.dll HELL!

B

Bluheart

New member
The other night I was playing an online browser game I've played for two years. I was in Opera because I was attending to the account of someone I sit for. I only use Opera when I'm in his account so I don't confuse his with mine. I NEVER use Opera for anything else.

Suddenly my Zone Alarm said a program, e.exe, was asking permission for outbound. I thought that strange, then noticed it said this was the first time this program had asked to go outbound. I quickly denied it. :nono: Then something made me open ZA back up and check the location of that program and go change the name of it. I didn't want it to execute so I made it an .exe1 and closed it again. Then I opened it again and changed it to 225e.exe1.

I had had NOD32 installed but it had expired 2 days earlier. I was going to order new copies at a good price but it was going to take a few days to get to me. So I had installed AVG temporarily. AVG scanned it and passed it with flying colors but I wasn't impressed. So I uninstalled AVG and was attempting to install Kaspersky but by then I had .dll's firing off popups all over the place right and left with messages saying that Chrome said the image wasn't correct to check my installation disc. I couldn't do anything because I couldn't get the popups to stop. (I do NOT use IE. FF is my favorite but due to a graphics card problem right now I can't use it... long story.)

I finally got Kaspersky installed and it started picking out .dll's and putting them into quarantine. I searched on Google the name of some of them and they don't exist: gujugova.dll, mosoyami,dll, dahodozu.dll and a couple of others. Now when I reboot I get an error that says: RUNDLL Error Loading C:\System32\gujubova.dll The specified module could not be found. It also says the same thing for mosoyami.dll.

Kaspersky has me a bit confused. I don't know how to clear or quarantine these things it has found and there are A LOT of them. I keep getting popups from it of things that it has found and moved.

I don't seem to be having any more new events or should I say new names popping up now.

So that is where I stand. I'm sure I've left something out. If I think of anything important, I'll add it later.

I'll start now posting my reports.

Thanks!
Blu


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:49 AM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1f30e75d-30a5-46c1-8dec-5ebb9f71f9ed} - C:\WINDOWS\system32\yezumoyu.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a3e3b016-e65d-4c15-84f8-392f6f4bda2a} - C:\WINDOWS\system32\yezumoyu.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [000000af] rundll32.exe "C:\WINDOWS\system32\yilituze.dll",b
O4 - HKLM\..\Run: [00000e3a] rundll32.exe "C:\WINDOWS\system32\yilituze.dll",b
O4 - HKLM\..\Run: [WeatherMan] "C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [CPM03333da6] Rundll32.exe "c:\windows\system32\mosoyami.dll",a
O4 - HKLM\..\Run: [numupidawi] Rundll32.exe "C:\WINDOWS\system32\gujubova.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} (AMI DicomDir TreeView Control 2.0) - file:///H:/CDVIEWER/CdViewer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162171373921
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\windows\system32\mosoyami.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mosoyami.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mosoyami.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 11793 bytes
 
Hi Bluheart

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
 
Hi Shaba!

I'm off to run the ComboFix as you instructed. I really, really appreciate your quick response to my plea for assistance. :yahoo:

Thanks!
Blu

P.S. I determined that I must be a Conficker Zombie. I'm shocked because I've always done every update and even checked to see if there were updates when it didn't give me notices.

I found tonite that my auto updater had been turned OFF! I turned it back on and checked to see that there were no updates waiting for me.

According to Kaspersky, in the past TWO days, it has now blocked approximately 1,825 viruses, 13 trojans, and 170,743 malware. :thud: I watched the virus count increase while I was checking the totals. :sad:
 
Hi Shaba,

As you requested...


ComboFix 09-04-14.06 - c logan 04/14/2009 5:56.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.598 [GMT -5:00]
Running from: c:\documents and settings\c logan\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\start.exe
c:\windows\system32\asitelig.ini
c:\windows\system32\dadeyisi.dll
c:\windows\SYSTEM32\ezutiliy.ini
c:\windows\system32\ezutiliy.ini2
c:\windows\system32\fenobeko.dll
c:\windows\system32\giletisa.dll
c:\windows\system32\lilofati.dll
c:\windows\system32\rodalilo.dll
c:\windows\system32\yilituze.dll
c:\windows\Web\default.htt

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32


((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 08:52 . 2006-03-03 04:42 73728 ----a-w C:\pv.exe
2009-04-12 07:02 . 2009-04-12 07:03 109568 ---ha-w c:\windows\system32\BITC.tmp
2009-04-12 04:09 . 2009-04-12 05:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 04:09 . 2009-04-12 05:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 04:05 . 2009-04-14 11:00 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-12 04:05 . 2009-04-14 11:00 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-12 04:05 . 2009-04-14 11:00 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 04:05 . 2009-04-14 11:00 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 04:05 . 2009-04-12 04:05 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-11 13:19 . 2009-04-11 13:19 50 ----a-w c:\windows\Weather.Ini
2009-04-11 12:55 . 2009-04-11 12:56 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-11 11:50 . 2009-04-11 11:50 -------- d-sh--w C:\FOUND.000
2009-04-11 10:14 . 2009-04-11 10:14 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w C:\timitulo.dll
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w C:\tefupoko.dll
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w C:\lidibaju.dll
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w C:\hudukopo.dll
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w C:\yozekute.dll
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w C:\pasugusa.dll
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w C:\gulidowu.dll
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w C:\fubuveva.dll
2009-04-08 06:20 . 2009-04-08 06:20 10520 ------w c:\windows\system32\avgrsstx.dll.install_backup
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\documents and settings\c logan\Local Settings\Application Data\eMusic
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\documents and settings\c logan\Application Data\eMusic
2009-03-19 13:46 . 2009-03-19 13:46 -------- d-----w c:\documents and settings\c logan\Local Settings\Application Data\SpiralfrogClient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w c:\program files\BurnAware Free
2009-04-13 09:20 . 2009-04-13 09:20 -------- d-----w c:\program files\Trend Micro
2009-04-13 09:17 . 2009-04-13 09:17 -------- d-----w c:\program files\ERUNT
2009-04-12 07:01 . 2009-01-12 07:01 62976 --sha-w c:\windows\SYSTEM32\bimawoyo.exe
2009-04-12 07:01 . 2009-01-12 07:01 62976 --sha-w c:\windows\SYSTEM32\bimawoyo.exe
2009-04-12 05:58 . 2009-01-12 05:58 62976 --sha-w c:\windows\SYSTEM32\dujujewo.exe
2009-04-12 05:58 . 2009-01-12 05:58 62976 --sha-w c:\windows\SYSTEM32\dujujewo.exe
2009-04-12 05:35 . 2008-01-29 22:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-12 04:05 . 2009-04-12 04:05 -------- d-----w c:\program files\Kaspersky Lab
2009-04-11 23:14 . 2009-01-11 23:14 62976 --sha-w c:\windows\SYSTEM32\zorizena.exe
2009-04-11 23:14 . 2009-01-11 23:14 62976 --sha-w c:\windows\SYSTEM32\zorizena.exe
2009-04-11 14:48 . 2009-04-11 14:47 -------- d-----w c:\program files\WeatherMan
2009-04-11 13:28 . 2009-04-11 13:29 1597440 ------w c:\windows\Internet Logs\xDB17.tmp
2009-04-11 13:25 . 2009-01-11 13:25 62464 --sha-w c:\windows\SYSTEM32\yezuyaba.exe
2009-04-11 13:25 . 2009-01-11 13:25 62464 --sha-w c:\windows\SYSTEM32\yezuyaba.exe
2009-04-11 09:26 . 2009-01-11 09:26 64512 --sha-w c:\windows\SYSTEM32\tibayoze.exe
2009-04-11 09:26 . 2009-01-11 09:26 64512 --sha-w c:\windows\SYSTEM32\tibayoze.exe
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w c:\program files\yayojeka.dll
2009-04-11 08:11 . 2009-04-11 08:11 0 --sha-w c:\program files\pewofesa.dll
2009-04-11 07:30 . 2009-01-11 07:30 64512 --sha-w c:\windows\SYSTEM32\kafunepi.exe
2009-04-11 07:30 . 2009-01-11 07:30 64512 --sha-w c:\windows\SYSTEM32\kafunepi.exe
2009-04-09 05:23 . 2009-04-09 05:23 -------- d-----w c:\program files\Common Files\Skype
2009-04-02 07:13 . 2007-02-17 02:50 27551379 ------w c:\windows\Internet Logs\tvDebug.zip
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\program files\eMusic Download Manager
2009-03-19 13:46 . 2009-03-19 13:46 -------- d-----w c:\program files\SpiralFrog
2009-03-11 03:10 . 2009-03-11 03:10 -------- d-----w c:\program files\DivX
2009-03-09 10:19 . 2009-03-06 05:30 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-05 09:07 . 2009-03-05 09:07 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-02-27 13:11 . 2006-10-06 05:51 73584 ----a-w c:\documents and settings\c logan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-25 18:43 . 2009-02-25 18:43 -------- d-----w c:\program files\SpywareBlaster
2009-02-25 03:32 . 2009-02-25 03:32 -------- d-----w c:\program files\XoftSpySE
2009-02-19 05:05 . 2009-02-19 05:04 -------- d-----w c:\documents and settings\c logan\Application Data\Move Networks
2009-02-09 11:13 . 2008-10-14 23:31 1846784 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2009-02-09 11:13 . 2006-10-06 03:01 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-01-17 02:35 . 2006-10-06 02:59 3594752 ----a-w c:\windows\SYSTEM32\dllcache\mshtml.dll
2007-12-14 07:52 . 2007-12-14 07:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-10-06 02:50 . 2006-10-06 02:50 266 --sh--w c:\program files\desktop.ini
2006-10-06 02:50 . 2006-10-06 02:50 11079 ---h--w c:\program files\folder.htt
2006-08-08 21:28 . 2006-10-07 21:28 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\jar50.dll
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\myspell.dll
2008-10-06 03:2008-06-19 04:16 41:26 . c:\program files\mozilla firefox\components\spellchk.dll
2008-10-06 03:2008-06-19 04:16 41:26 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 18:02 8461312 ----a-w c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2004-08-16 917504]
"Google Update"="c:\documents and settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 968696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-12 206088]
"CPM03333da6"="c:\windows\system32\mosoyami.dll" [N/A]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\c logan\Start Menu\Programs\Startup\
MiniMinder.lnk - c:\program files\MiniMind\MiniMind.exe [2006-12-27 237568]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"iDailyDiary"="c:\progra~1\IDAILY~1\iDD.exe" /LOGMIN

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"e:\\Ultima Online 9th Anniversary Collection\\client.exe"=
"e:\\Going To Upload\\Already Uploaded\\Fun Downloads\\Utilities\\abouttime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\New Stuff\\Misc\\abouttime.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\bak\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\c logan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-12 33808]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [2001-08-10 135168]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31e4c120-54be-11db-8cf4-806d6172696f}]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1078145449-682003330-1004.job
- c:\documents and settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 13:51]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1f30e75d-30a5-46c1-8dec-5ebb9f71f9ed} - c:\windows\system32\yezumoyu.dll
BHO-{a3e3b016-e65d-4c15-84f8-392f6f4bda2a} - c:\windows\system32\yezumoyu.dll


.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\c logan\Application Data\Mozilla\Firefox\Profiles\8ayshjwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
FF - component: c:\documents and settings\c logan\Application Data\Mozilla\Firefox\Profiles\8ayshjwb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\documents and settings\c logan\Application Data\Mozilla\Firefox\Profiles\8ayshjwb.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 06:03
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ZONELABS\VSMON.EXE
c:\program files\ADOBE\PHOTOSHOP ELEMENTS 4.0\PHOTOSHOPELEMENTSFILEAGENT.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\WEATHERMAN\WEATHERMAN.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\program files\SPEED DISK\NOPDB.EXE
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 11:09

Pre-Run: 2,307,162,112 bytes free
Post-Run: 2,298,036,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

236 --- E O F --- 2009-02-26 04:07


I await your response.

Thanks! :)
 
Fresh off the press! :D:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:38 PM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WeatherMan] "C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [CPM03333da6] Rundll32.exe "c:\windows\system32\mosoyami.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} (AMI DicomDir TreeView Control 2.0) - file:///H:/CDVIEWER/CdViewer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162171373921
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 10181 bytes
 
Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\timitulo.dll
C:\tefupoko.dll
C:\lidibaju.dll
C:\hudukopo.dll
C:\yozekute.dll
C:\pasugusa.dll
C:\gulidowu.dll
C:\fubuveva.dll
c:\windows\SYSTEM32\bimawoyo.exe
c:\windows\SYSTEM32\dujujewo.exe
c:\windows\SYSTEM32\zorizena.exe
c:\windows\SYSTEM32\yezuyaba.exe
c:\windows\SYSTEM32\tibayoze.exe
c:\program files\yayojeka.dll
c:\program files\pewofesa.dll
c:\windows\SYSTEM32\kafunepi.exe

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
 
Hi Shaba,

This came with some bad and some good. It crashed my system twice during the same run. The 2nd time the notice came up, all of my icons disappeared from my desktop but it continued to run. Here is the copy of the results.

Thanks again for all you do! :)

Blu


ComboFix 09-04-15.08 - c logan 04/15/2009 0:36.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.181 [GMT -5:00]
Running from: c:\documents and settings\c logan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\c logan\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

FILE ::
C:\fubuveva.dll
C:\gulidowu.dll
C:\hudukopo.dll
C:\lidibaju.dll
C:\pasugusa.dll
c:\program files\pewofesa.dll
c:\program files\yayojeka.dll
C:\tefupoko.dll
C:\timitulo.dll
c:\windows\SYSTEM32\bimawoyo.exe
c:\windows\SYSTEM32\dujujewo.exe
c:\windows\SYSTEM32\kafunepi.exe
c:\windows\SYSTEM32\tibayoze.exe
c:\windows\SYSTEM32\yezuyaba.exe
c:\windows\SYSTEM32\zorizena.exe
C:\yozekute.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fubuveva.dll
C:\gulidowu.dll
C:\hudukopo.dll
C:\lidibaju.dll
C:\pasugusa.dll
c:\program files\pewofesa.dll
c:\program files\yayojeka.dll
C:\tefupoko.dll
C:\timitulo.dll
c:\windows\SYSTEM32\bimawoyo.exe
c:\windows\SYSTEM32\dujujewo.exe
c:\windows\system32\hehewora.dll
c:\windows\SYSTEM32\kafunepi.exe
c:\windows\SYSTEM32\tibayoze.exe
c:\windows\SYSTEM32\yezuyaba.exe
c:\windows\SYSTEM32\zorizena.exe
C:\yozekute.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-14 20:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-14 20:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 20:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-14 20:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 20:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 20:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 20:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 20:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 20:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 20:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 20:52 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 20:52 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 11:05 . 2009-04-14 05:00 70144 ----a-w c:\windows\system32\ruyoweve.dll
2009-04-14 11:05 . 2009-04-14 05:00 70144 ----a-w c:\windows\system32\dahodozu.dll
2009-04-14 11:05 . 2009-04-14 05:00 70144 ----a-w c:\windows\system32\gujubova.dll
2009-04-12 07:02 . 2009-04-12 07:03 109568 ---ha-w c:\windows\system32\BITC.tmp
2009-04-12 04:09 . 2009-04-12 05:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 04:09 . 2009-04-12 05:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 04:05 . 2009-04-15 00:48 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-12 04:05 . 2009-04-15 00:48 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-12 04:05 . 2009-04-15 00:48 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 04:05 . 2009-04-15 00:48 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 04:05 . 2009-04-12 04:05 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-11 13:19 . 2009-04-11 13:19 50 ----a-w c:\windows\Weather.Ini
2009-04-11 12:55 . 2009-04-11 12:56 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-11 11:50 . 2009-04-11 11:50 -------- d-sh--w C:\FOUND.000
2009-04-11 10:14 . 2009-04-11 10:14 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-08 06:20 . 2009-04-08 06:20 10520 ------w c:\windows\system32\avgrsstx.dll.install_backup
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\documents and settings\c logan\Local Settings\Application Data\eMusic
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\documents and settings\c logan\Application Data\eMusic
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 13:46 . 2009-03-19 13:46 -------- d-----w c:\documents and settings\c logan\Local Settings\Application Data\SpiralfrogClient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w c:\program files\BurnAware Free
2009-04-13 09:20 . 2009-04-13 09:20 -------- d-----w c:\program files\Trend Micro
2009-04-13 09:17 . 2009-04-13 09:17 -------- d-----w c:\program files\ERUNT
2009-04-12 05:35 . 2008-01-29 22:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-12 04:05 . 2009-04-12 04:05 -------- d-----w c:\program files\Kaspersky Lab
2009-04-11 14:48 . 2009-04-11 14:47 -------- d-----w c:\program files\WeatherMan
2009-04-11 13:28 . 2009-04-11 13:29 1597440 ------w c:\windows\Internet Logs\xDB17.tmp
2009-04-09 05:23 . 2009-04-09 05:23 -------- d-----w c:\program files\Common Files\Skype
2009-04-02 07:13 . 2007-02-17 02:50 27551379 ------w c:\windows\Internet Logs\tvDebug.zip
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\program files\eMusic Download Manager
2009-03-19 13:46 . 2009-03-19 13:46 -------- d-----w c:\program files\SpiralFrog
2009-03-11 03:10 . 2009-03-11 03:10 -------- d-----w c:\program files\DivX
2009-03-09 10:19 . 2009-03-06 05:30 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-06 14:22 . 2006-10-06 03:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-05 09:07 . 2009-03-05 09:07 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-03 00:18 . 2006-10-06 03:01 826368 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-03 00:18 . 2006-10-05 22:01 826368 ----a-w c:\windows\SYSTEM32\dllcache\wininet.dll
2009-02-28 04:54 . 2006-10-06 03:15 636072 ----a-w c:\windows\SYSTEM32\dllcache\iexplore.exe
2009-02-27 13:11 . 2006-10-06 05:51 73584 ----a-w c:\documents and settings\c logan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-25 18:43 . 2009-02-25 18:43 -------- d-----w c:\program files\SpywareBlaster
2009-02-25 03:32 . 2009-02-25 03:32 -------- d-----w c:\program files\XoftSpySE
2009-02-20 10:20 . 2007-05-09 19:02 13824 ------w c:\windows\SYSTEM32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-10-06 02:59 70656 ----a-w c:\windows\SYSTEM32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-10-06 02:59 161792 ----a-w c:\windows\SYSTEM32\dllcache\ieakui.dll
2009-02-19 05:05 . 2009-02-19 05:04 -------- d-----w c:\documents and settings\c logan\Application Data\Move Networks
2009-02-09 12:10 . 2006-10-06 02:59 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2006-10-06 03:00 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 12:10 . 2006-10-06 03:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2006-10-06 02:57 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 11:13 . 2008-10-14 23:31 1846784 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2009-02-09 11:13 . 2006-10-06 03:01 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-08 00:02 . 2008-10-14 23:30 2066048 ------w c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe
2009-02-08 00:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-06 11:11 . 2006-10-06 03:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:08 . 2008-10-14 23:31 2189056 ------w c:\windows\SYSTEM32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2006-10-06 03:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-14 23:31 2145280 ------w c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2006-10-06 03:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:39 . 2006-10-06 03:00 35328 ----a-w c:\windows\SYSTEM32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-14 23:30 2023936 ------w c:\windows\SYSTEM32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\SYSTEM32\dllcache\secur32.dll
2009-02-03 19:59 . 2006-10-06 03:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2007-12-14 07:52 . 2007-12-14 07:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-10-06 02:50 . 2006-10-06 02:50 266 --sh--w c:\program files\desktop.ini
2006-10-06 02:50 . 2006-10-06 02:50 11079 ---h--w c:\program files\folder.htt
2006-08-08 21:28 . 2006-10-07 21:28 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\jar50.dll
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\myspell.dll
2008-10-06 03:2008-06-19 04:16 41:26 . c:\program files\mozilla firefox\components\spellchk.dll
2008-10-06 03:2008-06-19 04:16 41:26 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_11.03.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 00:50 . 2009-04-15 00:50 16384 c:\windows\TEMP\Perflib_Perfdata_178.dat
- 2006-10-06 03:45 . 2007-07-27 14:41 26488 c:\windows\SYSTEM32\spupdsvc.exe
+ 2006-10-06 03:45 . 2008-07-09 07:38 26488 c:\windows\SYSTEM32\spupdsvc.exe
+ 2006-12-13 21:20 . 2007-11-30 12:39 17272 c:\windows\SYSTEM32\spmsg.dll
+ 2006-10-06 03:00 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\secur32.dll
+ 2006-10-06 03:00 . 2009-02-06 10:39 35328 c:\windows\SYSTEM32\sc.exe
+ 2009-04-14 11:05 . 2009-04-14 05:00 70144 c:\windows\SYSTEM32\ruyoweve.dll
+ 2006-10-06 03:00 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2006-10-06 03:00 . 2008-12-20 22:15 44544 c:\windows\SYSTEM32\pngfilt.dll
+ 2006-10-06 03:00 . 2009-04-15 00:54 67312 c:\windows\SYSTEM32\perfc009.dat
- 2006-10-06 03:00 . 2009-02-02 13:45 67312 c:\windows\SYSTEM32\perfc009.dat
- 2006-10-06 03:14 . 2008-04-14 00:12 91648 c:\windows\SYSTEM32\mtxoci.dll
+ 2006-10-06 03:14 . 2008-06-12 14:23 91648 c:\windows\SYSTEM32\mtxoci.dll
- 2006-10-06 02:59 . 2008-04-14 00:12 66560 c:\windows\SYSTEM32\mtxclu.dll
+ 2006-10-06 02:59 . 2008-06-12 14:23 66560 c:\windows\SYSTEM32\mtxclu.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 52224 c:\windows\SYSTEM32\msfeedsbs.dll
- 2006-11-08 02:03 . 2008-12-20 22:15 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2006-10-06 03:14 . 2008-06-12 14:23 58880 c:\windows\SYSTEM32\msdtclog.dll
- 2006-10-06 03:14 . 2008-04-14 00:12 58880 c:\windows\SYSTEM32\msdtclog.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 27648 c:\windows\SYSTEM32\jsproxy.dll
+ 2006-11-07 08:26 . 2009-02-20 10:20 13824 c:\windows\SYSTEM32\ieudinit.exe
- 2006-11-07 08:26 . 2008-12-19 08:10 13824 c:\windows\SYSTEM32\ieudinit.exe
- 2006-10-06 02:59 . 2008-12-20 22:15 44544 c:\windows\SYSTEM32\iernonce.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\iernonce.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 78336 c:\windows\SYSTEM32\ieencode.dll
+ 2006-10-06 02:59 . 2009-02-20 10:20 70656 c:\windows\SYSTEM32\ie4uinit.exe
- 2006-10-06 02:59 . 2008-12-19 08:10 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2006-10-17 16:58 . 2009-02-20 18:09 63488 c:\windows\SYSTEM32\icardie.dll
- 2006-10-17 16:58 . 2008-12-20 22:15 63488 c:\windows\SYSTEM32\icardie.dll
+ 2009-04-14 11:05 . 2009-04-14 05:00 70144 c:\windows\SYSTEM32\gujubova.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\dllcache\secur32.dll
+ 2006-10-06 03:00 . 2009-02-06 10:39 35328 c:\windows\SYSTEM32\dllcache\sc.exe
- 2006-10-06 03:00 . 2008-12-20 22:15 44544 c:\windows\SYSTEM32\dllcache\pngfilt.dll
+ 2006-10-06 03:00 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\SYSTEM32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\SYSTEM32\dllcache\mtxclu.dll
- 2007-05-09 19:02 . 2008-12-20 22:15 52224 c:\windows\SYSTEM32\dllcache\msfeedsbs.dll
+ 2007-05-09 19:02 . 2009-02-20 18:09 52224 c:\windows\SYSTEM32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\SYSTEM32\dllcache\msdtclog.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 27648 c:\windows\SYSTEM32\dllcache\jsproxy.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 27648 c:\windows\SYSTEM32\dllcache\jsproxy.dll
+ 2007-05-09 19:02 . 2009-02-20 10:20 13824 c:\windows\SYSTEM32\dllcache\ieudinit.exe
- 2007-05-09 19:02 . 2008-12-19 08:10 13824 c:\windows\SYSTEM32\dllcache\ieudinit.exe
+ 2006-10-06 02:59 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\dllcache\iernonce.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 44544 c:\windows\SYSTEM32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\SYSTEM32\dllcache\ieencode.dll
- 2006-10-06 02:59 . 2008-12-19 08:10 70656 c:\windows\SYSTEM32\dllcache\ie4uinit.exe
+ 2006-10-06 02:59 . 2009-02-20 10:20 70656 c:\windows\SYSTEM32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2008-12-20 22:15 63488 c:\windows\SYSTEM32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2009-02-20 18:09 63488 c:\windows\SYSTEM32\dllcache\icardie.dll
+ 2009-04-14 11:05 . 2009-04-14 05:00 70144 c:\windows\SYSTEM32\dahodozu.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-14 21:12 . 2008-12-19 08:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-14 21:12 . 2008-12-20 22:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-14 21:12 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-14 21:12 . 2008-12-19 08:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-14 21:12 . 2008-12-20 22:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2009-04-14 20:52 . 2008-05-03 11:55 2560 c:\windows\SYSTEM32\xpsp4res.dll
- 2006-10-06 03:01 . 2008-12-20 22:15 826368 c:\windows\SYSTEM32\wininet.dll
+ 2006-10-06 03:01 . 2009-03-03 00:18 826368 c:\windows\SYSTEM32\wininet.dll
- 2006-10-06 03:01 . 2008-04-14 00:12 354304 c:\windows\SYSTEM32\winhttp.dll
+ 2006-10-06 03:01 . 2008-12-16 12:30 354304 c:\windows\SYSTEM32\winhttp.dll
- 2006-10-06 03:01 . 2008-12-20 22:15 233472 c:\windows\SYSTEM32\webcheck.dll
+ 2006-10-06 03:01 . 2009-02-20 18:09 233472 c:\windows\SYSTEM32\webcheck.dll
+ 2006-10-06 03:14 . 2009-02-06 10:10 227840 c:\windows\SYSTEM32\wbem\wmiprvse.exe
+ 2006-10-06 03:14 . 2009-02-09 12:10 453120 c:\windows\SYSTEM32\wbem\wmiprvsd.dll
+ 2006-10-06 03:14 . 2009-02-09 12:10 473600 c:\windows\SYSTEM32\wbem\fastprox.dll
- 2006-10-06 03:01 . 2008-12-20 22:15 105984 c:\windows\SYSTEM32\url.dll
+ 2006-10-06 03:01 . 2009-02-20 18:09 105984 c:\windows\SYSTEM32\url.dll
+ 2006-10-06 03:00 . 2009-02-06 11:11 110592 c:\windows\SYSTEM32\services.exe
+ 2006-10-06 03:00 . 2009-02-09 12:10 401408 c:\windows\SYSTEM32\rpcss.dll
- 2006-10-06 03:00 . 2009-02-02 13:45 432356 c:\windows\SYSTEM32\perfh009.dat
+ 2006-10-06 03:00 . 2009-04-15 00:54 432356 c:\windows\SYSTEM32\perfh009.dat
- 2006-10-06 03:00 . 2008-04-14 00:12 284160 c:\windows\SYSTEM32\pdh.dll
+ 2006-10-06 03:00 . 2009-03-06 14:22 284160 c:\windows\SYSTEM32\pdh.dll
- 2006-10-06 03:00 . 2008-12-20 22:15 102912 c:\windows\SYSTEM32\occache.dll
+ 2006-10-06 03:00 . 2009-02-20 18:09 102912 c:\windows\SYSTEM32\occache.dll
+ 2006-10-06 03:00 . 2009-02-09 12:10 714752 c:\windows\SYSTEM32\ntdll.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 671232 c:\windows\SYSTEM32\mstime.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 671232 c:\windows\SYSTEM32\mstime.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 193024 c:\windows\SYSTEM32\msrating.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 193024 c:\windows\SYSTEM32\msrating.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 477696 c:\windows\SYSTEM32\mshtmled.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 477696 c:\windows\SYSTEM32\mshtmled.dll
- 2006-11-08 02:03 . 2008-12-20 22:15 459264 c:\windows\SYSTEM32\msfeeds.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 459264 c:\windows\SYSTEM32\msfeeds.dll
- 2006-10-06 03:14 . 2008-04-14 00:12 161792 c:\windows\SYSTEM32\msdtcuiu.dll
+ 2006-10-06 03:14 . 2008-06-12 14:23 161792 c:\windows\SYSTEM32\msdtcuiu.dll
+ 2006-10-06 03:14 . 2008-06-12 14:23 956928 c:\windows\SYSTEM32\msdtctm.dll
- 2006-10-06 03:14 . 2008-04-14 00:12 956928 c:\windows\SYSTEM32\msdtctm.dll
+ 2006-10-06 03:14 . 2008-06-12 14:23 428032 c:\windows\SYSTEM32\msdtcprx.dll
+ 2006-10-06 02:59 . 2009-02-09 12:10 729088 c:\windows\SYSTEM32\lsasrv.dll
- 2006-10-06 02:59 . 2008-04-14 00:11 989696 c:\windows\SYSTEM32\kernel32.dll
+ 2006-10-06 02:59 . 2009-03-21 14:06 989696 c:\windows\SYSTEM32\kernel32.dll
+ 2006-10-17 16:57 . 2009-02-20 18:09 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 385024 c:\windows\SYSTEM32\iedkcs32.dll
- 2006-10-17 16:27 . 2008-12-20 22:15 383488 c:\windows\SYSTEM32\ieapfltr.dll
+ 2006-10-17 16:27 . 2009-02-20 18:09 383488 c:\windows\SYSTEM32\ieapfltr.dll
- 2006-10-06 02:59 . 2008-12-19 04:23 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2006-10-06 02:59 . 2009-02-20 05:14 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 133120 c:\windows\SYSTEM32\extmgr.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 133120 c:\windows\SYSTEM32\extmgr.dll
- 2006-10-06 02:58 . 2008-12-20 22:15 214528 c:\windows\SYSTEM32\dxtrans.dll
+ 2006-10-06 02:58 . 2009-02-20 18:09 214528 c:\windows\SYSTEM32\dxtrans.dll
+ 2006-10-06 02:58 . 2009-02-20 18:09 347136 c:\windows\SYSTEM32\dxtmsft.dll
- 2006-10-06 02:58 . 2008-12-20 22:15 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2009-04-14 20:52 . 2008-04-21 12:08 215552 c:\windows\SYSTEM32\dllcache\wordpad.exe
+ 2009-04-14 20:53 . 2009-02-06 10:10 227840 c:\windows\SYSTEM32\dllcache\wmiprvse.exe
+ 2009-04-14 20:53 . 2009-02-09 12:10 453120 c:\windows\SYSTEM32\dllcache\wmiprvsd.dll
- 2006-10-05 22:01 . 2008-12-20 22:15 826368 c:\windows\SYSTEM32\dllcache\wininet.dll
+ 2006-10-05 22:01 . 2009-03-03 00:18 826368 c:\windows\SYSTEM32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\SYSTEM32\dllcache\winhttp.dll
- 2006-10-06 03:01 . 2008-12-20 22:15 233472 c:\windows\SYSTEM32\dllcache\webcheck.dll
+ 2006-10-06 03:01 . 2009-02-20 18:09 233472 c:\windows\SYSTEM32\dllcache\webcheck.dll
+ 2006-10-05 22:01 . 2009-02-20 18:09 105984 c:\windows\SYSTEM32\dllcache\url.dll
- 2006-10-05 22:01 . 2008-12-20 22:15 105984 c:\windows\SYSTEM32\dllcache\url.dll
+ 2009-04-14 20:53 . 2009-02-06 11:11 110592 c:\windows\SYSTEM32\dllcache\services.exe
+ 2009-04-14 20:53 . 2009-02-09 12:10 401408 c:\windows\SYSTEM32\dllcache\rpcss.dll
+ 2009-04-14 20:53 . 2009-03-06 14:22 284160 c:\windows\SYSTEM32\dllcache\pdh.dll
+ 2006-10-06 03:00 . 2009-02-20 18:09 102912 c:\windows\SYSTEM32\dllcache\occache.dll
- 2006-10-06 03:00 . 2008-12-20 22:15 102912 c:\windows\SYSTEM32\dllcache\occache.dll
+ 2009-04-14 20:53 . 2009-02-09 12:10 714752 c:\windows\SYSTEM32\dllcache\ntdll.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 671232 c:\windows\SYSTEM32\dllcache\mstime.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 671232 c:\windows\SYSTEM32\dllcache\mstime.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 193024 c:\windows\SYSTEM32\dllcache\msrating.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 193024 c:\windows\SYSTEM32\dllcache\msrating.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 477696 c:\windows\SYSTEM32\dllcache\mshtmled.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 477696 c:\windows\SYSTEM32\dllcache\mshtmled.dll
- 2007-05-09 19:02 . 2008-12-20 22:15 459264 c:\windows\SYSTEM32\dllcache\msfeeds.dll
+ 2007-05-09 19:02 . 2009-02-20 18:09 459264 c:\windows\SYSTEM32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\SYSTEM32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\SYSTEM32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\SYSTEM32\dllcache\msdtcprx.dll
+ 2009-04-14 20:53 . 2009-02-09 12:10 729088 c:\windows\SYSTEM32\dllcache\lsasrv.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\SYSTEM32\dllcache\kernel32.dll
+ 2006-10-06 03:15 . 2009-02-28 04:54 636072 c:\windows\SYSTEM32\dllcache\iexplore.exe
+ 2007-05-09 19:02 . 2009-02-20 18:09 268288 c:\windows\SYSTEM32\dllcache\iertutil.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 385024 c:\windows\SYSTEM32\dllcache\iedkcs32.dll
- 2007-05-09 19:02 . 2008-12-20 22:15 383488 c:\windows\SYSTEM32\dllcache\ieapfltr.dll
+ 2007-05-09 19:02 . 2009-02-20 18:09 383488 c:\windows\SYSTEM32\dllcache\ieapfltr.dll
+ 2006-10-06 02:59 . 2009-02-20 05:14 161792 c:\windows\SYSTEM32\dllcache\ieakui.dll
- 2006-10-06 02:59 . 2008-12-19 04:23 161792 c:\windows\SYSTEM32\dllcache\ieakui.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 230400 c:\windows\SYSTEM32\dllcache\ieaksie.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 230400 c:\windows\SYSTEM32\dllcache\ieaksie.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 153088 c:\windows\SYSTEM32\dllcache\ieakeng.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 153088 c:\windows\SYSTEM32\dllcache\ieakeng.dll
+ 2009-04-14 20:53 . 2009-02-09 12:10 473600 c:\windows\SYSTEM32\dllcache\fastprox.dll
- 2006-10-06 02:59 . 2008-12-20 22:15 133120 c:\windows\SYSTEM32\dllcache\extmgr.dll
+ 2006-10-06 02:59 . 2009-02-20 18:09 133120 c:\windows\SYSTEM32\dllcache\extmgr.dll
+ 2006-10-06 02:58 . 2009-02-20 18:09 214528 c:\windows\SYSTEM32\dllcache\dxtrans.dll
- 2006-10-06 02:58 . 2008-12-20 22:15 214528 c:\windows\SYSTEM32\dllcache\dxtrans.dll
+ 2006-10-06 02:58 . 2009-02-20 18:09 347136 c:\windows\SYSTEM32\dllcache\dxtmsft.dll
- 2006-10-06 02:58 . 2008-12-20 22:15 347136 c:\windows\SYSTEM32\dllcache\dxtmsft.dll
+ 2006-10-05 21:57 . 2009-02-20 18:09 124928 c:\windows\SYSTEM32\dllcache\advpack.dll
- 2006-10-05 21:57 . 2008-12-20 22:15 124928 c:\windows\SYSTEM32\dllcache\advpack.dll
+ 2009-04-14 20:53 . 2009-02-09 12:10 617472 c:\windows\SYSTEM32\dllcache\advapi32.dll
- 2006-10-06 02:57 . 2008-12-20 22:15 124928 c:\windows\SYSTEM32\advpack.dll
+ 2006-10-06 02:57 . 2009-02-20 18:09 124928 c:\windows\SYSTEM32\advpack.dll
- 2006-10-06 02:57 . 2008-04-14 00:11 617472 c:\windows\SYSTEM32\advapi32.dll
+ 2006-10-06 02:57 . 2009-02-09 12:10 617472 c:\windows\SYSTEM32\advapi32.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-14 21:12 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-14 21:12 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-14 21:12 . 2008-12-20 22:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-14 21:12 . 2008-12-19 04:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-14 21:12 . 2008-12-20 22:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-14 21:12 . 2008-12-19 04:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2006-10-06 03:01 . 2009-02-20 18:09 1160192 c:\windows\SYSTEM32\urlmon.dll
- 2006-10-06 03:01 . 2008-12-20 22:15 1160192 c:\windows\SYSTEM32\urlmon.dll
- 2006-10-06 03:00 . 2008-05-07 05:12 1288192 c:\windows\SYSTEM32\quartz.dll
+ 2006-10-06 03:00 . 2008-12-20 22:14 1288192 c:\windows\SYSTEM32\quartz.dll
+ 2006-10-06 03:00 . 2009-02-06 11:08 2189056 c:\windows\SYSTEM32\ntoskrnl.exe
- 2004-08-04 03:59 . 2008-08-14 09:33 2066048 c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2004-08-04 03:59 . 2009-02-08 00:02 2066048 c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2006-10-06 02:59 . 2009-02-20 18:09 3595264 c:\windows\SYSTEM32\mshtml.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 6066176 c:\windows\SYSTEM32\ieframe.dll
- 2006-09-06 04:01 . 2007-04-17 09:28 2455488 c:\windows\SYSTEM32\ieapfltr.dat
+ 2006-09-06 04:01 . 2008-07-09 14:25 2455488 c:\windows\SYSTEM32\ieapfltr.dat
- 2006-10-05 22:01 . 2008-12-20 22:15 1160192 c:\windows\SYSTEM32\dllcache\urlmon.dll
+ 2006-10-05 22:01 . 2009-02-20 18:09 1160192 c:\windows\SYSTEM32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\SYSTEM32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\SYSTEM32\dllcache\quartz.dll
+ 2008-10-14 23:31 . 2009-02-06 11:08 2189056 c:\windows\SYSTEM32\dllcache\ntoskrnl.exe
- 2008-10-14 23:30 . 2008-08-14 09:33 2023936 c:\windows\SYSTEM32\dllcache\ntkrpamp.exe
+ 2008-10-14 23:30 . 2009-02-06 10:32 2023936 c:\windows\SYSTEM32\dllcache\ntkrpamp.exe
+ 2008-10-14 23:30 . 2009-02-08 00:02 2066048 c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe
- 2008-10-14 23:30 . 2008-08-14 09:33 2066048 c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe
+ 2008-10-14 23:31 . 2009-02-06 11:06 2145280 c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe
- 2008-10-14 23:31 . 2008-08-14 10:09 2145280 c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe
+ 2006-10-06 02:59 . 2009-02-20 18:09 3595264 c:\windows\SYSTEM32\dllcache\mshtml.dll
+ 2007-05-09 19:02 . 2009-02-20 18:09 6066176 c:\windows\SYSTEM32\dllcache\ieframe.dll
- 2007-05-09 19:02 . 2007-04-17 09:28 2455488 c:\windows\SYSTEM32\dllcache\ieapfltr.dat
+ 2007-05-09 19:02 . 2008-07-09 14:25 2455488 c:\windows\SYSTEM32\dllcache\ieapfltr.dat
+ 2009-04-14 21:12 . 2008-12-20 22:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-14 21:12 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-14 21:12 . 2008-12-20 22:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-14 21:12 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2008-10-14 23:31 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-14 23:30 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 23:30 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 23:30 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 23:30 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 23:31 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-14 23:31 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-14 01:01 . 2009-04-06 14:57 24921544 c:\windows\SYSTEM32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 18:02 8461312 ----a-w c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2004-08-16 917504]
"Google Update"="c:\documents and settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 968696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-12 206088]
"CPM03333da6"="c:\windows\system32\mosoyami.dll" [N/A]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\c logan\Start Menu\Programs\Startup\
MiniMinder.lnk - c:\program files\MiniMind\MiniMind.exe [2006-12-27 237568]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"iDailyDiary"="c:\progra~1\IDAILY~1\iDD.exe" /LOGMIN

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"e:\\Ultima Online 9th Anniversary Collection\\client.exe"=
"e:\\Going To Upload\\Already Uploaded\\Fun Downloads\\Utilities\\abouttime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\New Stuff\\Misc\\abouttime.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\bak\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\c logan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-12 33808]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [2001-08-10 135168]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31e4c120-54be-11db-8cf4-806d6172696f}]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1078145449-682003330-1004.job
- c:\documents and settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 13:51]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\c logan\Application Data\Mozilla\Firefox\Profiles\8ayshjwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 00:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-15 0:44
ComboFix-quarantined-files.txt 2009-04-15 05:44
ComboFix2.txt 2009-04-14 11:09

Pre-Run: 1,687,142,400 bytes free
Post-Run: 2,043,740,160 bytes free

465 --- E O F --- 2009-04-14 21:12

~~~~~HJT File Below~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:42 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WeatherMan] "C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [CPM03333da6] Rundll32.exe "c:\windows\system32\mosoyami.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} (AMI DicomDir TreeView Control 2.0) - file:///H:/CDVIEWER/CdViewer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162171373921
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 10226 bytes
 
Looking better but still some bad files.

Run this CFScript and post back a fresh HijackThis log and a fresh combofix log, please.

Code: 
File::
c:\windows\system32\ruyoweve.dll
c:\windows\system32\dahodozu.dll
c:\windows\system32\gujubova.dl
 
Hi Shaba,

Once again... :)


ComboFix 09-04-15.08 - c logan 04/15/2009 5:01.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.176 [GMT -5:00]
Running from: c:\documents and settings\c logan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\c logan\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\dahodozu.dll
c:\windows\system32\gujubova.dl
c:\windows\system32\ruyoweve.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dahodozu.dll
c:\windows\system32\ruyoweve.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-14 20:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-14 20:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 20:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-14 20:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 20:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 20:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 20:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 20:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 20:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 20:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 20:52 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 20:52 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 07:02 . 2009-04-12 07:03 109568 ---ha-w c:\windows\system32\BITC.tmp
2009-04-12 04:09 . 2009-04-12 05:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 04:09 . 2009-04-12 05:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 04:05 . 2009-04-15 06:36 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-12 04:05 . 2009-04-15 06:36 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-12 04:05 . 2009-04-15 06:36 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 04:05 . 2009-04-15 06:36 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 04:05 . 2009-04-12 04:05 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-11 13:19 . 2009-04-11 13:19 50 ----a-w c:\windows\Weather.Ini
2009-04-11 12:55 . 2009-04-11 12:56 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-11 11:50 . 2009-04-11 11:50 -------- d-sh--w C:\FOUND.000
2009-04-11 10:14 . 2009-04-11 10:14 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-08 06:20 . 2009-04-08 06:20 10520 ------w c:\windows\system32\avgrsstx.dll.install_backup
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\documents and settings\c logan\Local Settings\Application Data\eMusic
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\documents and settings\c logan\Application Data\eMusic
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 13:46 . 2009-03-19 13:46 -------- d-----w c:\documents and settings\c logan\Local Settings\Application Data\SpiralfrogClient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 06:38 . 2007-02-17 02:50 28722327 ------w c:\windows\Internet Logs\tvDebug.zip
2009-04-15 05:57 . 2009-04-15 05:57 37533 ----a-w C:\ComboFix 2.txt
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w c:\program files\BurnAware Free
2009-04-13 09:20 . 2009-04-13 09:20 -------- d-----w c:\program files\Trend Micro
2009-04-13 09:17 . 2009-04-13 09:17 -------- d-----w c:\program files\ERUNT
2009-04-12 05:35 . 2008-01-29 22:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-12 04:05 . 2009-04-12 04:05 -------- d-----w c:\program files\Kaspersky Lab
2009-04-11 14:48 . 2009-04-11 14:47 -------- d-----w c:\program files\WeatherMan
2009-04-11 13:28 . 2009-04-11 13:29 1597440 ------w c:\windows\Internet Logs\xDB17.tmp
2009-04-09 05:23 . 2009-04-09 05:23 -------- d-----w c:\program files\Common Files\Skype
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\program files\eMusic Download Manager
2009-03-19 13:46 . 2009-03-19 13:46 -------- d-----w c:\program files\SpiralFrog
2009-03-11 03:10 . 2009-03-11 03:10 -------- d-----w c:\program files\DivX
2009-03-09 10:19 . 2009-03-06 05:30 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-06 14:22 . 2006-10-06 03:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-05 09:07 . 2009-03-05 09:07 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-03 00:18 . 2006-10-06 03:01 826368 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-03 00:18 . 2006-10-05 22:01 826368 ----a-w c:\windows\SYSTEM32\dllcache\wininet.dll
2009-02-28 04:54 . 2006-10-06 03:15 636072 ----a-w c:\windows\SYSTEM32\dllcache\iexplore.exe
2009-02-27 13:11 . 2006-10-06 05:51 73584 ----a-w c:\documents and settings\c logan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-25 18:43 . 2009-02-25 18:43 -------- d-----w c:\program files\SpywareBlaster
2009-02-25 03:32 . 2009-02-25 03:32 -------- d-----w c:\program files\XoftSpySE
2009-02-20 10:20 . 2007-05-09 19:02 13824 ------w c:\windows\SYSTEM32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-10-06 02:59 70656 ----a-w c:\windows\SYSTEM32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-10-06 02:59 161792 ----a-w c:\windows\SYSTEM32\dllcache\ieakui.dll
2009-02-19 05:05 . 2009-02-19 05:04 -------- d-----w c:\documents and settings\c logan\Application Data\Move Networks
2009-02-09 12:10 . 2006-10-06 02:59 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2006-10-06 03:00 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 12:10 . 2006-10-06 03:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2006-10-06 02:57 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 11:13 . 2008-10-14 23:31 1846784 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2009-02-09 11:13 . 2006-10-06 03:01 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-08 00:02 . 2008-10-14 23:30 2066048 ------w c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe
2009-02-08 00:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-06 11:11 . 2006-10-06 03:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:08 . 2008-10-14 23:31 2189056 ------w c:\windows\SYSTEM32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2006-10-06 03:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-14 23:31 2145280 ------w c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2006-10-06 03:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:39 . 2006-10-06 03:00 35328 ----a-w c:\windows\SYSTEM32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-14 23:30 2023936 ------w c:\windows\SYSTEM32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\SYSTEM32\dllcache\secur32.dll
2009-02-03 19:59 . 2006-10-06 03:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2007-12-14 07:52 . 2007-12-14 07:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-10-06 02:50 . 2006-10-06 02:50 266 --sh--w c:\program files\desktop.ini
2006-10-06 02:50 . 2006-10-06 02:50 11079 ---h--w c:\program files\folder.htt
2006-08-08 21:28 . 2006-10-07 21:28 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\jar50.dll
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\myspell.dll
2008-10-06 03:2008-06-19 04:16 41:26 . c:\program files\mozilla firefox\components\spellchk.dll
2008-10-06 03:2008-06-19 04:16 41:26 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-04-15_05.42.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 06:38 . 2009-04-15 06:38 16384 c:\windows\TEMP\Perflib_Perfdata_80.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 18:02 8461312 ----a-w c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2004-08-16 917504]
"Google Update"="c:\documents and settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 968696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-12 206088]
"CPM03333da6"="c:\windows\system32\mosoyami.dll" [N/A]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\c logan\Start Menu\Programs\Startup\
MiniMinder.lnk - c:\program files\MiniMind\MiniMind.exe [2006-12-27 237568]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"iDailyDiary"="c:\progra~1\IDAILY~1\iDD.exe" /LOGMIN

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"e:\\Ultima Online 9th Anniversary Collection\\client.exe"=
"e:\\Going To Upload\\Already Uploaded\\Fun Downloads\\Utilities\\abouttime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\New Stuff\\Misc\\abouttime.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\bak\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\c logan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-12 33808]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [2001-08-10 135168]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31e4c120-54be-11db-8cf4-806d6172696f}]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1078145449-682003330-1004.job
- c:\documents and settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 13:51]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\c logan\Application Data\Mozilla\Firefox\Profiles\8ayshjwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 05:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-15 5:09
ComboFix-quarantined-files.txt 2009-04-15 10:09
ComboFix2.txt 2009-04-15 05:44

Pre-Run: 1,999,945,728 bytes free
Post-Run: 1,960,574,976 bytes free

208 --- E O F --- 2009-04-14 21:12



~~~~~HJT Log~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:46 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WeatherMan] "C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [CPM03333da6] Rundll32.exe "c:\windows\system32\mosoyami.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} (AMI DicomDir TreeView Control 2.0) - file:///H:/CDVIEWER/CdViewer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162171373921
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 10264 bytes
 
I see that one of the files that has been giving me problems is still in there but it's not been on your removal list.

O4 - HKLM\..\Run: [CPM03333da6] Rundll32.exe "c:\windows\system32\mosoyami.dll",a

Every time I reboot I get a popup saying:

RUNDLL
Error Loading C:\WINDOWS\System32\mosoyami.dll
The specified module could not be found.

There had been two of them but one of them stopped some time yesterday. It was for gujubova.dll.
 
Yes that is a leftover.

You can fix it with HijackThis.

After that, please run a scan with Kaspersky and post back its log and a fresh HijackThis log.
 
Hi Shaba,

I ran a full scan since I wasn't sure what to do. I figured it was quicker to do that than to wait to ask you then do what you said. So ignore what drives you don't want.

I don't know why Kaskpersky says everything has been postponned. I'm not sure I like this program. When we are done :cleaning: my computer, I do want to talk about which programs are the worst and best.

Now on with the show...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:31 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WeatherMan] "C:\PROGRA~1\WEATHE~1\WEATHE~1.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [CPM03333da6] Rundll32.exe "c:\windows\system32\mosoyami.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} (AMI DicomDir TreeView Control 2.0) - file:///H:/CDVIEWER/CdViewer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162171373921
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 10231 bytes
 
If you see the ones on the 12th that are on my E: drive that say they are a hoax, those are fun downloads from a website I have. Kaspersky has plucked some of them out and left the majority of them yet it flagged nearly all of them at some point or another. Some it finally decided to ignore for some reason.


~~~~~Kaspersky Scan~~~~~

Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/12/2009 12:58:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\vumuravo.dll Postponed
4/12/2009 12:58:07 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\mosoyami.dll Postponed
4/12/2009 12:50:09 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\ruyoweve.dll Postponed
4/12/2009 12:49:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\hehewora.dll Postponed
4/12/2009 12:48:19 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\bokajumi.dll Postponed
4/12/2009 12:39:35 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\niyihese.dll Postponed
4/12/2009 12:39:14 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\dahodozu.dll Postponed
4/12/2009 12:37:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\gujubova.dll Postponed
4/12/2009 12:36:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\topodone.dll Postponed
Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/12/2009 2:49:11 AM Untreated: not-a-virus:AdWare.Win32.WeatherBug.a e:\new stuff\most important\wxbugsetup6.07.0.24.zip/WxBugSetup6.07.0.24.exe/WiseSFXDropper/WISE0012.BIN Skipped by user
4/12/2009 2:49:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\c logan\Local Settings\Temp\225e.exe1 Postponed
Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/12/2009 4:12:11 AM Untreated: not-a-virus:AdWare.Win32.Shopper.am e:\Music\true connect_ShareAccelerator.zip/zapu_setup_s1.exe/WISE0015.BIN/data0014/data0008 Postponed
4/12/2009 3:01:10 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\ruyoweve.dll Postponed
4/12/2009 3:01:08 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\hehewora.dll Postponed
4/12/2009 3:00:58 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\niyihese.dll Postponed
Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/12/2009 8:24:22 PM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\c logan\Local Settings\Temp\225e.exe1 Written to report
4/12/2009 8:20:59 PM Untreated: not-a-virus:AdWare.Win32.WurldMedia.a J:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165131.exe/WISE0014.BIN/WISE0013.BIN Skipped by user
4/12/2009 8:20:56 PM Untreated: not-a-virus:AdWare.Win32.Aureate J:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165122.exe/WISE0025.BIN Skipped by user
4/12/2009 8:20:53 PM Untreated: not-a-virus:AdWare.Win32.Aureate J:\DL New\gozilla39.exe/WISE0025.BIN Skipped by user
4/12/2009 8:20:48 PM Untreated: not-a-virus:AdWare.Win32.Aureate H:\mirc2\download\cutmx1032b.exe/WISE0011.BIN/advert.dll Postponed
4/12/2009 8:20:47 PM Untreated: IRC-Worm.VBS.Melith H:\mirc2\download\album.mrc Postponed
4/12/2009 8:02:04 PM Untreated: not-a-virus:AdWare.Win32.WurldMedia.a J:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165131.exe/WISE0014.BIN/WISE0013.BIN Postponed
4/12/2009 8:02:04 PM Untreated: not-a-virus:AdWare.Win32.Aureate J:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165122.exe/WISE0025.BIN Postponed
4/12/2009 7:54:22 PM Untreated: not-a-virus:AdWare.Win32.WurldMedia.a J:\New Stuff\Music DL programs\Morph20 NEW.exe/WISE0014.BIN/WISE0013.BIN Postponed
4/12/2009 7:29:36 PM Untreated: not-a-virus:AdWare.Win32.Aureate J:\DL New\gozilla39.exe/WISE0025.BIN Postponed
4/12/2009 7:21:27 PM Untreated: not-a-virus:AdWare.Win32.Aureate.a J:\Going To Upload\Already Uploaded\Fun Downloads\Thinkers\youresp.zip/youresp.exe/WISE0019.BIN Postponed
4/12/2009 7:20:57 PM Untreated: not-a-virus:AdWare.Win32.Aureate J:\Going To Upload\Already Uploaded\Fun Downloads\Utilities\octopus.zip/Setup.EXE/WISE0019.BIN Postponed
4/12/2009 7:20:36 PM Untreated: Hoax.Win32.BadJoke.Stript J:\Going To Upload\Already Uploaded\Fun Downloads\Pranks\y2kcrashsimulator.zip/y2kcrash-nt5dem1.exe Postponed
4/12/2009 7:20:35 PM Untreated: Hoax.Win16.Pornovir J:\Going To Upload\Already Uploaded\Fun Downloads\Pranks\smile.zip/smile.exe Postponed
4/12/2009 7:20:35 PM Untreated: Hoax.DOS.BadJoke.Water.a J:\Going To Upload\Already Uploaded\Fun Downloads\Pranks\relievewater.zip/water.exe/ExePack Postponed
4/12/2009 7:20:34 PM Untreated: Hoax.Win32.BadJoke.Bugs.30 J:\Going To Upload\Already Uploaded\Fun Downloads\Pranks\bug.zip/bugs.exe Postponed
4/12/2009 7:18:22 PM Untreated: Hoax.Win16.BadJoke.Stupid.a J:\Going To Upload\Already Uploaded\Fun Downloads\open.zip/Open.exe Postponed
4/12/2009 7:18:17 PM Untreated: Hoax.Win32.BadJoke.Y2KChecker J:\Going To Upload\Already Uploaded\Fun Downloads\y2k.zip/Y2k.exe Postponed
4/12/2009 7:18:11 PM Untreated: Hoax.Win32.BadJoke.MovingMouse.a J:\Going To Upload\Already Uploaded\Fun Downloads\drunkmouse.zip/DrunkMouse.exe Postponed
4/12/2009 7:17:57 PM Untreated: Hoax.Win32.BadJoke.FakeDel.n J:\Going To Upload\Already Uploaded\Fun Downloads\fakedel.zip/fake_del.exe Postponed
4/12/2009 7:10:39 PM Untreated: Trojan-Downloader.Win32.PurityScan.cq I:\Documents and Settings\Cheryl\.housecall\Quarantine\win35.tmp.exe.bac_a02116/CryptFF.b/data0002/UPX Postponed
4/12/2009 7:10:39 PM Untreated: Trojan-Downloader.Win32.Busky.gen I:\Documents and Settings\Cheryl\.housecall\Quarantine\h91746.exe.bac_a02116/CryptFF.b Postponed
4/12/2009 7:10:39 PM Untreated: Trojan-Downloader.Win32.Busky.gen I:\Documents and Settings\Cheryl\.housecall\Quarantine\A0001801.exe.bac_a02116/CryptFF.b Postponed
4/12/2009 7:10:39 PM Untreated: Trojan-Downloader.Win32.Busky.gen I:\Documents and Settings\Cheryl\.housecall\Quarantine\A0001800.exe.bac_a02116/CryptFF.b Postponed
4/12/2009 6:49:27 PM Untreated: not-a-virus:AdWare.Win32.WeatherBug.a e:\new stuff\most important\wxbugsetup6.07.0.24.zip/WxBugSetup6.07.0.24.exe/WiseSFXDropper/WISE0012.BIN Postponed
4/12/2009 6:39:42 PM Untreated: not-a-virus:AdWare.Win32.WeatherBug.a e:\new stuff\Weatherbug Install\WxBugSetup6.07.0.24.exe/WiseSFXDropper/WISE0012.BIN Postponed
4/12/2009 6:38:33 PM Untreated: not-a-virus:AdWare.Win32.WurldMedia.a e:\new stuff\Music DL programs\Morph20 NEW.exe/WISE0014.BIN/WISE0013.BIN Postponed
4/12/2009 6:33:42 PM Untreated: not-a-virus:AdWare.Win32.Shopper.am e:\Music\true connect_ShareAccelerator.zip/zapu_setup_s1.exe/WISE0015.BIN/data0014/data0008 Postponed
4/12/2009 6:32:07 PM Untreated: Hoax.Win32.BadJoke.Stript e:\Going To Upload\Already Uploaded\Fun Downloads\Pranks\y2kcrashsimulator.zip/y2kcrash-nt5dem1.exe Postponed
4/12/2009 6:32:07 PM Untreated: Hoax.Win16.Pornovir e:\Going To Upload\Already Uploaded\Fun Downloads\Pranks\smile.zip/smile.exe Postponed
4/12/2009 6:32:07 PM Untreated: Hoax.DOS.BadJoke.Water.a e:\Going To Upload\Already Uploaded\Fun Downloads\Pranks\relievewater.zip/water.exe/ExePack Postponed
4/12/2009 6:32:07 PM Untreated: Hoax.Win32.BadJoke.Bugs.30 e:\Going To Upload\Already Uploaded\Fun Downloads\Pranks\bug.zip/bugs.exe Postponed
4/12/2009 6:32:01 PM Untreated: not-a-virus:AdWare.Win32.Aureate e:\Going To Upload\Already Uploaded\Fun Downloads\Utilities\octopus.zip/Setup.EXE/WISE0019.BIN Postponed
4/12/2009 6:31:51 PM Untreated: not-a-virus:AdWare.Win32.Aureate.a e:\Going To Upload\Already Uploaded\Fun Downloads\Thinkers\youresp.zip/youresp.exe/WISE0019.BIN Postponed
4/12/2009 6:31:32 PM Untreated: Hoax.Win32.BadJoke.FakeFormat.101 e:\Going To Upload\Already Uploaded\Fun Downloads\fakefmt.zip/fakefmt.exe Postponed
4/12/2009 6:31:30 PM Untreated: Hoax.Win16.BadJoke.Stupid.a e:\Going To Upload\Already Uploaded\Fun Downloads\open.zip/Open.exe Postponed
4/12/2009 6:31:29 PM Untreated: Hoax.Win32.BadJoke.Y2KChecker e:\Going To Upload\Already Uploaded\Fun Downloads\y2k.zip/Y2k.exe Postponed
4/12/2009 6:31:26 PM Untreated: Hoax.Win32.BadJoke.MovingMouse.a e:\Going To Upload\Already Uploaded\Fun Downloads\drunkmouse.zip/DrunkMouse.exe Postponed
4/12/2009 6:31:22 PM Untreated: Hoax.Win32.BadJoke.FakeDel.n e:\Going To Upload\Already Uploaded\Fun Downloads\fakedel.zip/fake_del.exe Postponed
4/12/2009 5:38:58 PM Untreated: not-a-virus:AdWare.Win32.WeatherBug.a e:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165085.exe/WiseSFXDropper/WISE0012.BIN Postponed
4/12/2009 5:26:21 PM Untreated: not-a-virus:AdWare.Win32.AdMedia.g C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165107.dll Postponed
4/12/2009 5:19:07 PM Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\c logan\Local Settings\Temp\225e.exe1 Postponed
4/12/2009 4:29:54 PM Untreated: not-a-virus:AdWare.Win32.WeatherBug.a e:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165085.exe/WiseSFXDropper/WISE0012.BIN Postponed
4/12/2009 4:27:29 PM Untreated: not-a-virus:AdWare.Win32.AdMedia.g C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165107.dll Postponed
Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/13/2009 5:46:24 PM Untreated: not-a-virus:AdWare.Win32.WeatherBug.a E:\New Stuff\Most Important\WxBugSetup6.07.0.24.zip/WxBugSetup6.07.0.24.exe/WiseSFXDropper/WISE0012.BIN Skipped by user
4/13/2009 5:46:16 PM Untreated: not-a-virus:AdWare.Win32.WeatherBug.a E:\New Stuff\Most Important\WxBugSetup6.07.0.24.zip/WxBugSetup6.07.0.24.exe/WiseSFXDropper/WISE0012.BIN Postponed
Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/14/2009 6:36:39 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IAKCMWO7\d[1].htm Postponed
4/14/2009 6:33:55 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\ruyoweve.dll Postponed
4/14/2009 6:33:53 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\dahodozu.dll Postponed
4/14/2009 6:33:53 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\hehewora.dll Postponed
4/14/2009 6:33:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\gujubova.dll Postponed
4/14/2009 6:33:14 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\topodone.dll Postponed
Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/15/2009 1:36:04 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IAKCMWO7\d[1].htm Written to report
4/15/2009 1:35:44 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\ruyoweve.dll Written to report
4/15/2009 1:35:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\dahodozu.dll Written to report
4/15/2009 1:18:34 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IAKCMWO7\d[1].htm Postponed
4/15/2009 1:16:58 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\ruyoweve.dll Postponed
4/15/2009 1:16:54 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\dahodozu.dll Postponed
4/15/2009 1:16:42 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\gujubova.dll Postponed
Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/15/2009 9:17:17 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IAKCMWO7\d[1].htm Written to report
4/15/2009 8:42:21 AM Untreated: not-a-virus:AdWare.Win32.AdMedia.g C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165366.dll Skipped by user
4/15/2009 8:16:16 AM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ruyoweve.dll.vir Postponed
4/15/2009 8:16:16 AM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dahodozu.dll.vir Postponed
4/15/2009 8:16:14 AM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hehewora.dll.vir Postponed
4/15/2009 8:15:47 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP497\A0163737.DLL Postponed
4/15/2009 8:15:45 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP497\A0163739.dll Postponed
4/15/2009 8:15:43 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP497\A0163738.DLL Postponed
4/15/2009 8:15:14 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167334.dll Postponed
4/15/2009 8:15:12 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167336.dll Postponed
4/15/2009 8:15:10 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167335.dll Postponed
4/15/2009 8:14:56 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167140.dll Postponed
4/15/2009 8:14:18 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165498.dll Postponed
4/15/2009 8:14:14 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165497.dll Postponed
4/15/2009 8:14:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165496.dll Postponed
4/15/2009 8:14:09 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165495.dll Postponed
4/15/2009 8:14:07 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165494.dll Postponed
4/15/2009 8:14:04 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165493.dll Postponed
4/15/2009 8:14:02 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165376.dll Postponed
4/15/2009 8:13:59 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165527.dll Postponed
4/15/2009 8:13:57 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165483.dll Postponed
4/15/2009 8:13:55 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165484.dll Postponed
4/15/2009 8:13:52 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165485.dll Postponed
4/15/2009 8:13:50 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165486.dll Postponed
4/15/2009 8:13:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165487.dll Postponed
4/15/2009 8:13:45 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165488.dll Postponed
4/15/2009 8:13:42 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165374.dll Postponed
4/15/2009 8:13:40 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165375.dll Postponed
4/15/2009 8:13:37 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165354.dll Postponed
4/15/2009 8:13:35 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165360.dll Postponed
4/15/2009 8:13:33 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165363.dll Postponed
4/15/2009 8:13:30 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165362.dll Postponed
4/15/2009 8:13:27 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165359.dll Postponed
4/15/2009 8:13:25 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165356.dll Postponed
4/15/2009 8:13:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165351.dll Postponed
4/15/2009 8:13:20 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165350.dll Postponed
4/15/2009 8:13:17 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165349.dll Postponed
4/15/2009 8:13:15 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165353.dll Postponed
4/15/2009 8:13:12 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165348.dll Postponed
4/15/2009 8:13:10 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165280.dll Postponed
4/15/2009 8:13:07 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165288.dll Postponed
4/15/2009 8:13:05 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165287.dll Postponed
4/15/2009 8:13:03 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165289.dll Postponed
4/15/2009 8:13:01 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165286.dll Postponed
4/15/2009 8:12:58 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165284.dll Postponed
4/15/2009 8:12:55 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165257.dll Postponed
4/15/2009 8:12:52 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165290.dll Postponed
4/15/2009 8:12:50 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165260.dll Postponed
4/15/2009 8:12:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165259.dll Postponed
4/15/2009 8:12:43 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165261.dll Postponed
4/15/2009 8:12:41 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165273.DLL Postponed
4/15/2009 8:12:40 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165258.dll Postponed
4/15/2009 8:12:37 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165650.dll Postponed
4/15/2009 8:12:35 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165648.dll Postponed
4/15/2009 8:12:29 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165379.dll Postponed
4/15/2009 8:12:27 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165378.dll Postponed
4/15/2009 8:12:25 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165377.dll Postponed
4/15/2009 8:12:21 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165373.dll Postponed
4/15/2009 8:12:18 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165372.dll Postponed
4/15/2009 8:12:17 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165371.dll Postponed
4/15/2009 8:12:14 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165369.dll Postponed
4/15/2009 8:12:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165370.dll Postponed
4/15/2009 8:12:09 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165368.dll Postponed
4/15/2009 8:12:03 AM Untreated: not-a-virus:AdWare.Win32.AdMedia.g C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165366.dll Postponed
4/15/2009 8:12:01 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165361.dll Postponed
4/15/2009 8:11:59 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165358.dll Postponed
4/15/2009 8:11:58 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165357.dll Postponed
4/15/2009 8:11:55 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165256.dll Postponed
4/15/2009 8:11:46 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165207.dll Postponed
4/15/2009 8:11:43 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165238.dll Postponed
4/15/2009 8:11:39 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165237.dll Postponed
4/15/2009 8:11:37 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165235.dll Postponed
4/15/2009 8:11:35 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165236.dll Postponed
4/15/2009 8:11:33 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165245.dll Postponed
4/15/2009 8:11:31 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165243.dll Postponed
4/15/2009 8:11:28 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165244.dll Postponed
4/15/2009 8:11:26 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165226.dll Postponed
4/15/2009 8:11:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165075.DLL Postponed
4/15/2009 8:11:20 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165069.DLL Postponed
4/15/2009 8:11:18 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165068.DLL Postponed
4/15/2009 8:11:14 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164965.dll Postponed
4/15/2009 8:11:12 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164957.dll Postponed
4/15/2009 8:11:09 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164967.DLL Postponed
4/15/2009 8:11:00 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164953.dll Postponed
4/15/2009 8:10:57 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164950.dll Postponed
4/15/2009 8:10:56 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164948.DLL Postponed
4/15/2009 8:10:53 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164945.dll Postponed
4/15/2009 8:10:50 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164941.dll Postponed
4/15/2009 8:10:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165100.dll Postponed
4/15/2009 8:10:45 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165101.dll Postponed
4/15/2009 8:10:38 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165102.dll Postponed
4/15/2009 8:10:34 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164979.dll Postponed
4/15/2009 8:10:04 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167533.dll Postponed
4/15/2009 8:10:03 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167532.dll Postponed
4/15/2009 8:10:03 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167531.dll Postponed
4/15/2009 8:09:58 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167455.dll Postponed
4/15/2009 8:09:55 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167454.dll Postponed
4/15/2009 8:09:53 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166842.dll Postponed
4/15/2009 8:09:50 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166841.dll Postponed
4/15/2009 8:09:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166839.dll Postponed
4/15/2009 8:09:46 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166838.dll Postponed
4/15/2009 8:09:44 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166840.dll Postponed
4/15/2009 8:09:37 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165810.dll Postponed
4/15/2009 8:09:35 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165809.dll Postponed
4/15/2009 8:09:32 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165808.dll Postponed
4/15/2009 8:09:28 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165806.dll Postponed
4/15/2009 8:09:28 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165807.dll Postponed
4/15/2009 8:09:26 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165799.dll Postponed
4/15/2009 8:09:22 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165798.dll Postponed
4/15/2009 8:09:20 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165797.dll Postponed
4/15/2009 8:09:18 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165796.dll Postponed
4/15/2009 8:09:15 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165795.dll Postponed
4/15/2009 8:09:13 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165793.dll Postponed
4/15/2009 8:09:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165792.dll Postponed
4/15/2009 8:09:08 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165791.dll Postponed
4/15/2009 8:09:05 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165790.dll Postponed
4/15/2009 8:09:03 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165789.dll Postponed
4/15/2009 8:09:01 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165785.dll Postponed
4/15/2009 8:08:59 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165784.dll Postponed
4/15/2009 8:08:56 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165783.dll Postponed
4/15/2009 8:08:54 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165782.dll Postponed
4/15/2009 8:08:51 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165781.dll Postponed
4/15/2009 8:08:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165773.dll Postponed
4/15/2009 8:08:46 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165772.dll Postponed
4/15/2009 8:08:44 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165753.dll Postponed
4/15/2009 8:08:42 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165752.dll Postponed
4/15/2009 8:08:39 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165751.dll Postponed
4/15/2009 8:08:29 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165740.dll Postponed
4/15/2009 8:08:26 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165739.dll Postponed
4/15/2009 8:08:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165738.dll Postponed
4/15/2009 8:08:21 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165737.dll Postponed
4/15/2009 8:08:19 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165736.dll Postponed
4/15/2009 8:08:16 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165735.dll Postponed
4/15/2009 8:08:13 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165734.dll Postponed
4/15/2009 8:08:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165733.dll Postponed
4/15/2009 8:08:08 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165732.dll Postponed
4/15/2009 8:08:06 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165731.dll Postponed
4/15/2009 8:08:04 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165726.dll Postponed
4/15/2009 8:08:01 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165725.dll Postponed
4/15/2009 8:07:59 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165722.dll Postponed
4/15/2009 8:07:57 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165720.dll Postponed
4/15/2009 8:07:54 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165721.dll Postponed
4/15/2009 7:24:28 AM Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IAKCMWO7\d[1].htm Postponed
Full Scan: completed 4/15/2009 1:58:42 PM (events: 150, objects: 898437, time: 04:26:53)
4/15/2009 9:35:26 AM Untreated: not-a-virus:AdWare.Win32.AdMedia.g C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165366.dll Postponed
4/15/2009 9:41:23 AM Untreated: not-a-virus:AdWare.Win32.BargainBuddy.ab E:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167351.exe/ic385.cab/NSTbbi7099.exe/data0002 Postponed
4/15/2009 9:42:12 AM Untreated: not-a-virus:AdWare.Win32.BargainBuddy.ab J:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167352.exe/ic385.cab/NSTbbi7099.exe/data0002 Postponed
4/15/2009 10:25:40 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165721.dll Postponed
4/15/2009 10:25:42 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165720.dll Postponed
4/15/2009 10:25:44 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165722.dll Postponed
4/15/2009 10:25:46 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165725.dll Postponed
4/15/2009 10:25:49 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165726.dll Postponed
4/15/2009 10:25:52 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165731.dll Postponed
4/15/2009 10:25:54 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165732.dll Postponed
4/15/2009 10:25:56 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165733.dll Postponed
4/15/2009 10:25:58 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165734.dll Postponed
4/15/2009 10:26:02 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165735.dll Postponed
4/15/2009 10:26:04 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165736.dll Postponed
4/15/2009 10:26:06 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165737.dll Postponed
4/15/2009 10:26:08 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165738.dll Postponed
4/15/2009 10:26:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165739.dll Postponed
4/15/2009 10:26:13 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165740.dll Postponed
4/15/2009 10:26:16 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165751.dll Postponed
4/15/2009 10:26:19 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165752.dll Postponed
4/15/2009 10:26:21 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165753.dll Postponed
4/15/2009 10:26:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165772.dll Postponed
4/15/2009 10:26:25 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165773.dll Postponed
4/15/2009 10:26:28 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165781.dll Postponed
4/15/2009 10:26:31 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165782.dll Postponed
4/15/2009 10:26:33 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165783.dll Postponed
4/15/2009 10:26:35 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165784.dll Postponed
4/15/2009 10:26:37 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165785.dll Postponed
4/15/2009 10:26:40 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165789.dll Postponed
4/15/2009 10:26:42 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165790.dll Postponed
4/15/2009 10:26:44 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165791.dll Postponed
4/15/2009 10:26:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165792.dll Postponed
4/15/2009 10:26:50 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165793.dll Postponed
4/15/2009 10:26:52 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165795.dll Postponed
4/15/2009 10:26:54 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165796.dll Postponed
4/15/2009 10:26:57 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165797.dll Postponed
4/15/2009 10:26:59 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165798.dll Postponed
4/15/2009 10:27:02 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165799.dll Postponed
4/15/2009 10:27:04 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165806.dll Postponed
4/15/2009 10:27:06 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165807.dll Postponed
4/15/2009 10:27:08 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165808.dll Postponed
4/15/2009 10:27:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165809.dll Postponed
4/15/2009 10:27:13 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0165810.dll Postponed
4/15/2009 10:27:15 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166840.dll Postponed
4/15/2009 10:27:18 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166838.dll Postponed
4/15/2009 10:27:20 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166839.dll Postponed
4/15/2009 10:27:22 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166841.dll Postponed
4/15/2009 10:27:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP500\A0166842.dll Postponed
4/15/2009 10:27:30 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167531.dll Postponed
4/15/2009 10:27:33 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167455.dll Postponed
4/15/2009 10:27:35 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167454.dll Postponed
4/15/2009 10:27:35 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167532.dll Postponed
4/15/2009 10:27:36 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167533.dll Postponed
4/15/2009 10:28:07 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165102.dll Postponed
4/15/2009 10:28:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164979.dll Postponed
4/15/2009 10:28:16 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165101.dll Postponed
4/15/2009 10:28:19 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165100.dll Postponed
4/15/2009 10:28:21 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164941.dll Postponed
4/15/2009 10:28:25 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164945.dll Postponed
4/15/2009 10:28:27 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164948.DLL Postponed
4/15/2009 10:28:29 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164950.dll Postponed
4/15/2009 10:28:32 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164953.dll Postponed
4/15/2009 10:28:40 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164967.DLL Postponed
4/15/2009 10:28:43 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164957.dll Postponed
4/15/2009 10:28:45 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0164965.dll Postponed
4/15/2009 10:28:49 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165068.DLL Postponed
4/15/2009 10:28:51 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165069.DLL Postponed
4/15/2009 10:28:54 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165075.DLL Postponed
4/15/2009 10:28:57 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165226.dll Postponed
4/15/2009 10:28:59 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165244.dll Postponed
4/15/2009 10:29:02 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165243.dll Postponed
4/15/2009 10:29:04 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165245.dll Postponed
4/15/2009 10:29:06 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165236.dll Postponed
4/15/2009 10:29:09 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165235.dll Postponed
4/15/2009 10:29:11 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165237.dll Postponed
4/15/2009 10:29:13 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165238.dll Postponed
4/15/2009 10:29:16 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP498\A0165207.dll Postponed
4/15/2009 10:29:26 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165256.dll Postponed
4/15/2009 10:29:28 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165273.DLL Postponed
4/15/2009 10:29:30 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165258.dll Postponed
4/15/2009 10:29:31 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165261.dll Postponed
4/15/2009 10:29:33 AM Untreated: not-a-virus:AdWare.Win32.AdMedia.g C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165366.dll Postponed
4/15/2009 10:29:39 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165260.dll Postponed
4/15/2009 10:29:41 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165290.dll Postponed
4/15/2009 10:29:44 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165259.dll Postponed
4/15/2009 10:29:46 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165257.dll Postponed
4/15/2009 10:29:49 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165284.dll Postponed
4/15/2009 10:29:52 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165286.dll Postponed
4/15/2009 10:29:54 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165289.dll Postponed
4/15/2009 10:29:55 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165287.dll Postponed
4/15/2009 10:29:57 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165288.dll Postponed
4/15/2009 10:30:03 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165280.dll Postponed
4/15/2009 10:30:06 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165348.dll Postponed
4/15/2009 10:30:08 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165353.dll Postponed
4/15/2009 10:30:09 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165349.dll Postponed
4/15/2009 10:30:14 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165350.dll Postponed
4/15/2009 10:30:17 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165351.dll Postponed
4/15/2009 10:30:19 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165356.dll Postponed
4/15/2009 10:30:21 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165359.dll Postponed
4/15/2009 10:30:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165362.dll Postponed
4/15/2009 10:30:26 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165363.dll Postponed
4/15/2009 10:30:29 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165360.dll Postponed
4/15/2009 10:30:31 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165357.dll Postponed
4/15/2009 10:30:34 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165358.dll Postponed
4/15/2009 10:30:36 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165361.dll Postponed
4/15/2009 10:30:38 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165354.dll Postponed
4/15/2009 10:30:41 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165375.dll Postponed
4/15/2009 10:30:43 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165374.dll Postponed
4/15/2009 10:30:46 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165376.dll Postponed
4/15/2009 10:30:48 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165488.dll Postponed
4/15/2009 10:30:51 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165487.dll Postponed
4/15/2009 10:30:54 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165486.dll Postponed
4/15/2009 10:30:56 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165485.dll Postponed
4/15/2009 10:30:58 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165484.dll Postponed
4/15/2009 10:31:00 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165483.dll Postponed
4/15/2009 10:31:03 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165527.dll Postponed
4/15/2009 10:31:05 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165368.dll Postponed
4/15/2009 10:31:07 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165370.dll Postponed
4/15/2009 10:31:10 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165369.dll Postponed
4/15/2009 10:31:13 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165371.dll Postponed
4/15/2009 10:31:15 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165372.dll Postponed
4/15/2009 10:31:17 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165373.dll Postponed
4/15/2009 10:31:20 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165377.dll Postponed
4/15/2009 10:31:23 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165378.dll Postponed
4/15/2009 10:31:25 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165379.dll Postponed
4/15/2009 10:31:27 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165648.dll Postponed
4/15/2009 10:31:29 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165650.dll Postponed
4/15/2009 10:31:31 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165493.dll Postponed
4/15/2009 10:31:34 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165494.dll Postponed
4/15/2009 10:31:36 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165495.dll Postponed
4/15/2009 10:31:38 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165496.dll Postponed
4/15/2009 10:31:42 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165497.dll Postponed
4/15/2009 10:31:45 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP499\A0165498.dll Postponed
4/15/2009 10:32:43 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167335.dll Postponed
4/15/2009 10:32:43 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167140.dll Postponed
4/15/2009 10:32:52 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167336.dll Postponed
4/15/2009 10:32:55 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167334.dll Postponed
4/15/2009 10:33:13 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP497\A0163739.dll Postponed
4/15/2009 10:33:15 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP497\A0163737.DLL Postponed
4/15/2009 10:33:18 AM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP497\A0163738.DLL Postponed
4/15/2009 10:33:44 AM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hehewora.dll.vir Postponed
4/15/2009 10:33:46 AM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dahodozu.dll.vir Postponed
4/15/2009 10:33:47 AM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ruyoweve.dll.vir Postponed
4/15/2009 10:45:08 AM Untreated: not-a-virus:AdWare.Win32.BargainBuddy.ab E:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167351.exe/ic385.cab/NSTbbi7099.exe/data0002 Postponed
4/15/2009 11:32:11 AM Untreated: not-a-virus:AdWare.Win32.Shopper.am E:\Music\true connect_ShareAccelerator.zip/zapu_setup_s1.exe/WISE0015.BIN/data0014/data0008 Postponed
4/15/2009 11:36:59 AM Untreated: not-a-virus:AdWare.Win32.WurldMedia.a E:\New Stuff\Music DL programs\Morph20 NEW.exe/WISE0014.BIN/WISE0013.BIN Postponed
4/15/2009 12:12:14 PM Untreated: not-a-virus:AdWare.Win32.Aureate.a J:\Going To Upload\Already Uploaded\Fun Downloads\Thinkers\youresp.zip/youresp.exe/WISE0019.BIN Postponed
4/15/2009 12:30:34 PM Untreated: not-a-virus:AdWare.Win32.WurldMedia.a J:\New Stuff\Music DL programs\Morph20 NEW.exe/WISE0014.BIN/WISE0013.BIN Postponed
4/15/2009 12:38:06 PM Untreated: not-a-virus:AdWare.Win32.WurldMedia.a J:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP503\A0167552.exe/WISE0014.BIN/WISE0013.BIN Postponed
4/15/2009 12:38:07 PM Untreated: not-a-virus:AdWare.Win32.BargainBuddy.ab J:\System Volume Information\_restore{EE7BD611-D6F2-4A2A-B9FB-93DDA7D96553}\RP502\A0167352.exe/ic385.cab/NSTbbi7099.exe/data0002 Postponed
 
It depends on settings, too.

Delete these:

C:\WINDOWS\SYSTEM32\ruyoweve.dll
C:\WINDOWS\SYSTEM32\dahodozu.dll
E:\Music\true connect_ShareAccelerator.zip
E:\New Stuff\Music DL programs\Morph20 NEW.exe
J:\Going To Upload\Already Uploaded\Fun Downloads\Thinkers\youresp.zip
J:\New Stuff\Music DL programs\Morph20 NEW.exe

Empty Recycle Bin.

Other malware is in combofix quarantine or in system restore.

We will empty those later.

Still problems?
 
That true connect_ShareAccelerator.zip shows to have been created on Thursday, March 08, 2007, 2:20:39 AM, and modified Yesterday, April 15, 2009, 1:58:40 PM. I haven't downloaded anything recently except for what you have instructed me to. I'm not really sure where it came from. Needless to say, it's deleted now. I do know it's not the file that started this mess. I do think I know which one set off my fireworks.

I've had the file J:\Going To Upload\Already Uploaded\Fun Downloads\Thinkers\youresp.zip since Monday, October 18, 1999, 1:20:54 AM. this mess modified it Yesterday, April 15, 2009, 1:58:40 PM and made it a 1kb file. It's gone too now.

I can't find C:\WINDOWS\SYSTEM32\ruyoweve.dll or C:\WINDOWS\SYSTEM32\dahodozu.dll in that location or in the .dll cache folder either. I exposed that folder and peeked in there too.


I'm not having any more popups but I can tell my system is not quite back up to par yet. I have a fair amount of lagging going on for some reason. I'm having to boot a couple of times a day. I know I have a video card issue right now but this is worse than it was before I got infected.

I'm actually surprised I haven't lost more of my fun downloads programs than I have. I can always just go get them from my webpage so it's not a total loss. :bigthumb:

Thanks again for the time you are taking to help me thru this. I really do appreciate all you are doing for me. :)
 
Shaba,

I forgot, I still have this error when I reboot:


RUNDLL
Error Loading C:\WINDOWS\System32\mosoyami.dll
The specified module could not be found.


Thanks,
Blu
 
Yes you can fix this entry:

O4 - HKLM\..\Run: [CPM03333da6] Rundll32.exe "c:\windows\system32\mosoyami.dll",a

As for those two files:

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\WINDOWS\SYSTEM32\ruyoweve.dll
C:\WINDOWS\SYSTEM32\dahodozu.dll

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
 
Hi Shaba,

Well I couldn't find mosoyami.dll so rather than waste the time of waiting to ask you and then run it if you said to, I went out on a limb and put it in with the other two and ran the code. The good news is that the ones YOU put in the code are now totally gone from my computer. The bad news is that mosoyami.dll is still there. It seems to like it's home.

Now to business...


ComboFix 09-04-17.01 - c logan 04/16/2009 17:20.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.234 [GMT -5:00]
Running from: c:\documents and settings\c logan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\c logan\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\SYSTEM32\dahodozu.dll
c:\windows\SYSTEM32\mosoyami.dll
c:\windows\SYSTEM32\ruyoweve.dll
.

((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-14 20:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-14 20:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 20:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-14 20:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 20:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 20:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 20:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 20:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 20:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 20:52 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 20:52 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 20:52 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 07:02 . 2009-04-12 07:03 109568 ---ha-w c:\windows\system32\BITC.tmp
2009-04-12 04:09 . 2009-04-12 05:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 04:09 . 2009-04-12 05:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 04:05 . 2009-04-16 10:32 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-12 04:05 . 2009-04-16 10:32 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-12 04:05 . 2009-04-16 10:32 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 04:05 . 2009-04-16 10:32 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 04:05 . 2009-04-12 04:05 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-11 13:19 . 2009-04-11 13:19 50 ----a-w c:\windows\Weather.Ini
2009-04-11 12:55 . 2009-04-11 12:56 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-11 11:50 . 2009-04-11 11:50 -------- d-sh--w C:\FOUND.000
2009-04-11 10:14 . 2009-04-11 10:14 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-08 06:20 . 2009-04-08 06:20 10520 ------w c:\windows\system32\avgrsstx.dll.install_backup
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\documents and settings\c logan\Local Settings\Application Data\eMusic
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\documents and settings\c logan\Application Data\eMusic
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 13:46 . 2009-03-19 13:46 -------- d-----w c:\documents and settings\c logan\Local Settings\Application Data\SpiralfrogClient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 06:38 . 2007-02-17 02:50 28722327 ------w c:\windows\Internet Logs\tvDebug.zip
2009-04-15 05:57 . 2009-04-15 05:57 37533 ----a-w C:\ComboFix 2.txt
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w c:\program files\BurnAware Free
2009-04-13 09:20 . 2009-04-13 09:20 -------- d-----w c:\program files\Trend Micro
2009-04-13 09:17 . 2009-04-13 09:17 -------- d-----w c:\program files\ERUNT
2009-04-12 05:35 . 2008-01-29 22:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-12 04:05 . 2009-04-12 04:05 -------- d-----w c:\program files\Kaspersky Lab
2009-04-11 14:48 . 2009-04-11 14:47 -------- d-----w c:\program files\WeatherMan
2009-04-11 13:28 . 2009-04-11 13:29 1597440 ------w c:\windows\Internet Logs\xDB17.tmp
2009-04-09 05:23 . 2009-04-09 05:23 -------- d-----w c:\program files\Common Files\Skype
2009-03-11 03:10 . 2009-03-11 03:10 -------- d-----w c:\program files\DivX
2009-03-09 10:19 . 2009-03-06 05:30 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-06 14:22 . 2006-10-06 03:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-05 09:07 . 2009-03-05 09:07 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-03 00:18 . 2006-10-06 03:01 826368 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-03 00:18 . 2006-10-05 22:01 826368 ----a-w c:\windows\SYSTEM32\dllcache\wininet.dll
2009-02-28 04:54 . 2006-10-06 03:15 636072 ----a-w c:\windows\SYSTEM32\dllcache\iexplore.exe
2009-02-27 13:11 . 2006-10-06 05:51 73584 ----a-w c:\documents and settings\c logan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-25 18:43 . 2009-02-25 18:43 -------- d-----w c:\program files\SpywareBlaster
2009-02-25 03:32 . 2009-02-25 03:32 -------- d-----w c:\program files\XoftSpySE
2009-02-20 10:20 . 2007-05-09 19:02 13824 ------w c:\windows\SYSTEM32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-10-06 02:59 70656 ----a-w c:\windows\SYSTEM32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-10-06 02:59 161792 ----a-w c:\windows\SYSTEM32\dllcache\ieakui.dll
2009-02-19 05:05 . 2009-02-19 05:04 -------- d-----w c:\documents and settings\c logan\Application Data\Move Networks
2009-02-09 12:10 . 2006-10-06 02:59 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2006-10-06 03:00 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 12:10 . 2006-10-06 03:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2006-10-06 02:57 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 11:13 . 2008-10-14 23:31 1846784 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2009-02-09 11:13 . 2006-10-06 03:01 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-08 00:02 . 2008-10-14 23:30 2066048 ------w c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe
2009-02-08 00:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-06 11:11 . 2006-10-06 03:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:08 . 2008-10-14 23:31 2189056 ------w c:\windows\SYSTEM32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2006-10-06 03:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-14 23:31 2145280 ------w c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2006-10-06 03:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:39 . 2006-10-06 03:00 35328 ----a-w c:\windows\SYSTEM32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-14 23:30 2023936 ------w c:\windows\SYSTEM32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\SYSTEM32\dllcache\secur32.dll
2009-02-03 19:59 . 2006-10-06 03:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2007-12-14 07:52 . 2007-12-14 07:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-10-06 02:50 . 2006-10-06 02:50 266 --sh--w c:\program files\desktop.ini
2006-10-06 02:50 . 2006-10-06 02:50 11079 ---h--w c:\program files\folder.htt
2006-08-08 21:28 . 2006-10-07 21:28 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\jar50.dll
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-06 03:2008-06-19 04:16 41:24 . c:\program files\mozilla firefox\components\myspell.dll
2008-10-06 03:2008-06-19 04:16 41:26 . c:\program files\mozilla firefox\components\spellchk.dll
2008-10-06 03:2008-06-19 04:16 41:26 . c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-09 17:45 . 2008-08-09 17:45 32768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080920080810\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-15_05.42.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-16 10:34 . 2009-04-16 10:34 16384 c:\windows\TEMP\Perflib_Perfdata_7fc.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 18:02 8461312 ----a-w c:\windows\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2004-08-16 917504]
"Google Update"="c:\documents and settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 968696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-12 206088]
"CPM03333da6"="c:\windows\system32\mosoyami.dll" [N/A]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\c logan\Start Menu\Programs\Startup\
MiniMinder.lnk - c:\program files\MiniMind\MiniMind.exe [2006-12-27 237568]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"iDailyDiary"="c:\progra~1\IDAILY~1\iDD.exe" /LOGMIN

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"e:\\Ultima Online 9th Anniversary Collection\\client.exe"=
"e:\\Going To Upload\\Already Uploaded\\Fun Downloads\\Utilities\\abouttime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\New Stuff\\Misc\\abouttime.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\bak\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\c logan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-12 33808]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [2001-08-10 135168]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31e4c120-54be-11db-8cf4-806d6172696f}]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1078145449-682003330-1004.job
- c:\documents and settings\c logan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 13:51]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\c logan\Application Data\Mozilla\Firefox\Profiles\8ayshjwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 17:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-16 17:48
ComboFix-quarantined-files.txt 2009-04-16 22:48
ComboFix2.txt 2009-04-15 10:09
ComboFix3.txt 2009-04-15 05:44

Pre-Run: 1,793,523,712 bytes free
Post-Run: 1,601,241,088 bytes free

209 --- E O F --- 2009-04-14 21:12
 
You must log in or register to reply here.
Back
Top