PDA

View Full Version : Virtu Mundo



upandgone
2008-09-22, 18:52
Hey guys

Another yet agian.. Virtu Mundo...Spybot didnt see it it was Norton. Says it fixed it.. But i still got my labtop doing funny things on me.

Please have a look and see if hes still hiding somewhere. Thanks for all your time and efforts.

Patric


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:26, on 22/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Franklin\CM\Bin\FkltCM.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windguru.com/int/index.php?sc=58
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [cmoUIMain.exe] C:\Program Files\Franklin\CM\Bin\FkltCM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaDriveIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219062456156
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219763317359&h=b69d955569601d528216b12d3a5e7a69/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9123F88-7C67-481C-BE13-2EBBCCAE1F1C}: NameServer = 200.26.226.5 200.26.226.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12695 bytes

peku006
2008-09-24, 20:13
Hello and Welcome to the forums!
My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:

Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006

upandgone
2008-09-25, 05:39
Hello Peku006

thank you for taking the time. Here are the logs:
Malwarebytes' Anti-Malware 1.28
Database version: 1203
Windows 5.1.2600 Service Pack 2

24/09/2008 22:26:46
mbam-log-2008-09-24 (22-26-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 181346
Time elapsed: 1 hour(s), 58 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 64

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Adobe\Acrobat windows\Acrobat Pro 8 ML ISO\acrbt8ml\ZWT-KG\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Acrobat windows\ZWT-KG\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PlayMP3z\PlayMP3.exe.vir (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mauhbaon.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nqhlciql.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\godjcsle.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hvbshtlk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP558\A0154678.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP558\A0154679.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP558\A0154680.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP559\A0154769.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP562\A0157266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP563\A0157509.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP563\A0157511.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP564\A0157535.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP564\A0157605.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP565\A0157685.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP565\A0157686.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP565\A0157687.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0158790.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0157772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0157774.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0157775.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0157776.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0157783.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP571\A0164185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP572\A0169183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP573\A0170185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP574\A0170199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP578\A0171567.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP582\A0172558.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP582\A0172559.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP582\A0172560.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP583\A0172655.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP586\A0173016.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP586\A0173042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP587\A0174067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP568\A0159815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP568\A0159816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP568\A0159820.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP568\A0159825.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP589\A0175101.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176186.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176199.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176201.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176206.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176207.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176210.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176216.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176221.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176224.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176227.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176228.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176229.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176231.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176233.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176235.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176200.exe (Trojan.Vundo) -> Quarantined and deleted successfully.


----------------------------------------------------------------

Logfile of random's system information tool 1.02 (written by random/random)
Run by Patric at 2008-09-24 22:32:17
Microsoft Windows XP Professional Service Pack 2
System drive C: has 74 GB (39%) free of 191 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:17, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Franklin\CM\Bin\FkltCM.EXE
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Patric\Desktop\RSIT.exe
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe
C:\Program Files\Trend Micro\HijackThis\Patric.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windguru.com/int/index.php?sc=58
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [cmoUIMain.exe] C:\Program Files\Franklin\CM\Bin\FkltCM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VistaDriveIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219062456156
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219763317359&h=b69d955569601d528216b12d3a5e7a69/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9123F88-7C67-481C-BE13-2EBBCCAE1F1C}: NameServer = 200.26.226.5 200.26.226.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13600 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Patric.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EE0097B2-00A0-48BA-9CB6-A62B33F47A66}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-26 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-07-24 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-12-16 2133056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-15 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-06-18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-12-16 2133056]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2005-12-29 61952]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2007-11-05 45056]
"Norton Save and Restore"=C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe [2007-03-26 1582696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-02 13529088]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-25 51048]
"cmoUIMain.exe"=C:\Program Files\Franklin\CM\Bin\FkltCM.EXE [2006-09-23 2211840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2008-07-02 86016]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-07-02 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 40448]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-15 68856]
"VistaDriveIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2007-11-05 45056]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-08-12 21741864]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"fsm"=C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCPL"=0
"NoDevMgrPage"=0
"NoConfigPage"=0
"NoVirtMemPage"=0
"NoFileSysPage"=0
"NoNetSetup"=0
"NoNetSetupIDPage"=0
"NoNetSetupSecurityPage"=0
"NoWorkgroupContents"=0
"NoEntireNetwork"=0
"NoFileSharingControl"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"RestrictRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\9Dragons\NDLAUNCHER.EXE"="C:\Program Files\9Dragons\NDLAUNCHER.EXE:*:Enabled:9Dragons"
"C:\Program Files\VestGame\WoKF\PatcherKf.exe"="C:\Program Files\VestGame\WoKF\PatcherKf.exe:*:Enabled:WOKF"
"C:\Program Files\9Dragons\NDLauncher2.exe"="C:\Program Files\9Dragons\NDLauncher2.exe:*:Enabled:NDLauncher2.exe"
"C:\Program Files\9Dragons\NINEDRAGONS.EXE"="C:\Program Files\9Dragons\NINEDRAGONS.EXE:*:Enabled:NINEDRAGONS.EXE"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-09-24 22:32:17 ----DC---- C:\rsit
2008-09-23 22:20:20 ----DC---- C:\Downloads
2008-09-23 22:15:39 ----D---- C:\Documents and Settings\Patric\Application Data\Software Informer
2008-09-23 22:15:34 ----D---- C:\Program Files\Software Informer
2008-09-23 22:15:32 ----D---- C:\Documents and Settings\Patric\Application Data\Free Download Manager
2008-09-23 22:15:28 ----D---- C:\Program Files\Free Download Manager
2008-09-23 22:15:28 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-22 12:44:52 ----D---- C:\Documents and Settings\Patric\Application Data\Malwarebytes
2008-09-22 12:44:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 12:44:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 22:48:32 ----DC---- C:\ComboFix
2008-09-18 22:03:16 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 11:09:31 ----D---- C:\Program Files\iTunes
2008-09-13 11:09:31 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 11:08:07 ----D---- C:\Program Files\Bonjour
2008-09-13 11:07:07 ----D---- C:\Program Files\QuickTime
2008-09-11 12:42:42 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-11 12:42:41 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-11 12:42:40 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-11 12:42:39 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-11 12:42:39 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-11 12:42:39 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-11 12:42:38 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-09-11 12:42:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-09-11 12:42:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-11 12:42:35 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-09-11 12:42:34 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-11 12:42:34 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-09-11 12:42:34 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-11 12:42:33 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-09-11 12:40:38 ----D---- C:\Documents and Settings\All Users\Application Data\media center programs
2008-09-11 08:40:59 ----D---- C:\Program Files\Funcom
2008-09-11 08:39:35 ----D---- C:\Documents and Settings\All Users\Application Data\Funcom
2008-09-10 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 03:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-05 10:56:40 ----D---- C:\Documents and Settings\Patric\Application Data\ArcSoft
2008-09-05 10:53:32 ----D---- C:\WINDOWS\PixArt
2008-09-05 10:53:32 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-09-05 10:45:02 ----D---- C:\Program Files\Common Files\ArcSoft
2008-09-05 10:41:43 ----A---- C:\WINDOWS\PCDLIB32.DLL
2008-09-05 10:41:08 ----D---- C:\Program Files\ArcSoft
2008-09-05 10:39:13 ----A---- C:\WINDOWS\system32\SP7302.INI
2008-09-05 10:39:13 ----A---- C:\WINDOWS\system32\CoInst.dll
2008-09-05 10:39:08 ----D---- C:\Program Files\Logitech
2008-09-05 10:39:08 ----A---- C:\WINDOWS\AMCap.exe
2008-09-05 10:38:43 ----D---- C:\Documents and Settings\Patric\Application Data\InstallShield
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-26 11:12:06 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-26 11:12:06 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-26 11:12:06 ----A---- C:\WINDOWS\system32\java.exe
2008-08-25 09:20:51 ----SHDC---- C:\RECYCLER

======List of files/folders modified in the last 1 months======

2008-09-24 22:32:43 ----D---- C:\WINDOWS\Temp
2008-09-24 22:32:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-24 16:33:28 ----D---- C:\WINDOWS\system32\drivers
2008-09-24 13:07:02 ----A---- C:\WINDOWS\ModemLog_Data Modem @ CDMA(5533).txt
2008-09-24 13:04:33 ----A---- C:\WINDOWS\LEXSTAT.INI
2008-09-24 13:01:25 ----D---- C:\WINDOWS\Prefetch
2008-09-23 22:15:34 ----AD---- C:\Program Files
2008-09-22 12:05:53 ----D---- C:\Program Files\9Dragons
2008-09-22 10:41:50 ----D---- C:\Documents and Settings\Patric\Application Data\Skype
2008-09-22 10:40:36 ----D---- C:\WINDOWS
2008-09-22 10:39:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-22 10:39:52 ----D---- C:\WINDOWS\Registration
2008-09-22 10:39:45 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-09-22 10:36:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-21 22:48:49 ----D---- C:\WINDOWS\system32
2008-09-18 22:09:56 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-18 22:09:50 ----HD---- C:\WINDOWS\inf
2008-09-18 22:03:16 ----D---- C:\WINDOWS\Debug
2008-09-13 11:39:57 ----HDC---- C:\Config.Msi
2008-09-13 11:10:36 ----SHD---- C:\WINDOWS\Installer
2008-09-13 11:09:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-13 11:09:33 ----D---- C:\Program Files\iPod
2008-09-13 11:07:11 ----D---- C:\Program Files\Common Files\Apple
2008-09-12 09:18:17 ----D---- C:\WINDOWS\Help
2008-09-12 09:18:14 ----D---- C:\WINDOWS\nview
2008-09-12 09:15:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-12 09:15:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-12 09:15:05 ----DC---- C:\NVIDIA
2008-09-11 12:42:44 ----D---- C:\WINDOWS\system32\DirectX
2008-09-11 12:42:17 ----RSD---- C:\WINDOWS\assembly
2008-09-11 08:51:54 ----RSD---- C:\WINDOWS\Fonts
2008-09-10 03:00:53 ----D---- C:\WINDOWS\WinSxS
2008-09-10 03:00:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-10 03:00:28 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 06:42:05 ----A---- C:\WINDOWS\win.ini
2008-09-05 10:53:32 ----D---- C:\WINDOWS\twain_32
2008-09-05 10:45:02 ----D---- C:\Program Files\Common Files
2008-09-05 10:41:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-31 07:59:03 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-26 11:12:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-26 11:12:05 ----D---- C:\Program Files\Java
2008-08-25 21:15:36 ----D---- C:\Documents and Settings\Patric\Application Data\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2007-03-26 56232]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 BoiHwsetup;Access 32bits INT15 routine; C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 5504]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\cmo_bus.sys [2005-08-17 58352]
R3 cmo_mdfl;Data Modem @ CDMA Filter; C:\WINDOWS\system32\DRIVERS\cmo_mdfl.sys [2005-08-17 8304]
R3 cmo_mdm;Data Modem @ CDMA Drivers; C:\WINDOWS\system32\DRIVERS\cmo_mdm.sys [2005-08-17 93904]
R3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\cmo_serd.sys [2005-08-17 73696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2005-12-29 561664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-11-08 997376]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-11-08 202240]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080924.022\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080924.022\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-02 6554976]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver; C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver; C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20080923.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-02 191968]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-11-08 723712]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys []
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys []
S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SMCB000;SMSC CIR HID Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2006-01-17 15744]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Norton Save and Restore;Norton Save and Restore; C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-03-26 2111080]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-26 66872]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-07-24 1245064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-20 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-08-31 750768]

-----------------EOF-----------------



had to shorten the mess.. ( sais its too long) the info.txt will follow in next reply..

upandgone
2008-09-25, 05:43
info.txt logfile of random's system information tool 1.02 2008-09-24 22:33:21

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2010-->"C:\Program Files\Professional Bartender 2010\unins000.exe"
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
9Dragons-->MsiExec.exe /I{EB0508A0-162A-4996-85A1-00C07D33445A}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Age of Conan - Hyborian Adventures-->"C:\Program Files\Funcom\Age of Conan\unins000.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\Setup.exe" -l0x9
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon PowerShot S45 WIA-Treiber-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{938DB54D-B302-4594-A782-32219F1734AB}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IBD1HDAa.inf
Dasher-->C:\Program Files\Internet Chess Club\Dasher\Dasher-uninstall.exe
Energize-->C:\WINDOWS\Resources\Energize\Uninstaller.exe
Franklin Modem Manager UI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC7B45BC-DDE2-48C2-BF32-07EB6B977607}\setup.exe" -l0x9 -removeonly
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
GalleryPlayer Images-->C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
GameGuard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FF3672-EDE6-472D-974B-02E38D4E5EE0}\Setup.exe" -l0x9
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31\HXFSETUP.EXE -U -IBD1HDAm.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark 640 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Norton Save and Restore-->MsiExec.exe /X{B0255743-165B-4BD5-8DA8-37DFB993B101}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RioDVD Region Free Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C5CE8C0-2444-48F9-9BDF-3930680D0000}\Setup.exe"
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
Toshiba Controls Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{ACA1086B-9B62-4F80-B4B9-5659395E4F25} /l1033
TOSHIBA Manuals-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x9 -removeonly
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" -l0x9
Toshiba Touchpad Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} /l1033
Toshiba Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{099D12EC-0321-4CAC-A0CC-33D020156FCD} /l1033
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Webcam 2200-->C:\Program Files\InstallShield Installation Information\{9BF745FA-1118-44D2-9362-179DA4B27AC6}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

peku006
2008-09-25, 09:15
Hi upandgone



C:\Program Files\Adobe\Acrobat windows\Acrobat Pro 8 ML ISO\acrbt8ml\ZWT-KG\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Acrobat windows\ZWT-KG\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

If you have downloaded cracks-warez-keygenerators, the odds are you already have an infected computer.
Even visiting such a site can give your computer multiple infections.

1 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Click Exit on the Main menu to close the program


2 - Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the Kaspersky online scanner report
2. a fresh HijackThis log

Also please describe how your computer behaves at the moment.

Thanks peku006

upandgone
2008-09-25, 21:51
hi peku006

Done the first cleanup
have slight problems with kapersky; it tells me that i need java 1.5 but java tells me that i have the latest version. and i am a bit confused by their website with al the different wowload options. so i thought i ask first. Also that i have to turn of norton but norton wont let me. some help on those issues or another scan program?!?!?!
i attached a new hjt log just in case.

Thank you
Patric

peku006
2008-09-25, 22:01
Hi upandgone

Please go to F-Secure website (http://support.f-secure.com/ols3beta/start.html) to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option.
Under Other Scan Options, select these options: Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.

Thanks peku006

peku006
2008-09-30, 10:05
Hello!

Do you still need help

It has been five days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!

upandgone
2008-09-30, 23:55
Please dont close the threat...

No connection for the last few days.....
Im scanning as we speak....actually this thing has been scanning for the last 5 hrs or so.. oh well ill be back as soon as its finsihed.

Patric



...... I'LL BE BACK

peku006
2008-10-01, 08:53
Hi Patric

Ok, no problem.

upandgone
2008-10-02, 05:44
ok this was the longest scan i've ever done 15hrs but here it is.

Scanning Report
Wednesday, October 01, 2008 09:44:34 - 22:40:02
Computer name: MARYPAT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\


--------------------------------------------------------------------------------

Result: 76 malware found
Trojan-Downloader.WMA.Wimad.o (virus)
E:\iTunes Music\queensrigh sexy girl has shaking orgasm during sex.mp3 (Submitted)
Trojan-Downloader.Win32.Zlob.peo (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP514\A0143468.exe (Submitted)
Trojan.Win32.Monder.amd (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176230.dll
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176234.dll
Trojan.Win32.Monder.awl (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP575\A0171195.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP575\A0171197.dll (Submitted)
Trojan.Win32.Monder.bay (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176212.dll
Trojan.Win32.Monder.bbk (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176190.dll (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\apwktcsy.dll.vir (Submitted)
Trojan.Win32.Monder.bfd (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP568\A0159817.dll
Trojan.Win32.Monder.bhq (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176193.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP571\A0164183.dll (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\cgttjvvp.dll.vir (Submitted)
Trojan.Win32.Monder.bxs (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP573\A0170184.dll (Submitted)
Trojan.Win32.Monder.ckj (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176213.dll (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\leatiobj.dll.vir (Submitted)
Trojan.Win32.Monder.cmr (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176218.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176225.dll (Submitted)
Trojan.Win32.Monder.dwa (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP575\A0171194.dll
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP575\A0171196.dll
Trojan.Win32.Monder.dwe (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176209.dll (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\iwkfwbao.dll.vir (Submitted)
Trojan.Win32.Monder.dwg (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP557\A0151677.dll (Submitted)
Trojan.Win32.Monder.esm (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176191.dll (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\axeyxafh.dll.vir (Submitted)
Trojan.Win32.Monder.fyg (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176198.dll
C:\QooBox\Quarantine\C\WINDOWS\system32\dncxudgg.dll.vir (Submitted)
Trojan.Win32.Monder.gav (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP562\A0157227.dll (Submitted)
Trojan.Win32.Monder.gen (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176195.dll
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176196.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176204.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176208.dll
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176211.dll
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176217.dll
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176222.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176223.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176232.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP586\A0173031.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP584\A0172887.dll
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP584\A0172888.dll
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP578\A0171566.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP575\A0171189.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP574\A0170200.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0158792.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0158795.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0158796.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP567\A0158797.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP565\A0157678.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP554\A0149409.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP554\A0149433.dll
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcBQhEu.dll.vir (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\dipsooth.dll.vir (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\inbocbyc.dll.vir (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\jtwglqdl.dll.vir (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\opfuecun.dll.vir (Submitted)
Trojan.Win32.Monder.hcm (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP588\A0174101.dll (Submitted)
Trojan.Win32.Pakes.kho (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176202.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176226.dll (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\gkdefmll.dll.vir (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\sosvetsq.dll.vir (Submitted)
Vundo.gen212 (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP573\A0170183.dll (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP571\A0164184.dll (Submitted)
Vundo.gen221 (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP587\A0173055.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP584\A0172679.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP570\A0161231.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP568\A0159812.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP554\A0149385.ini (Submitted)
Vundo.gen39 (virus)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176185.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176255.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP590\A0176265.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP589\A0176118.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP589\A0176132.ini (Submitted)
C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP588\A0174109.ini (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\ggduxcnd.ini.vir (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\noabhuam.ini.vir (Submitted)
C:\QooBox\Quarantine\C\WINDOWS\system32\qbtsyoeg.ini.vir (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 478121
System: 4518
Not scanned: 339
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 76
Submitted: 62
Files not scanned:
聡x� AGEFILE.SYS
C:\WINDOWS\TEMP\JET1F0C.TMP
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_B5C.DAT
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS.BAK
C:\WINDOWS\SYSTEM32\DLA\DLAMRMSG.ISO
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.TMP.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
FILE0014.D0FFFB8D_996E_43B1_8C32_FF42F494CE70
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143789.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143791.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143792.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143793.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143794.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143795.ICO
C:\SP100V420\SP100V420.ISO
C:\PROGRAM FILES\SONIC\DLA\INSTALL\DLAMRMSG.ISO
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\cS���
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\JET1F0C.TMP
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_B5C.DAT
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS.BAK
C:\WINDOWS\SYSTEM32\DLA\DLAMRMSG.ISO
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG ~ C\x� x� YSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.TMP.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
FILE0014.D0FFFB8D_996E_43B1_8C32_FF42F494CE70
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143789.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143791.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143792.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143793.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143794.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143795.ICO
C:\SP100V420\SP100V420.ISO
C:\PROGRAM FILES\SONIC\DLA\INSTALL\DLAMRMSG.ISO
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp
C:\Program Files\���
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\JET1F0C.TMP
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_B5C.DAT
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS.BAK
C:\WINDOWS\SYSTEM32\DLA\DLAMRMSG.ISO
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.TMP.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
FILE0014.D0FFFB8D_996E_43B1_8C32_FF42F494CE70
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143789.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143791.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143792.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143793.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143794.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP519\A0143795.ICO
C:\SP100V420\SP100V420.ISO
C:\PROGRAM FILES\SONIC\DLA\INSTALL\DLAMRMSG.ISO
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skinsvery\Mi��otx� x� curityCenterdisabled3.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled4.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled4.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled5.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled5.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled6.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled6.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled7.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled7.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled8.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled8.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled9.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled9.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetcomCleaner.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetcomCleaner.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetcomCleaner1.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetcomCleaner1.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetcomCleaner2.zip\2008_04_17.log
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetcomCleaner2.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetcomCleaner3.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetcomCleaner4.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryHelper.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryHelper.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryHelper1.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip\Online Security Test.url
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare1.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare1.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare10.zip\TBProductsOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare10.zip\TBProductsOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare10.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare11.zip\ToolbarLogoOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare11.zip\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare11.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare12.zip\ToolbarSearchOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare12.zip\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare12.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare13.zip\TravelSearchOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare13.zip\TravelSearchOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare13.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare14.zip\AlertArchive.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare14.zip\WeatherOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare14.zip\WeatherOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare14.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare2.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare2.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare3.zip\BrowserSearch.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare3.zip\BrowserSearch.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare3.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare4.zip\Configurator.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare4.zip\Configurator.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare4.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare5.zip\ErrorSearchOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare5.zip\ErrorSearchOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare5.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare6.zip\ToolbarLayout.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare6.zip\ToolbarLayout.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare6.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare7.zip\ManagerOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare7.zip\ManagerOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare7.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare8.zip\ReferenceOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare8.zip\ReferenceOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare8.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare9.zip\RelatedSearchOptions.xml
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare9.zip\RelatedSearchOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StarWare9.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip\efcASlMC.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip\xxyxUnol.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip\xxyxUnol.dll_old
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx.zip\pskt.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx1.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx1.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx10.zip\pskt.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx10.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx11.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx11.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx12.zip\hdqgdijr.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx12.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx13.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx13.zip\sbRecovery.ini
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx14.zip\pskt.ini


--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-10-01
F-Secure AVP: 7.0.171, 2008-10-01
F-Secure Pegasus: 1.20.0, 2008-08-09
F-Secure Blacklight: 2.2.1092
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics


thanks again for your time

peku006
2008-10-02, 09:37
Hi upandgone

Things are looking good. Do you still notice any problems with your computer?

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to folder
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\<<< delete the contents of the folder in red

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):
E:\iTunes Music\queensrigh sexy girl has shaking orgasm during sex.mp3

upandgone
2008-10-02, 21:31
things seem to go much smoother.... An Computer service stything else i can do to get this thing
up to scratch.
Im working on a sailing boat down in the Caribbean. So there is no much chance of a proper Computerservice.

Do you want another scan to be sure or was that it.

Patric

peku006
2008-10-02, 21:46
Hi Patric

Great that your machine is running better now, the scans are fine and it looks like your machine is clean :)

Time for some housekeeping

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Clear system restore points

This is a good time to clear your existing system restore points and establish a new clean restore point:

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.


Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)


Install SpyWare Blaster 4.1
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Note:"Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:

Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note: If you are running Windows XP SP2, you should upgrade to SP3.

Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.

Happy safe surfing! :bigthumb:

upandgone
2008-10-02, 22:38
:bow: :bow: :bow:

:wav::wav::wav::wav::wav::wav::wav:

Thank you oh mighty norwegian god of labtops and other evil machines. May Thor always guide your bits and bytes. There will always be a place Cyber valhalla.

ops, sorry could'nt help it. well if that was it, then thank you again for your time and emails.

Best Regards
Patric