dll
C:\WINDOWS\system32\ssreomad.dll
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\stpbmuot.dll
C:\WINDOWS\system32\stsijldh.exe
C:\WINDOWS\system32\svtcrjvm.dll
C:\WINDOWS\system32\sxpnlalv.dll
C:\WINDOWS\system32\tcbwgfmx.dll
C:\WINDOWS\system32\tcqcpnoa.dll
C:\WINDOWS\system32\tewhlopy.ini
C:\WINDOWS\system32\tivukofi.dll
C:\WINDOWS\system32\tknowamp.dll
C:\WINDOWS\system32\tlwixoot.dll
C:\WINDOWS\system32\tneykyhx.dll
C:\WINDOWS\system32\tnqxvveo.dll
C:\WINDOWS\system32\tpcwinse.dll
C:\WINDOWS\system32\tskohyii.dll
C:\WINDOWS\system32\ttlqvhfq.dll
C:\WINDOWS\system32\ttsut.ini
C:\WINDOWS\system32\ttsut.ini2
C:\WINDOWS\system32\tubpjvom.dll
C:\WINDOWS\system32\tumymdvs.ini
C:\WINDOWS\system32\tustt.dll
C:\WINDOWS\system32\tustt.exe
C:\WINDOWS\system32\txnwuvmn.dll
C:\WINDOWS\system32\tyxcmmut.dll
C:\WINDOWS\system32\tyyfmxra.dll
C:\WINDOWS\system32\uacfmvyr.dll
C:\WINDOWS\system32\ubcgqirl.ini
C:\WINDOWS\system32\ucpwalaw.dll
C:\WINDOWS\system32\udamognq.dll
C:\WINDOWS\system32\udtvmvmo.dll
C:\WINDOWS\system32\uesuaglr.ini
C:\WINDOWS\system32\uihhyhwx.dll
C:\WINDOWS\system32\ukiasril.dll
C:\WINDOWS\system32\umgdvosr.ini
C:\WINDOWS\system32\umvhiwxx.dll
C:\WINDOWS\system32\unqaneqy.dll
C:\WINDOWS\system32\usiippuf.dll
C:\WINDOWS\system32\uvumgdxc.dll
C:\WINDOWS\system32\uxisemqw.dll
C:\WINDOWS\system32\uxwaxwhh.dll
C:\WINDOWS\system32\uybvgigx.dll
C:\WINDOWS\system32\vaakytvy.dll
C:\WINDOWS\system32\vagdllhr.dll
C:\WINDOWS\system32\vgkcemyo.dll
C:\WINDOWS\system32\vispbktb.dll
C:\WINDOWS\system32\vkbjtnog.dll
C:\WINDOWS\system32\vskplccl.dll
C:\WINDOWS\system32\vsrktdqw.ini
C:\WINDOWS\system32\vxyvdkqg.dll
C:\WINDOWS\system32\vyrrlkpt.dll
C:\WINDOWS\system32\wakdfwcl.dll
C:\WINDOWS\system32\warbqdiv.dll
C:\WINDOWS\system32\wdogedoi.dll
C:\WINDOWS\system32\wemexgdc.dll
C:\WINDOWS\system32\wgqddbkt.dll
C:\WINDOWS\system32\whevxqdy.dll
C:\WINDOWS\system32\wkhwtbfy.dll
C:\WINDOWS\system32\wknhmpwy.dll
C:\WINDOWS\system32\wkywcskh.dll
C:\WINDOWS\system32\wmuucvpk.dll
C:\WINDOWS\system32\wosxdhtf.dll
C:\WINDOWS\system32\wsxharlu.dll
C:\WINDOWS\system32\wwgunyeh.dll
C:\WINDOWS\system32\xagipmsk.dll
C:\WINDOWS\system32\xbqovqay.dll
C:\WINDOWS\system32\xdccltse.dll
C:\WINDOWS\system32\xdkrxmbd.dll
C:\WINDOWS\system32\xefsbbam.dll
C:\WINDOWS\system32\xfcmhhpe.dll
C:\WINDOWS\system32\xfepecam.dll
C:\WINDOWS\system32\xgnrpbtm.dll
C:\WINDOWS\system32\xicadcfi.dll
C:\WINDOWS\system32\xivsxjjf.ini
C:\WINDOWS\system32\xkcvrjhk.ini
C:\WINDOWS\system32\xprkoymn.dll
C:\WINDOWS\system32\xthbalir.ini
C:\WINDOWS\system32\xyijbidq.dll
C:\WINDOWS\system32\ycuoexjn.dll
C:\WINDOWS\system32\ydqxvehw.ini
C:\WINDOWS\system32\yjrtidcd.dll
C:\WINDOWS\system32\ylqqlcrj.dll
C:\WINDOWS\system32\yocpfdnb.dll
C:\WINDOWS\system32\yoxunfjp.dll
C:\WINDOWS\system32\yscwqakc.dll
C:\WINDOWS\system32\yttfnvix.dll
C:\WINDOWS\system32\yujypjet.ini
C:\WINDOWS\system32\yxfaxyun.dll
C:\WINDOWS\system32\yyfiiydn.dll
C:\WINDOWS\wnsxs~1


<pre>
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---^> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_CMDSERVICE
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.



AND HERES THE NEW HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32, on 2008-05-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\ezSP_Px .exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\tustt.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [BMbfc5ef27] Rundll32.exe "C:\WINDOWS\system32\glyewmao.dll",s
O4 - HKLM\..\Run: [bcf6dcbb] rundll32.exe "C:\WINDOWS\system32\xagipmsk.dll",b
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF857.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200968810483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200968748714
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.thehealthcarenet.com/IMAGES/ACC_1-58779-805-0.jpg

--
End of file - 8985 bytes


Thank you again. Did I make any progress?

gec1030
2008-05-21, 01:51
Running from: G:\ComboFix.exe

I couldn't connect to the internet so I tried to put it on a thumb drive and then put in on the infected PC. I thought I moved it over, but I guess all I did was create a shortcut. Sorry if this screws anything up. Well, the good thing is, My computer isn't one of the 1/100 that don't make it to the disinfect stage.

Shaba
2008-05-21, 12:26
Hi

Combofix log is not complete.

Please try to re-run it.

If same reoccurs, please run in safe mode :)

gec1030
2008-05-22, 01:19
This time ComboFix when quite smoothly:

ComboFix 08-05-19.4 - Gary 2008-05-21 16:58:37.2 - NTFSx86
Running from: C:\Documents and Settings\Gary\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\CF857.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\fgusujch.ini
C:\WINDOWS\system32\hcjusugf.dll
C:\WINDOWS\system32\hevnmfix.dll
C:\WINDOWS\system32\jkahoguh.dll
C:\WINDOWS\system32\jwpeqgkc.dll
C:\WINDOWS\system32\kbcoesdp.ini
C:\WINDOWS\system32\ttsut.ini
C:\WINDOWS\system32\ttsut.ini2
C:\WINDOWS\system32\tustt.dll
C:\WINDOWS\system32\tustt.exe
C:\WINDOWS\system32\ufyfepjb.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Gary\Application Data\PPATCH~1
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Temporary
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\bundles
C:\WINDOWS\bundles\setup_silent_14765.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\fnts~1
C:\WINDOWS\pskt.ini
C:\WINDOWS\ssembl~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\abfkdlij.ini
C:\WINDOWS\system32\amvsokbj.ini
C:\WINDOWS\system32\bcvvskmv.dll
C:\WINDOWS\system32\bllihsgh.dll
C:\WINDOWS\system32\brbihgku.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cosyporg.ini
C:\WINDOWS\system32\cyfygeog.ini
C:\WINDOWS\system32\dbbkijjc.ini
C:\WINDOWS\system32\dfrahber.exe
C:\WINDOWS\system32\dkafpiyf.dll
C:\WINDOWS\system32\dluwdxuh.ini
C:\WINDOWS\system32\dyifmyqe.ini
C:\WINDOWS\system32\dypsvvgf.ini
C:\WINDOWS\system32\ebxrqawl.exe
C:\WINDOWS\system32\elrhilao.ini
C:\WINDOWS\system32\eqfvavov.ini
C:\WINDOWS\system32\eqqbbrdj.ini
C:\WINDOWS\system32\evdbcdhy.exe
C:\WINDOWS\system32\evljeujx.dll
C:\WINDOWS\system32\exkywnxu.dll
C:\WINDOWS\system32\ezSP_Px .exe
C:\WINDOWS\system32\fwlouyap.exe
C:\WINDOWS\system32\gakxhaia.exe
C:\WINDOWS\system32\gfngyrfl.ini
C:\WINDOWS\system32\gjihuoew.ini
C:\WINDOWS\system32\gjmodbvn.ini
C:\WINDOWS\system32\gkwfdgli.exe
C:\WINDOWS\system32\glfjvyqt.ini
C:\WINDOWS\system32\glyewmao.dll
C:\WINDOWS\system32\haikpann.ini
C:\WINDOWS\system32\hdcxpobi.dll
C:\WINDOWS\system32\herqerxq.dll
C:\WINDOWS\system32\hgaaemkf.dll
C:\WINDOWS\system32\hgfvfnfc.dll
C:\WINDOWS\system32\hgkysssm.dll
C:\WINDOWS\system32\hivjmktf.dll
C:\WINDOWS\system32\hjggaojj.dll
C:\WINDOWS\system32\hjpmbcpn.dll
C:\WINDOWS\system32\hkresppo.dll
C:\WINDOWS\system32\hlrheekx.dll
C:\WINDOWS\system32\hlskplfj.ini
C:\WINDOWS\system32\hqyhsoxo.dll
C:\WINDOWS\system32\huxdwuld.dll
C:\WINDOWS\system32\hvkwhmre.dll
C:\WINDOWS\system32\hwanbppd.dll
C:\WINDOWS\system32\hywesiss.dll
C:\WINDOWS\system32\hywlvlee.dll
C:\WINDOWS\system32\ibedncxl.ini
C:\WINDOWS\system32\iceaveab.ini
C:\WINDOWS\system32\iemktnmn.dll
C:\WINDOWS\system32\iewghuaf.dll
C:\WINDOWS\system32\ihkkstvo.dll
C:\WINDOWS\system32\ihlplxxb.dll
C:\WINDOWS\system32\ixdiggvd.dll
C:\WINDOWS\system32\jbkosvma.dll
C:\WINDOWS\system32\jdrbbqqe.dll
C:\WINDOWS\system32\jdviclws.ini
C:\WINDOWS\system32\jefefqed.dll
C:\WINDOWS\system32\jekbttnj.dll
C:\WINDOWS\system32\jeypuote.dll
C:\WINDOWS\system32\jhlcvkvf.dll
C:\WINDOWS\system32\jjgssdos.dll
C:\WINDOWS\system32\jkeqnlvs.ini
C:\WINDOWS\system32\jkvqsbfl.dll
C:\WINDOWS\system32\jllmjfmt.dll
C:\WINDOWS\system32\jmjgdiiu.dll
C:\WINDOWS\system32\jnogoswe.dll
C:\WINDOWS\system32\jsrdgkjq.dll
C:\WINDOWS\system32\jtolhhpi.dll
C:\WINDOWS\system32\jxayycuq.ini
C:\WINDOWS\system32\kenkutfl.dll
C:\WINDOWS\system32\kesbehsq.dll
C:\WINDOWS\system32\kffnutna.dll
C:\WINDOWS\system32\kgwxokho.dll
C:\WINDOWS\system32\khajyegc.dll
C:\WINDOWS\system32\khqetugh.dll
C:\WINDOWS\system32\kiijlwxd.dll
C:\WINDOWS\system32\kqgecfph.dll
C:\WINDOWS\system32\krmecpgm.exe
C:\WINDOWS\system32\krxsbfcs.dll
C:\WINDOWS\system32\ksmpigax.ini
C:\WINDOWS\system32\ktrorxwf.dll
C:\WINDOWS\system32\kybxqgrg.dll
C:\WINDOWS\system32\lcumkwrx.dll
C:\WINDOWS\system32\lcwfdkaw.ini
C:\WINDOWS\system32\lfrygnfg.dll
C:\WINDOWS\system32\lftuknek.ini
C:\WINDOWS\system32\lftuurxm.dll
C:\WINDOWS\system32\lgtihhgc.dll
C:\WINDOWS\system32\lhanyouc.dll
C:\WINDOWS\system32\lhlnacrf.dll
C:\WINDOWS\system32\lilctuhn.dll
C:\WINDOWS\system32\lklfwxgy.dll
C:\WINDOWS\system32\lpvwtygm.dll
C:\WINDOWS\system32\lqktohoe.dll
C:\WINDOWS\system32\ltkaldfc.ini
C:\WINDOWS\system32\luvshsey.dll
C:\WINDOWS\system32\lvafxpok.dll
C:\WINDOWS\system32\lxwdjgrw.dll
C:\WINDOWS\system32\lydcfqyi.dll
C:\WINDOWS\system32\makstile.dll
C:\WINDOWS\system32\mbyargxf.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdkujemj.dll
C:\WINDOWS\system32\mdlkpmfb.dll
C:\WINDOWS\system32\mdoshebl.dll
C:\WINDOWS\system32\meyafekl.dll
C:\WINDOWS\system32\mgddcnpt.dll
C:\WINDOWS\system32\mgriypuc.dll
C:\WINDOWS\system32\miodfcin.exe
C:\WINDOWS\system32\mjtbwinu.dll
C:\WINDOWS\system32\mkxhybfr.dll
C:\WINDOWS\system32\mnnllnnb.dll
C:\WINDOWS\system32\mqemyocf.ini
C:\WINDOWS\system32\mqwekrwu.dll
C:\WINDOWS\system32\mrtnatdo.ini
C:\WINDOWS\system32\msuabmfs.dll
C:\WINDOWS\system32\mxeexvlt.dll
C:\WINDOWS\system32\nayomycc.dll
C:\WINDOWS\system32\nmlvadyu.dll
C:\WINDOWS\system32\nnapkiah.dll
C:\WINDOWS\system32\nnolpxes.dll
C:\WINDOWS\system32\nnuaxbix.dll
C:\WINDOWS\system32\npdypikh.dll
C:\WINDOWS\system32\nqptbfmj.dll
C:\WINDOWS\system32\nqthxugu.exe
C:\WINDOWS\system32\nqyugjgd.dll
C:\WINDOWS\system32\nutraavf.dll
C:\WINDOWS\system32\nvdbavto.ini
C:\WINDOWS\system32\nwkqmwtp.dll
C:\WINDOWS\system32\nxkdehie.dll
C:\WINDOWS\system32\nxuciidv.dll
C:\WINDOWS\system32\ocksidiv.dll
C:\WINDOWS\system32\ohlmalmi.dll
C:\WINDOWS\system32\okekmatp.dll
C:\WINDOWS\system32\omvmvtdu.ini
C:\WINDOWS\system32\oqhbknxr.dll
C:\WINDOWS\system32\owvqtyyv.dll
C:\WINDOWS\system32\pfasmkca.dll
C:\WINDOWS\system32\pgqjyycq.dll
C:\WINDOWS\system32\phafgqqm.dll
C:\WINDOWS\system32\pjkjigag.dll
C:\WINDOWS\system32\plchyfdx.dll
C:\WINDOWS\system32\pmnxtkjg.dll
C:\WINDOWS\system32\pofmjeuo.dll
C:\WINDOWS\system32\pudvgtvm.dll
C:\WINDOWS\system32\pvfqeseh.dll
C:\WINDOWS\system32\pvggbgnp.dll
C:\WINDOWS\system32\pxlcxvuu.dll
C:\WINDOWS\system32\pynlywba.dll
C:\WINDOWS\system32\pywmubna.dll
C:\WINDOWS\system32\pyyngcue.dll
C:\WINDOWS\system32\qcsjelno.dll
C:\WINDOWS\system32\qfnynwgq.dll
C:\WINDOWS\system32\qgahbtnc.dll
C:\WINDOWS\system32\qgwnynfq.ini
C:\WINDOWS\system32\qlxmwcwt.ini
C:\WINDOWS\system32\qprafpau.dll
C:\WINDOWS\system32\qpsoyudc.dll
C:\WINDOWS\system32\qqpfkdhj.dll
C:\WINDOWS\system32\qreosmck.ini
C:\WINDOWS\system32\qsrwpqvk.dll
C:\WINDOWS\system32\qssvspjd.ini
C:\WINDOWS\system32\qujisnyf.dll
C:\WINDOWS\system32\qujrbskk.dll
C:\WINDOWS\system32\qyreowbt.dll
C:\WINDOWS\system32\qyreuskq.dll
C:\WINDOWS\system32\rbjsklnv.dll
C:\WINDOWS\system32\rfvhihjp.dll
C:\WINDOWS\system32\rgqemwqw.dll
C:\WINDOWS\system32\rgxwqfab.dll
C:\WINDOWS\system32\rhhcghmk.dll
C:\WINDOWS\system32\rieqfixv.dll
C:\WINDOWS\system32\rilabhtx.dll
C:\WINDOWS\system32\rlgauseu.dll
C:\WINDOWS\system32\rmogmpxn.dll
C:\WINDOWS\system32\rphfpega.ini
C:\WINDOWS\system32\rselryrf.dll
C:\WINDOWS\system32\rshnxhjl.ini
C:\WINDOWS\system32\ruvcpjjw.dll
C:\WINDOWS\system32\saemilan.dll
C:\WINDOWS\system32\samldumd.dll
C:\WINDOWS\system32\sbexdasw.exe
C:\WINDOWS\system32\sdvrhplj.ini
C:\WINDOWS\system32\seiofkir.dll
C:\WINDOWS\system32\sfbbivtc.dll
C:\WINDOWS\system32\sschypfb.dll
C:\WINDOWS\system32\ssolnmsy.dll
C:\WINDOWS\system32\ssreomad.dll
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\stpbmuot.dll
C:\WINDOWS\system32\stsijldh.exe
C:\WINDOWS\system32\svtcrjvm.dll
C:\WINDOWS\system32\sxpnlalv.dll
C:\WINDOWS\system32\tcbwgfmx.dll
C:\WINDOWS\system32\tcqcpnoa.dll
C:\WINDOWS\system32\tewhlopy.ini
C:\WINDOWS\system32\tivukofi.dll
C:\WINDOWS\system32\tknowamp.dll
C:\WINDOWS\system32\tlwixoot.dll
C:\WINDOWS\system32\tneykyhx.dll
C:\WINDOWS\system32\tnqxvveo.dll
C:\WINDOWS\system32\tpcwinse.dll
C:\WINDOWS\system32\tskohyii.dll
C:\WINDOWS\system32\ttlqvhfq.dll
C:\WINDOWS\system32\ttsut.ini
C:\WINDOWS\system32\ttsut.ini2
C:\WINDOWS\system32\tubpjvom.dll
C:\WINDOWS\system32\tumymdvs.ini
C:\WINDOWS\system32\tustt.dll
C:\WINDOWS\system32\tustt.exe
C:\WINDOWS\system32\txnwuvmn.dll
C:\WINDOWS\system32\tyxcmmut.dll
C:\WINDOWS\system32\tyyfmxra.dll
C:\WINDOWS\system32\uacfmvyr.dll
C:\WINDOWS\system32\ubcgqirl.ini
C:\WINDOWS\system32\ucpwalaw.dll
C:\WINDOWS\system32\udamognq.dll
C:\WINDOWS\system32\udtvmvmo.dll
C:\WINDOWS\system32\uesuaglr.ini
C:\WINDOWS\system32\uihhyhwx.dll
C:\WINDOWS\system32\ukiasril.dll
C:\WINDOWS\system32\umgdvosr.ini
C:\WINDOWS\system32\umvhiwxx.dll
C:\WINDOWS\system32\unqaneqy.dll
C:\WINDOWS\system32\usiippuf.dll
C:\WINDOWS\system32\uvumgdxc.dll
C:\WINDOWS\system32\uxisemqw.dll
C:\WINDOWS\system32\uxwaxwhh.dll
C:\WINDOWS\system32\uybvgigx.dll
C:\WINDOWS\system32\vaakytvy.dll
C:\WINDOWS\system32\vagdllhr.dll
C:\WINDOWS\system32\vgkcemyo.dll
C:\WINDOWS\system32\vispbktb.dll
C:\WINDOWS\system32\vkbjtnog.dll
C:\WINDOWS\system32\vskplccl.dll
C:\WINDOWS\system32\vsrktdqw.ini
C:\WINDOWS\system32\vxyvdkqg.dll
C:\WINDOWS\system32\vyrrlkpt.dll
C:\WINDOWS\system32\wakdfwcl.dll
C:\WINDOWS\system32\warbqdiv.dll
C:\WINDOWS\system32\wdogedoi.dll
C:\WINDOWS\system32\wemexgdc.dll
C:\WINDOWS\system32\wgqddbkt.dll
C:\WINDOWS\system32\whevxqdy.dll
C:\WINDOWS\system32\wkhwtbfy.dll
C:\WINDOWS\system32\wknhmpwy.dll
C:\WINDOWS\system32\wkywcskh.dll
C:\WINDOWS\system32\wmuucvpk.dll
C:\WINDOWS\system32\wosxdhtf.dll
C:\WINDOWS\system32\wsxharlu.dll
C:\WINDOWS\system32\wwgunyeh.dll
C:\WINDOWS\system32\xagipmsk.dll
C:\WINDOWS\system32\xbqovqay.dll
C:\WINDOWS\system32\xdccltse.dll
C:\WINDOWS\system32\xdkrxmbd.dll
C:\WINDOWS\system32\xefsbbam.dll
C:\WINDOWS\system32\xfcmhhpe.dll
C:\WINDOWS\system32\xfepecam.dll
C:\WINDOWS\system32\xgnrpbtm.dll
C:\WINDOWS\system32\xicadcfi.dll
C:\WINDOWS\system32\xivsxjjf.ini
C:\WINDOWS\system32\xkcvrjhk.ini
C:\WINDOWS\system32\xprkoymn.dll
C:\WINDOWS\system32\xthbalir.ini
C:\WINDOWS\system32\xyijbidq.dll
C:\WINDOWS\system32\ycuoexjn.dll
C:\WINDOWS\system32\ydqxvehw.ini
C:\WINDOWS\system32\yjrtidcd.dll
C:\WINDOWS\system32\ylqqlcrj.dll
C:\WINDOWS\system32\yocpfdnb.dll
C:\WINDOWS\system32\yoxunfjp.dll
C:\WINDOWS\system32\yscwqakc.dll
C:\WINDOWS\system32\yttfnvix.dll
C:\WINDOWS\system32\yujypjet.ini
C:\WINDOWS\system32\yxfaxyun.dll
C:\WINDOWS\system32\yyfiiydn.dll
C:\WINDOWS\wnsxs~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_CMDSERVICE
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-21 16:45 . 2008-05-21 16:45 2,624 --a------ C:\WINDOWS\system32\vfusysor.exe
2008-05-20 18:48 . 2008-05-20 18:48 2,624 --a------ C:\WINDOWS\system32\ginlqsgh.exe
2008-05-20 17:54 . 2008-05-21 16:54 40,960 --a------ C:\WINDOWS\system32\ezSP_Px .exe
2008-05-20 16:19 . 2008-05-20 16:19 2,624 --a------ C:\WINDOWS\system32\xalldvfv.exe
2008-05-19 15:58 . 2008-05-19 15:58 2,624 --a------ C:\WINDOWS\system32\ioacften.exe
2008-05-18 19:44 . 2008-05-18 19:45 23,700,784 --a------ C:\Program Files\QuickTimeInstaller.exe
2008-05-15 16:05 . 2008-05-15 16:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 20:43 . 2008-05-14 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 20:42 . 2008-05-14 20:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-13 09:39 . 2008-05-13 09:39 100,928 --------- C:\WINDOWS\system32\fsjaxeum.dll_old
2008-04-30 16:17 . 2008-05-01 16:24 1,846 --ahs---- C:\WINDOWS\system32\hgtxuehd.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 23:34 --------- d-----w C:\Program Files\Palm
2008-05-20 21:44 --------- d-----w C:\Program Files\QuickTime
2008-05-20 21:43 --------- d-----w C:\Program Files\AirPort
2008-05-18 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-17 01:00 --------- d-----w C:\Documents and Settings\Gary\Application Data\AdobeUM
2008-05-11 15:44 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-04-14 00:18 --------- d-----w C:\Documents and Settings\Gary\Application Data\LimeWire
2008-04-02 01:31 --------- d-----w C:\Documents and Settings\Gary\Application Data\MSN6
2008-03-28 02:30 4,907,520 ----a-w C:\WDSync_v6_3_130.exe
2008-03-28 02:25 4,214,196 ----a-w C:\Documents and Settings\Gary\WDSyncV6.zip
2007-12-24 20:41 115,336 -c--a-w C:\Documents and Settings\Gary\Application Data\GDIPFONTCACHEV1.DAT
2007-06-14 14:39 4,907,520 ----a-w C:\Documents and Settings\Gary\WDSync_v6_3_130.exe
2002-12-11 21:27 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

<pre>
----a-w 733,184 2008-05-20 20:12:06 C:\Program Files\AirPort\APAgent .exe
----a-w 1,694,208 2008-05-11 17:02:56 C:\Program Files\Messenger\msmsgs .exe
----a-w 2,097,488 2008-02-26 12:12:52 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 4,662,776 2008-03-15 22:51:09 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w 40,960 2008-05-21 20:54:35 C:\WINDOWS\system32\ezSP_Px .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EAF23F2-FE33-41CD-9364-890209ADFBBB}]
C:\WINDOWS\system32\tustt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34907F86-EC03-4994-B969-8C24A80FD495}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3de14fae-96af-415d-9323-86ebd5a3a8ad}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4d35a57d-b630-4321-95f0-df881ba78df8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5297CA38-AC51-4A08-A339-C1984120DE53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53D54B61-6A2E-4FBB-8753-74B61EA29934}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7686ab61-2568-4acd-b6e5-2d2240d2accd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7e1cc3bc-442b-43cc-b2f7-9debe00290c9}]
C:\WINDOWS\system32\ufyfepjb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{849C373C-A24A-4BCB-BEDA-A6E1E772A1AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E019B2C-560F-4ADE-AB04-252E00BEF837}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF849ED0-66ED-48EA-A956-E5F96D8636D6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2DB8110-8A1D-4FEC-A7EC-C5967A49A4F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA23D76-8D19-4B32-8425-005971DE976C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2EBA1CA-3BE7-4697-A4EC-9DD6529302AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e719c49b-7f9a-43ea-b410-c8853a765a7d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]
"SetDefaultMIDI"="MIDIDef.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px .exe" [2008-05-21 16:54 40960]
"AirPort Base Station Agent"="C:\Program Files\AirPort\APAgent.exe" [ ]
"combofix"="C:\WINDOWS\system32\CF17130.exe" [2004-08-04 03:56 388608]
"bcf6dcbb"="C:\WINDOWS\system32\hcjusugf.dll" [ ]
"BMbfc5ef27"="C:\WINDOWS\system32\hevnmfix.dll" [ ]

C:\Documents and Settings\Gary\Start Menu\Programs\Startup\
HotSync Manager.LNK - C:\Program Files\Palm\HOTSYNC.EXE [2003-02-28 19:38:20 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 00:37:56 217194]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-04-20 21:27:07 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwwvu]
byxwwvu.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\tustt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys [2003-11-21 17:15]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-12-24 14:52]
R3 cinemclc;CineMaster C 3.0 WDM Main Driver;C:\WINDOWS\system32\drivers\cinemclc.sys [2001-08-17 10:02]
R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\lne100v5.sys [2001-04-01 15:01]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-12-24 14:52]
R3 vdmindvd;Cinemaster C WDM DVD Driver;C:\WINDOWS\system32\drivers\vdmindvd.sys [2001-08-23 08:00]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 01:59]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 13:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04f37510-3d03-11db-ae70-000c415a5dad}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfbac8a0-3091-11db-ae4c-f0ef19031aa5}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4be2ae1-4772-11db-ae80-000c415a5dad}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9f5d96-82c9-11da-ad21-000c415a5dad}]
\Shell\AutoRun\command - JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 00:43:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 17:12:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EPSON\ESM2\eEBSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
.
**************************************************************************
.
Completion time: 2008-05-21 17:22:08 - machine was rebooted [Gary]
ComboFix-quarantined-files.txt 2008-05-21 21:21:56

Pre-Run: 1,432,477,696 bytes free
Post-Run: 1,412,575,232 bytes free

583

And Here the updated HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:53 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ezSP_Px .exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200968810483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200968748714
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: byxwwvu - byxwwvu.dll (file missing)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.thehealthcarenet.com/IMAGES/ACC_1-58779-805-0.jpg

--
End of file - 9169 bytes

Shaba
2008-05-22, 14:39
Hi

Yes, it looks much better :)

You may need to uninstall and re-install certain programs as ComboFix failed to restore them:

----a-w 733,184 2008-05-20 20:12:06 C:\Program Files\AirPort\APAgent .exe
----a-w 1,694,208 2008-05-11 17:02:56 C:\Program Files\Messenger\msmsgs .exe
----a-w 2,097,488 2008-02-26 12:12:52 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 4,662,776 2008-03-15 22:51:09 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w 40,960 2008-05-21 20:54:35 C:\WINDOWS\system32\ezSP_Px .exe

However, don't do it now.

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\WINDOWS\system32\vfusysor.exe
C:\WINDOWS\system32\ginlqsgh.exe
C:\WINDOWS\system32\ezSP_Px .exe
C:\WINDOWS\system32\xalldvfv.exe
C:\WINDOWS\system32\ioacften.exe
C:\WINDOWS\system32\fsjaxeum.dll_old
C:\WINDOWS\system32\hgtxuehd.ini
C:\Program Files\AirPort\APAgent .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EAF23F2-FE33-41CD-9364-890209ADFBBB}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34907F86-EC03-4994-B969-8C24A80FD495}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3de14fae-96af-415d-9323-86ebd5a3a8ad}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4d35a57d-b630-4321-95f0-df881ba78df8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5297CA38-AC51-4A08-A339-C1984120DE53}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53D54B61-6A2E-4FBB-8753-74B61EA29934}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7686ab61-2568-4acd-b6e5-2d2240d2accd}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7e1cc3bc-442b-43cc-b2f7-9debe00290c9}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{849C373C-A24A-4BCB-BEDA-A6E1E772A1AC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E019B2C-560F-4ADE-AB04-252E00BEF837}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF849ED0-66ED-48EA-A956-E5F96D8636D6}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2DB8110-8A1D-4FEC-A7EC-C5967A49A4F1}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA23D76-8D19-4B32-8425-005971DE976C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2EBA1CA-3BE7-4697-A4EC-9DD6529302AF}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e719c49b-7f9a-43ea-b410-c8853a765a7d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-
"bcf6dcbb"=-
"BMbfc5ef27"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwwvu]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

gec1030
2008-05-22, 23:35
Thanks! I'm glad its getting fixed:

COMBOFIX

ComboFix 08-05-19.4 - Gary 2008-05-22 16:14:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.399 [GMT -4:00]
Running from: C:\Documents and Settings\Gary\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gary\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\AirPort\APAgent .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\system32\ezSP_Px .exe
C:\WINDOWS\system32\fsjaxeum.dll_old
C:\WINDOWS\system32\ginlqsgh.exe
C:\WINDOWS\system32\hgtxuehd.ini
C:\WINDOWS\system32\ioacften.exe
C:\WINDOWS\system32\vfusysor.exe
C:\WINDOWS\system32\xalldvfv.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AirPort\APAgent .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\system32\ezSP_Px .exe
C:\WINDOWS\system32\fsjaxeum.dll_old
C:\WINDOWS\system32\ginlqsgh.exe
C:\WINDOWS\system32\hgtxuehd.ini
C:\WINDOWS\system32\ioacften.exe
C:\WINDOWS\system32\vfusysor.exe
C:\WINDOWS\system32\xalldvfv.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-18 19:44 . 2008-05-18 19:45 23,700,784 --a------ C:\Program Files\QuickTimeInstaller.exe
2008-05-15 16:05 . 2008-05-15 16:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 20:43 . 2008-05-14 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 20:42 . 2008-05-14 20:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 20:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 20:14 --------- d-----w C:\Program Files\AirPort
2008-05-20 23:34 --------- d-----w C:\Program Files\Palm
2008-05-20 21:44 --------- d-----w C:\Program Files\QuickTime
2008-05-18 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-17 01:00 --------- d-----w C:\Documents and Settings\Gary\Application Data\AdobeUM
2008-05-11 15:44 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-04-14 00:18 --------- d-----w C:\Documents and Settings\Gary\Application Data\LimeWire
2008-04-02 01:31 --------- d-----w C:\Documents and Settings\Gary\Application Data\MSN6
2008-03-28 02:30 4,907,520 ----a-w C:\WDSync_v6_3_130.exe
2008-03-28 02:25 4,214,196 ----a-w C:\Documents and Settings\Gary\WDSyncV6.zip
2007-12-24 20:41 115,336 -c--a-w C:\Documents and Settings\Gary\Application Data\GDIPFONTCACHEV1.DAT
2007-06-14 14:39 4,907,520 ----a-w C:\Documents and Settings\Gary\WDSync_v6_3_130.exe
2002-12-11 21:27 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-21_17.20.34.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 21:10:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 20:05:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-21 21:11:52 228,196 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-05-22 20:09:52 228,197 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-05-22 20:05:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]
"SetDefaultMIDI"="MIDIDef.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px .exe" [ ]
"AirPort Base Station Agent"="C:\Program Files\AirPort\APAgent.exe" [ ]

C:\Documents and Settings\Gary\Start Menu\Programs\Startup\
HotSync Manager.LNK - C:\Program Files\Palm\HOTSYNC.EXE [2003-02-28 19:38:20 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 00:37:56 217194]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-04-20 21:27:07 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys [2003-11-21 17:15]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-12-24 14:52]
R3 cinemclc;CineMaster C 3.0 WDM Main Driver;C:\WINDOWS\system32\drivers\cinemclc.sys [2001-08-17 10:02]
R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\lne100v5.sys [2001-04-01 15:01]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-12-24 14:52]
R3 vdmindvd;Cinemaster C WDM DVD Driver;C:\WINDOWS\system32\drivers\vdmindvd.sys [2001-08-23 08:00]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 01:59]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 13:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04f37510-3d03-11db-ae70-000c415a5dad}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfbac8a0-3091-11db-ae4c-f0ef19031aa5}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4be2ae1-4772-11db-ae80-000c415a5dad}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9f5d96-82c9-11da-ad21-000c415a5dad}]
\Shell\AutoRun\command - JDSecure\Windows\JDSecure31.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 00:43:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:19:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-22 16:23:26
ComboFix-quarantined-files.txt 2008-05-22 20:23:16
ComboFix2.txt 2008-05-21 21:22:10

Pre-Run: 1,404,678,144 bytes free
Post-Run: 1,383,297,024 bytes free

130


------------------------------------------

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:47 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200968810483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200968748714
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.thehealthcarenet.com/IMAGES/ACC_1-58779-805-0.jpg

--
End of file - 9074 bytes

Shaba
2008-05-23, 12:41
Hi

Yes, much better :)

Open HijackThis, click do a system scan only and checkmark these:

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc (obfuscated)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)

Close all windows including browser and press fix checked.

Reboot.

Empty this folder:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\

Empty Recycle Bin.

Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report

gec1030
2008-05-25, 04:49
The Kaspersky Report wasn't very promising:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 9:46:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799624
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 54559
Number of viruses found: 118
Number of infected objects: 362
Number of suspicious objects: 0
Duration of the scan process: 03:12:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Gary\.jpi_cache\file\1.0\Dummy.class-54303564-4f063d22.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\Gary\.jpi_cache\file\1.0\VerifierBug.class-62b5f03a-7d414e92.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Gary\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Gary\Incomplete\Preview-T-3545425-havana soundtrack.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gary\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Gary\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Infected: Trojan-Dropper.Win32.Small.ge skipped
C:\QooBox\Quarantine\C\Program Files\AirPort\APAgent.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\bundles\setup_silent_14765.exe.vir/data0001.bin Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\QooBox\Quarantine\C\WINDOWS\bundles\setup_silent_14765.exe.vir AWInstall: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\bundles\setup_silent_14765.exe.vir UPX: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bcvvskmv.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bllihsgh.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\CF857.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dkafpiyf.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\exkywnxu.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ezSP_Px.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fsjaxeum.dll_old.vir Infected: Trojan.Win32.Monder.do skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\glyewmao.dll.vir Infected: Trojan.Win32.Monder.ix skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hdcxpobi.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\herqerxq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hgaaemkf.dll.vir Infected: Trojan.Win32.Monder.cd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hgfvfnfc.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hgkysssm.dll.vir Infected: Trojan.Win32.Monder.az skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hivjmktf.dll.vir Infected: Trojan.Win32.Monder.cc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hjggaojj.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hjpmbcpn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hkresppo.dll.vir Infected: Trojan.Win32.Monder.u skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hlrheekx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hqyhsoxo.dll.vir Infected: Trojan.Win32.Monder.cf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\huxdwuld.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hywesiss.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hywlvlee.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iemktnmn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qpi skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iewghuaf.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ihkkstvo.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ihlplxxb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ixdiggvd.dll.vir Infected: Trojan.Win32.Monder.t skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jbkosvma.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jdrbbqqe.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jefefqed.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qof skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jekbttnj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jeypuote.dll.vir Infected: Trojan.Win32.Monder.ac skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jhlcvkvf.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jjgssdos.dll.vir Infected: Trojan.Win32.Monder.q skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkvqsbfl.dll.vir Infected: Trojan.Win32.Monder.cs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jllmjfmt.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jmjgdiiu.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jnogoswe.dll.vir Infected: Trojan.Win32.Monder.ax skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jsrdgkjq.dll.vir Infected: Trojan.Win32.Monder.q skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jtolhhpi.dll.vir Infected: Trojan.Win32.Monder.s skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jwpeqgkc.dll.vir Infected: Trojan.Win32.Monder.ix skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kenkutfl.dll.vir Infected: Trojan.Win32.Monder.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kesbehsq.dll.vir Infected: Trojan.Win32.Monder.dk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kffnutna.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kgwxokho.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qoh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khajyegc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khqetugh.dll.vir Infected: Trojan.Win32.Monder.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kiijlwxd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lub skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kqgecfph.dll.vir Infected: Trojan.Win32.Monder.bj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\krxsbfcs.dll.vir Infected: Trojan.Win32.Monder.bk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ktrorxwf.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kybxqgrg.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lcumkwrx.dll.vir Infected: Trojan.Win32.Monder.aw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lfrygnfg.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lftuurxm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lgtihhgc.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lhanyouc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lilctuhn.dll.vir Infected: Trojan.Win32.Monder.af skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lklfwxgy.dll.vir Infected: Trojan.Win32.Monder.q skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lpvwtygm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lqktohoe.dll.vir Infected: Trojan.Win32.Monder.aw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\luvshsey.dll.vir Infected: Trojan.Win32.Monder.q skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lvafxpok.dll.vir Infected: Trojan.Win32.Monder.ap skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lxwdjgrw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qvn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lydcfqyi.dll.vir Infected: Trojan.Win32.Monder.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\makstile.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdkujemj.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdlkpmfb.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdoshebl.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\meyafekl.dll.vir Infected: Trojan.Win32.Monder.aq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mgddcnpt.dll.vir Infected: Trojan.Win32.Monder.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mgriypuc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mjtbwinu.dll.vir Infected: Trojan.Win32.Monder.ay skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mkxhybfr.dll.vir Infected: Trojan.Win32.Monder.io skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mnnllnnb.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mqwekrwu.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\msuabmfs.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nayomycc.dll.vir Infected: Trojan.Win32.Monder.aj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nmlvadyu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnapkiah.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnolpxes.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnuaxbix.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\npdypikh.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nqptbfmj.dll.vir Infected: Trojan.Win32.Monder.cs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nqyugjgd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nutraavf.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nwkqmwtp.dll.vir Infected: Trojan.Win32.Monder.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nxkdehie.dll.vir Infected: Trojan.Win32.Monder.aw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nxuciidv.dll.vir Infected: Trojan.Win32.Monder.q skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ocksidiv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.pon skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ohlmalmi.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\okekmatp.dll.vir Infected: Trojan.Win32.Monder.cz skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oqhbknxr.dll.vir Infected: Trojan.Win32.Monder.cc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\owvqtyyv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qur skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pfasmkca.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pgqjyycq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qvg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\phafgqqm.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pjkjigag.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\plchyfdx.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnxtkjg.dll.vir Infected: Trojan.Win32.Monder.bg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pofmjeuo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pudvgtvm.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pvfqeseh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qvm skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pvggbgnp.dll.vir Infected: Trojan.Win32.Monder.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pynlywba.dll.vir Infected: Trojan.Win32.Monder.ce skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pywmubna.dll.vir Infected: Trojan.Win32.Monder.af skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pyyngcue.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.okj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qcsjelno.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qgahbtnc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qprafpau.dll.vir Infected: Trojan.Win32.Monder.q skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qpsoyudc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qqpfkdhj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qsrwpqvk.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qujisnyf.dll.vir Infected: Trojan.Win32.Monder.be skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qujrbskk.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qyreuskq.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rbjsklnv.dll.vir Infected: Trojan.Win32.Monder.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rfvhihjp.dll.vir Infected: Trojan.Win32.Monder.aw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rgxwqfab.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rhhcghmk.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rieqfixv.dll.vir Infected: Trojan.Win32.Monder.cq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rilabhtx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rlgauseu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rselryrf.dll.vir Infected: Trojan.Win32.Monder.cd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ruvcpjjw.dll.vir Infected: Trojan.Win32.Monder.cs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\saemilan.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\samldumd.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.asj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\seiofkir.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sfbbivtc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssolnmsy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssreomad.dll.vir Infected: Trojan.Win32.Monder.cs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\stpbmuot.dll.vir Infected: Trojan.Win32.Monder.bb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\svtcrjvm.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sxpnlalv.dll.vir Infected: Trojan.Win32.Monder.t skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcbwgfmx.dll.vir Infected: Trojan.Win32.Monder.de skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcqcpnoa.dll.vir Infected: Trojan.Win32.Monder.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tivukofi.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tknowamp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tlwixoot.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tneykyhx.dll.vir Infected: Trojan.Win32.Monder.bm skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tpcwinse.dll.vir Infected: Trojan.Win32.Monder.cy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tskohyii.dll.vir Infected: Trojan.Win32.Monder.cp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ttlqvhfq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tubpjvom.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tustt.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\txnwuvmn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tyxcmmut.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tyyfmxra.dll.vir Infected: Trojan.Win32.Monder.da skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uacfmvyr.dll.vir Infected: Trojan.Win32.Monder.an skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ucpwalaw.dll.vir Infected: Trojan.Win32.Monder.cs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\udamognq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\udtvmvmo.dll.vir Infected: Trojan.Win32.Monder.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uihhyhwx.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\umvhiwxx.dll.vir Infected: Trojan.Win32.Monder.ao skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\unqaneqy.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\usiippuf.dll.vir Infected: Trojan.Win32.Monder.cq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uvumgdxc.dll.vir Infected: Trojan.Win32.Monder.bc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uxisemqw.dll.vir Infected: Trojan.Win32.Monder.q skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uxwaxwhh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uybvgigx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lsa skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vaakytvy.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vagdllhr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vgkcemyo.dll.vir Infected: Trojan.Win32.Monder.gz skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vispbktb.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vkbjtnog.dll.vir Infected: Trojan.Win32.Monder.aw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vskplccl.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vxyvdkqg.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vyrrlkpt.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wakdfwcl.dll.vir Infected: Trojan.Win32.Monder.fc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\warbqdiv.dll.vir Infected: Trojan.Win32.Monder.cs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wdogedoi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qok skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wemexgdc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wgqddbkt.dll.vir Infected: Trojan.Win32.Monder.di skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\whevxqdy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wkhwtbfy.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wknhmpwy.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wkywcskh.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmuucvpk.dll.vir Infected: Trojan.Win32.Monder.cv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wosxdhtf.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wsxharlu.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wwgunyeh.dll.vir Infected: Trojan.Win32.Monder.ah skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xagipmsk.dll.vir Infected: Trojan.Win32.Monder.iw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xbqovqay.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xdccltse.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xdkrxmbd.dll.vir Infected: Trojan.Win32.Monder.ik skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xefsbbam.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xfcmhhpe.dll.vir Infected: Trojan.Win32.Monder.bn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xfepecam.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xgnrpbtm.dll.vir Infected: Trojan.Win32.Monder.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xicadcfi.dll.vir Infected: Trojan.Win32.Monder.at skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xprkoymn.dll.vir Infected: Trojan.Win32.Monder.q skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xyijbidq.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ycuoexjn.dll.vir Infected: Trojan.Win32.Monder.bf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yjrtidcd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jxa skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ylqqlcrj.dll.vir Infected: Trojan.Win32.Monder.ai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yocpfdnb.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yoxunfjp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yscwqakc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qua skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yttfnvix.dll.vir Infected: Trojan.Win32.Monder.al skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yxfaxyun.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yyfiiydn.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\catchme2008-05-20_174731.87.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-05-20_174731.87.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-05-21_170643.02.zip/tustt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-05-21_170643.02.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\96wu19rd.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped
C:\WINDOWS\launchurl.exe Infected: Trojan.Win32.Zapchast skipped
C:\WINDOWS\mrofinu72.exe.tmp Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bH.dll Infected: Trojan-Dropper.Win32.Agent.og skipped
C:\WINDOWS\system32\calsdr.exe Infected: Trojan-Dropper.Win32.Small.ff skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\dbbrq.exe Infected: Backdoor.Win32.Agent.ec skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\in10b6s.dll Infected: Trojan.Win32.Revop.h skipped
C:\WINDOWS\system32\jggfotvc.dll Infected: Trojan.Win32.Monder.bs skipped
C:\WINDOWS\system32\L3BCE.tmp/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\WINDOWS\system32\L3BCE.tmp NSIS: infected - 1 skipped
C:\WINDOWS\system32\LFA8C.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.q skipped
C:\WINDOWS\system32\LFA8C.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.bgv skipped
C:\WINDOWS\system32\LFA8C.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aev skipped
C:\WINDOWS\system32\LFA8C.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.aev skipped
C:\WINDOWS\system32\LFA8C.tmp NSIS: infected - 4 skipped
C:\WINDOWS\system32\msbar.exe/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped
C:\WINDOWS\system32\msbar.exe/data0003/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped
C:\WINDOWS\system32\msbar.exe/data0003 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped
C:\WINDOWS\system32\msbar.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\mtwirl.dll Infected: Trojan.Win32.StartPage.kv skipped
C:\WINDOWS\system32\subujalg.dll Infected: Trojan.Win32.Monder.bs skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\weouhijg.dll Infected: Trojan.Win32.Monder.cw skipped
C:\WINDOWS\system32\windump.exe Infected: not-a-virus:Monitor.Win32.EliteKeyLogger.25 skipped
C:\WINDOWS\Temp\Perflib_Perfdata_494.dat Object is locked skipped
C:\WINDOWS\unstall.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.a skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\Wrapper.exe Infected: Trojan-Dropper.Win32.Small.nm skipped

Scan process completed.

-------------------

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:39 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200968810483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200968748714
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.thehealthcarenet.com/IMAGES/ACC_1-58779-805-0.jpg

--
End of file - 8259 bytes

Shaba
2008-05-25, 12:28
Hi

Yes but most of them are in quarantine (C:\QooBox\Quarantine).

Empty this folder:

C:\QooBox\Quarantine

Empty Recycle Bin.

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



C:\Documents and Settings\Gary\.jpi_cache\file\1.0\Dummy.class-54303564-4f063d22.class Settings\Gary\.jpi_cache\file\1.0\VerifierBug.class-62b5f03a-7d414e92.class
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip
C:\Documents and Settings\Gary\Incomplete\Preview-T-3545425-havana soundtrack.mp3
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\WINDOWS\96wu19rd.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\WINDOWS\launchurl.exe
C:\WINDOWS\mrofinu72.exe.tmp
C:\WINDOWS\system32\bH.dll
C:\WINDOWS\system32\calsdr.exe
C:\WINDOWS\system32\dbbrq.exe
C:\WINDOWS\system32\in10b6s.dll
C:\WINDOWS\system32\jggfotvc.dll
C:\WINDOWS\system32\L3BCE.tmp
C:\WINDOWS\system32\LFA8C.tmp
C:\WINDOWS\system32\msbar.exe
C:\WINDOWS\system32\mtwirl.dll
C:\WINDOWS\system32\subujalg.dll
C:\WINDOWS\system32\weouhijg.dll
C:\WINDOWS\system32\windump.exe
C:\WINDOWS\unstall.exe
C:\WINDOWS\Wrapper.exe


Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

gec1030
2008-05-25, 18:16
File/Folder C:\Documents and Settings\Gary\.jpi_cache\file\1.0\Dummy.class-54303564-4f063d22.class Settings\Gary\.jpi_cache\file\1.0\VerifierBug.class-62b5f03a-7d414e92.class not found.
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip moved successfully.
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip moved successfully.
C:\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip moved successfully.
C:\Documents and Settings\Gary\Incomplete\Preview-T-3545425-havana soundtrack.mp3 moved successfully.
C:\Program Files\Windows Media Player\wmplayer.exe.tmp moved successfully.
C:\WINDOWS\96wu19rd.exe moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1 moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3 moved successfully.
C:\WINDOWS\launchurl.exe moved successfully.
C:\WINDOWS\mrofinu72.exe.tmp moved successfully.
C:\WINDOWS\system32\bH.dll unregistered successfully.
C:\WINDOWS\system32\bH.dll moved successfully.
C:\WINDOWS\system32\calsdr.exe moved successfully.
C:\WINDOWS\system32\dbbrq.exe moved successfully.
C:\WINDOWS\system32\in10b6s.dll unregistered successfully.
C:\WINDOWS\system32\in10b6s.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jggfotvc.dll
C:\WINDOWS\system32\jggfotvc.dll NOT unregistered.
C:\WINDOWS\system32\jggfotvc.dll moved successfully.
C:\WINDOWS\system32\L3BCE.tmp moved successfully.
C:\WINDOWS\system32\LFA8C.tmp moved successfully.
C:\WINDOWS\system32\msbar.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mtwirl.dll
C:\WINDOWS\system32\mtwirl.dll NOT unregistered.
C:\WINDOWS\system32\mtwirl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\subujalg.dll
C:\WINDOWS\system32\subujalg.dll NOT unregistered.
C:\WINDOWS\system32\subujalg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\weouhijg.dll
C:\WINDOWS\system32\weouhijg.dll NOT unregistered.
C:\WINDOWS\system32\weouhijg.dll moved successfully.
C:\WINDOWS\system32\windump.exe moved successfully.
C:\WINDOWS\unstall.exe moved successfully.
C:\WINDOWS\Wrapper.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05252008_111458


There it is. Do you want me to post a HijackThis Log as well?

Shaba
2008-05-25, 19:31
Hi

Yes after this step :)

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

gec1030
2008-05-26, 20:32
I have downloaded Avast! AnitVirus Home Edition. When I restarted my computer it did a boot scan. There were many malware things on it and I deleted them. 20 to be exact. I reran HijackThis and here's the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:59 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200968810483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200968748714
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.thehealthcarenet.com/IMAGES/ACC_1-58779-805-0.jpg

--
End of file - 9068 bytes

Shaba
2008-05-26, 20:41
Hi

Thanks for the info.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report

gec1030
2008-05-27, 01:28
Kaspersky Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 26, 2008 6:25:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/05/2008
Kaspersky Anti-Virus database records: 801040
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 54406
Number of viruses found: 14
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 03:21:48

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Gary\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\History\History.IE5\MSHist012008052620080527\index.dat Object is locked skipped
C:\Documents and Settings\Gary\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gary\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Gary\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_218.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_720.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-1f8050ce-44b82325.zip ZIP: infected - 4 skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\classload.jar-7eb4d059-7cdd8e95.zip ZIP: infected - 4 skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\.jpi_cache\jar\1.0\loaderadv645.jar-7aa6918-3ebdfd90.zip ZIP: infected - 3 skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\Documents and Settings\Gary\Incomplete\Preview-T-3545425-havana soundtrack.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\system32\L3BCE.tmp/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\system32\L3BCE.tmp NSIS: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\system32\LFA8C.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.q skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\system32\LFA8C.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.bgv skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\system32\LFA8C.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aev skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\system32\LFA8C.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.aev skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\system32\LFA8C.tmp NSIS: infected - 4 skipped
C:\_OTMoveIt\MovedFiles\05252008_111458\WINDOWS\system32\windump.exe Infected: not-a-virus:Monitor.Win32.EliteKeyLogger.25 skipped

Scan process completed.

--------------------------------

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:53 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ezSP_Px .exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200968810483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200968748714
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: byxwwvu - byxwwvu.dll (file missing)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.thehealthcarenet.com/IMAGES/ACC_1-58779-805-0.jpg

--
End of file - 9169 bytes

gec1030
2008-05-27, 01:31
That was the wrong hijackthis log. Heres the right one:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:03 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200968810483
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200968748714
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.thehealthcarenet.com/IMAGES/ACC_1-58779-805-0.jpg

--
End of file - 9068 bytes


Sorry

Shaba
2008-05-27, 16:34
Hi

Empty this folder:

C:\_OTMoveIt\MovedFiles

Empty Recycle Bin.

Still problems?

gec1030
2008-05-28, 03:54
okay I did it. Do I need to post any logs?

Shaba
2008-05-28, 17:11
Hi

No unless you have some problems left?

Shaba
2008-06-02, 17:44
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.