Please Help! Virtumonde, MalwareAlarm (SecCenter), etc.

ComboFix 07-12-21.4 - **** 2007-12-28 13:29:57.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.207 [GMT -5:00]
Running from: C:\Documents and Settings\****\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\****\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\RetroExpress .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\pprqr.ini
C:\WINDOWS\system32\pprqr.ini2
C:\WINDOWS\system32\rqrpp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\RetroExpress .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\pprqr.ini
C:\WINDOWS\system32\pprqr.ini2
C:\WINDOWS\system32\rqrpp.dll
C:\WINDOWS\system32\rqrpp.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 13:43 . 2007-12-28 13:43 331,776 --------- C:\WINDOWS\system32\rqrpp.dll
2007-12-28 13:43 . 2007-12-28 13:45 391 --ahs---- C:\WINDOWS\system32\pprqr.ini
2007-12-27 22:44 . 2007-12-27 23:03 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-27 22:44 . 2007-12-27 23:03 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-27 22:42 . 2007-12-27 22:42 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-27 22:42 . 2007-12-28 13:45 516,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 22:42 . 2007-12-28 13:45 17,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-27 22:42 . 2007-12-28 13:40 7,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-27 22:42 . 2007-12-28 13:40 2,660 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-27 22:39 . 2007-12-27 22:39 <DIR> d-------- C:\KAV
2007-12-27 16:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-27 16:04 . 2007-12-27 16:04 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-27 14:27 . 2007-12-27 14:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 14:27 . 2007-12-27 14:27 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 11:35 . 2007-12-26 13:37 <DIR> d-------- C:\VundoFix Backups
2007-12-22 23:11 . 2007-12-22 23:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-21 23:45 . 2007-12-28 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-21 23:44 . 2007-12-21 23:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-20 21:53 . 2007-12-20 21:54 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-20 18:40 . 2007-12-20 21:46 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-12-20 18:24 . 2007-12-20 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-20 18:19 . 2007-12-20 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 18:16 . 2007-12-20 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2007-12-20 18:14 . 2007-12-27 14:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-12-20 18:13 . 2004-11-15 22:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-20 18:13 . 2004-11-16 00:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-20 18:13 . 2001-04-04 04:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2007-12-20 18:13 . 2004-11-16 00:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-20 18:13 . 2004-11-15 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-12-20 18:13 . 2004-11-16 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2007-12-20 18:13 . 2004-11-16 00:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-20 18:13 . 2005-04-23 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-12-12 21:23 . 2007-12-12 21:23 <DIR> d-------- C:\Program Files\Retrospect
2007-12-06 17:28 . 2007-12-27 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RetroExp
2007-12-06 17:24 . 2007-12-06 17:24 <DIR> d-------- C:\Program Files\Maxtor
2007-12-05 22:06 . 2007-12-05 22:06 <DIR> d-------- C:\Program Files\2BrightSparks
2007-12-02 16:53 . 2007-12-09 13:42 <DIR> d-------- C:\Program Files\F2atv_Forums
 
Last edited by a moderator:
continued from above
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 18:37 --------- d-----w C:\Program Files\QuickTime
2007-12-28 18:36 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-28 17:36 --------- d-----w C:\Program Files\Notebook Maximizer
2007-12-28 17:36 --------- d-----w C:\Program Files\ltmoh
2007-12-28 17:35 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-12-28 04:35 94,208 ----a-w C:\WINDOWS\SM1BG.EXE
2007-12-27 21:06 --------- d-----w C:\Program Files\Java
2007-12-27 20:29 430,592 ----a-w C:\WINDOWS\MXOALDR.EXE
2007-12-27 20:15 --------- d-----w C:\Documents and Settings\****\Application Data\ScanSoft
2007-12-27 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-12-27 20:11 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-27 20:01 --------- d-----w C:\Program Files\ScanSoft
2007-12-27 19:20 --------- d-----w C:\Program Files\Intel
2007-12-27 19:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intel
2007-12-27 19:19 --------- d-----w C:\Documents and Settings\****\Application Data\Intel
2007-12-27 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-23 04:50 --------- d-----w C:\Documents and Settings\****\Application Data\BitTorrent DNA
2007-12-22 19:15 --------- d-----w C:\Program Files\Trend Micro
2007-12-19 13:53 --------- d-----w C:\Program Files\eMule
2007-12-19 03:47 --------- d-----w C:\Documents and Settings\****\Application Data\BitTorrent
2007-12-06 22:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 04:32 --------- d-----w C:\Program Files\VideoLAN
2007-11-18 20:14 --------- d-----w C:\Program Files\iNav
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 19:21 --------- d-----w C:\Program Files\PdaNet for Windows Mobile
2007-11-07 22:15 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-07 22:07 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-07 22:05 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 14:02 --------- d-----w C:\Program Files\BitTorrent
2007-11-07 13:47 --------- d-----w C:\Program Files\eDonkey2000
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-07-02 20:41 630,784 ----a-w C:\Documents and Settings\****\GoToAssist_chat2way__317_en.exe
2006-07-26 23:53 557,056 ----a-w C:\Documents and Settings\****\chatlnk.exe
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_20.40.45.99 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-04-24 00:42:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-28 03:57:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-04-24 00:42:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-28 03:57:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-04-24 00:42:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-28 03:57:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-22 18:59:54 122,939 ----a-w C:\WINDOWS\system32\dla\tfswctrl .exe
+ 2007-12-28 18:43:26 122,939 ----a-w C:\WINDOWS\system32\dla\tfswctrl .exe
+ 2007-12-28 18:30:29 484,864 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe
+ 2007-04-28 21:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-12-28 04:05:07 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 19:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 17:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
- 2007-04-10 00:33:01 200,936 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-27 20:22:14 200,144 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-11-16 05:04:46 49,245 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-11-16 05:04:46 49,247 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2004-11-16 05:04:46 127,075 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-06-28 17:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
- 2007-12-22 19:00:29 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe
+ 2007-12-28 18:43:31 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe
+ 2007-12-28 18:44:09 525,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABE4F29A-F6DD-43A8-B7CC-B67F71896333}]
2007-12-28 13:43 331776 --------- C:\WINDOWS\system32\rqrpp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"OfotoNow USB Detection"="C:\WINDOWS\system32\RunDLL32.exe" [2004-08-04 07:00]
"SpriteService"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
"NDSTray.exe"="NDSTray.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 17:37 C:\WINDOWS\agrsmmsg.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-28 13:30]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2004-08-27 12:34 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2007-12-28 13:43]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2007-12-28 13:44]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-28 13:44]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

C:\Documents and Settings\****\Start Menu\Programs\Startup\
Anapod Manager.lnk - C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [2006-12-05 01:15:34]
PdaNet Desktop.lnk - C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe [2007-11-12 14:21:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-12-07 22:02:24]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\rqrpp.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\rqrpp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-05-24 07:47 49152 --a------ C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 11:58 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-03-09 19:10 11776 --a------ C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware14]
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-03-08 21:13 1695744 --a------ C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
2007-08-23 07:24 8793064 --a------ C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkFlowTray]
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2005-03-08 21:05]
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys [2005-03-08 20:54]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;"C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe" [2006-08-28 00:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-09-28 15:32]
S3 pgfilter;pgfilter;C:\Program Files\PeerGuardian2\pgfilter.sys [2005-09-18 18:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de021171-b460-11d9-bb13-000e35f2ff28}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a2970d-d3f7-11da-bba5-000e35f2ff28}]
\Shell\AutoRun\command - setupSNK.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 13:45:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\pprqr.ini2 391 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
-> C:\WINDOWS\system32\rqrpp.dll
.
Completion time: 2007-12-28 13:48:39 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-28 12:59
C:\ComboFix3.txt ... 2007-12-28 11:00
.
2007-12-21 14:19:06 --- E O F ---
 
Last edited by a moderator:
Code: 
Ran on Fri 12/28/2007 - 13:49:21.17

----a-w         1,077,301 2007-12-28 18:43:33  C:\Program Files\TOSHIBA\Touch and Launch\PadExe .exe
----a-w           122,939 2007-12-28 18:43:26  C:\WINDOWS\system32\dla\tfswctrl .exe
----a-w           188,416 2007-12-28 18:43:31  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe

 Entries:                3  (3)
 Directories:            0  Files:             3
 Bytes:          1,388,656  Blocks:        2,714




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:37 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\HijackThis\psywzrd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
F3 - REG:win.ini: load=C:\WINDOWS\system32\rqrpp.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {ABE4F29A-F6DD-43A8-B7CC-B67F71896333} - C:\WINDOWS\system32\rqrpp.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless Sync Client.lnk = C:\Program Files\Wireless Sync\Client\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6793 bytes
 
Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Rootkit::
C:\WINDOWS\system32\pprqr.ini2

File::
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\rqrpp.dll
C:\WINDOWS\system32\pprqr.ini

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"=-
"PadTouch"=-
"HPDJ Taskbar Utility"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABE4F29A-F6DD-43A8-B7CC-B67F71896333}]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Re-run RenV.

Post:

- a fresh HijackThis log
- RenV log
- combofix report
 
Does it matter what order I run these in? I was planning on running ComboFix first, then RenV, then HJT. Is that ok?
 
ComboFix 07-12-21.4 - **** 2007-12-28 14:18:47.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.206 [GMT -5:00]
Running from: C:\Documents and Settings\****\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\****\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\pprqr.ini
C:\WINDOWS\system32\rqrpp.dll
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\TOSHIBA\Touch and Launch\PadExe .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\pprqr.ini
C:\WINDOWS\system32\pprqr.ini2
C:\WINDOWS\system32\rqrpp.dll
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 14:19 . 2007-12-28 14:19 335,360 --a------ C:\WINDOWS\system32\rqrpp.exe
2007-12-27 22:44 . 2007-12-27 23:03 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-27 22:44 . 2007-12-27 23:03 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-27 22:42 . 2007-12-27 22:42 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-27 22:42 . 2007-12-28 14:29 546,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 22:42 . 2007-12-28 14:27 20,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-27 22:42 . 2007-12-28 14:27 8,372 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-27 22:42 . 2007-12-28 14:27 2,924 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-27 22:39 . 2007-12-27 22:39 <DIR> d-------- C:\KAV
2007-12-27 16:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-27 16:04 . 2007-12-27 16:04 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-27 14:27 . 2007-12-27 14:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 14:27 . 2007-12-27 14:27 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 11:35 . 2007-12-26 13:37 <DIR> d-------- C:\VundoFix Backups
2007-12-22 23:11 . 2007-12-22 23:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-21 23:45 . 2007-12-28 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-21 23:44 . 2007-12-21 23:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-20 21:53 . 2007-12-20 21:54 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-20 18:40 . 2007-12-20 21:46 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-12-20 18:24 . 2007-12-20 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-20 18:19 . 2007-12-20 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 18:16 . 2007-12-20 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2007-12-20 18:14 . 2007-12-27 14:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-12-20 18:13 . 2004-11-15 22:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-20 18:13 . 2004-11-16 00:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-20 18:13 . 2001-04-04 04:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2007-12-20 18:13 . 2004-11-16 00:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-20 18:13 . 2004-11-15 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-12-20 18:13 . 2004-11-16 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2007-12-20 18:13 . 2004-11-16 00:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-20 18:13 . 2005-04-23 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-12-12 21:23 . 2007-12-12 21:23 <DIR> d-------- C:\Program Files\Retrospect
2007-12-06 17:28 . 2007-12-27 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RetroExp
2007-12-06 17:24 . 2007-12-06 17:24 <DIR> d-------- C:\Program Files\Maxtor
2007-12-05 22:06 . 2007-12-05 22:06 <DIR> d-------- C:\Program Files\2BrightSparks
2007-12-02 16:53 . 2007-12-09 13:42 <DIR> d-------- C:\Program Files\F2atv_Forums

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 18:37 --------- d-----w C:\Program Files\QuickTime
2007-12-28 18:36 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-28 17:36 --------- d-----w C:\Program Files\Notebook Maximizer
2007-12-28 17:36 --------- d-----w C:\Program Files\ltmoh
2007-12-28 17:35 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-12-28 04:35 94,208 ----a-w C:\WINDOWS\SM1BG.EXE
2007-12-27 21:06 --------- d-----w C:\Program Files\Java
2007-12-27 20:29 430,592 ----a-w C:\WINDOWS\MXOALDR.EXE
2007-12-27 20:15 --------- d-----w C:\Documents and Settings\****\Application Data\ScanSoft
2007-12-27 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-12-27 20:11 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-27 20:01 --------- d-----w C:\Program Files\ScanSoft
2007-12-27 19:20 --------- d-----w C:\Program Files\Intel
2007-12-27 19:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intel
2007-12-27 19:19 --------- d-----w C:\Documents and Settings\****\Application Data\Intel
2007-12-27 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-23 04:50 --------- d-----w C:\Documents and Settings\****\Application Data\BitTorrent DNA
2007-12-22 19:15 --------- d-----w C:\Program Files\Trend Micro
2007-12-19 13:53 --------- d-----w C:\Program Files\eMule
2007-12-19 03:47 --------- d-----w C:\Documents and Settings\****\Application Data\BitTorrent
2007-12-06 22:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 04:32 --------- d-----w C:\Program Files\VideoLAN
2007-11-18 20:14 --------- d-----w C:\Program Files\iNav
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 19:21 --------- d-----w C:\Program Files\PdaNet for Windows Mobile
2007-11-07 22:15 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-07 22:07 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-07 22:05 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 14:02 --------- d-----w C:\Program Files\BitTorrent
2007-11-07 13:47 --------- d-----w C:\Program Files\eDonkey2000
2007-07-02 20:41 630,784 ----a-w C:\Documents and Settings\****\GoToAssist_chat2way__317_en.exe
2006-07-26 23:53 557,056 ----a-w C:\Documents and Settings\****\chatlnk.exe
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_20.40.45.99 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-04-24 00:42:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-28 03:57:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-04-24 00:42:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-28 03:57:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-04-24 00:42:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-28 03:57:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-28 21:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-12-28 04:05:07 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 19:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 17:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
- 2007-04-10 00:33:01 200,936 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-27 20:22:14 200,144 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-11-16 05:04:46 49,245 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-11-16 05:04:46 49,247 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2004-11-16 05:04:46 127,075 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-06-28 17:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD28BF7F-017F-4885-ABBC-406C3096AEEA}]
2007-12-28 14:30 331776 --a------ C:\WINDOWS\system32\rqrpp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"OfotoNow USB Detection"="C:\WINDOWS\system32\RunDLL32.exe" [2004-08-04 07:00]
"SpriteService"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
"NDSTray.exe"="NDSTray.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 17:37 C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2004-08-27 12:34 C:\WINDOWS\system32\TPSMain.exe]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-28 14:31]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

C:\Documents and Settings\****\Start Menu\Programs\Startup\
Anapod Manager.lnk - C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [2006-12-05 01:15:34]
PdaNet Desktop.lnk - C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe [2007-11-12 14:21:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-12-07 22:02:24]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\rqrpp.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\rqrpp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-05-24 07:47 49152 --a------ C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 11:58 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-03-09 19:10 11776 --a------ C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware14]
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-03-08 21:13 1695744 --a------ C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
2007-08-23 07:24 8793064 --a------ C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkFlowTray]
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2005-03-08 21:05]
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys [2005-03-08 20:54]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;"C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe" [2006-08-28 00:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-09-28 15:32]
S3 pgfilter;pgfilter;C:\Program Files\PeerGuardian2\pgfilter.sys [2005-09-18 18:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de021171-b460-11d9-bb13-000e35f2ff28}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a2970d-d3f7-11da-bba5-000e35f2ff28}]
\Shell\AutoRun\command - setupSNK.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 14:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\pprqr.ini2 319 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-12-28 14:34:42 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-28 13:48
C:\ComboFix3.txt ... 2007-12-28 12:59
.
2007-12-21 14:19:06 --- E O F ---
 
Last edited by a moderator:
Code: 
Ran on Fri 12/28/2007 - 14:35:35.43

----a-w           132,496 2007-12-28 19:30:23  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe

 Entries:                1  (1)
 Directories:            0  Files:             1
 Bytes:            132,496  Blocks:          259




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:39 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\psywzrd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
F3 - REG:win.ini: load=C:\WINDOWS\system32\rqrpp.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BD28BF7F-017F-4885-ABBC-406C3096AEEA} - C:\WINDOWS\system32\rqrpp.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless Sync Client.lnk = C:\Program Files\Wireless Sync\Client\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6519 bytes
 
Hi

Almost there.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Rootkit::
C:\WINDOWS\system32\pprqr.ini2

File::
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\rqrpp.exe
C:\WINDOWS\system32\rqrpp.dll

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD28BF7F-017F-4885-ABBC-406C3096AEEA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ComboFix 07-12-21.4 - **** 2007-12-28 14:52:50.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.219 [GMT -5:00]
Running from: C:\Documents and Settings\****\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\****\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\rqrpp.dll
C:\WINDOWS\system32\rqrpp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\pprqr.ini
C:\WINDOWS\system32\pprqr.ini2
C:\WINDOWS\system32\rqrpp.dll
C:\WINDOWS\system32\rqrpp.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-27 22:44 . 2007-12-27 23:03 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-27 22:44 . 2007-12-27 23:03 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-27 22:42 . 2007-12-27 22:42 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-27 22:42 . 2007-12-28 15:02 571,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 22:42 . 2007-12-28 15:00 22,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-27 22:42 . 2007-12-28 15:00 8,684 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-27 22:42 . 2007-12-28 15:00 3,140 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-27 22:39 . 2007-12-27 22:39 <DIR> d-------- C:\KAV
2007-12-27 16:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-27 16:04 . 2007-12-27 16:04 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-27 14:27 . 2007-12-27 14:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 14:27 . 2007-12-27 14:27 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 11:35 . 2007-12-26 13:37 <DIR> d-------- C:\VundoFix Backups
2007-12-22 23:11 . 2007-12-22 23:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-21 23:45 . 2007-12-28 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-21 23:44 . 2007-12-21 23:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-20 21:53 . 2007-12-20 21:54 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-20 18:40 . 2007-12-20 21:46 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-12-20 18:24 . 2007-12-20 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-20 18:19 . 2007-12-20 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 18:16 . 2007-12-20 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2007-12-20 18:14 . 2007-12-27 14:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-12-20 18:13 . 2004-11-15 22:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-20 18:13 . 2004-11-16 00:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-20 18:13 . 2001-04-04 04:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2007-12-20 18:13 . 2004-11-16 00:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-20 18:13 . 2004-11-15 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-12-20 18:13 . 2004-11-16 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2007-12-20 18:13 . 2004-11-16 00:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-20 18:13 . 2005-04-23 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-12-12 21:23 . 2007-12-12 21:23 <DIR> d-------- C:\Program Files\Retrospect
2007-12-06 17:28 . 2007-12-27 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RetroExp
2007-12-06 17:24 . 2007-12-06 17:24 <DIR> d-------- C:\Program Files\Maxtor
2007-12-05 22:06 . 2007-12-05 22:06 <DIR> d-------- C:\Program Files\2BrightSparks
2007-12-02 16:53 . 2007-12-09 13:42 <DIR> d-------- C:\Program Files\F2atv_Forums

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 18:37 --------- d-----w C:\Program Files\QuickTime
2007-12-28 18:36 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-28 17:36 --------- d-----w C:\Program Files\Notebook Maximizer
2007-12-28 17:36 --------- d-----w C:\Program Files\ltmoh
2007-12-28 17:35 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-12-28 04:35 94,208 ----a-w C:\WINDOWS\SM1BG.EXE
2007-12-27 21:06 --------- d-----w C:\Program Files\Java
2007-12-27 20:29 430,592 ----a-w C:\WINDOWS\MXOALDR.EXE
2007-12-27 20:15 --------- d-----w C:\Documents and Settings\****\Application Data\ScanSoft
2007-12-27 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-12-27 20:11 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-27 20:01 --------- d-----w C:\Program Files\ScanSoft
2007-12-27 19:20 --------- d-----w C:\Program Files\Intel
2007-12-27 19:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intel
2007-12-27 19:19 --------- d-----w C:\Documents and Settings\****\Application Data\Intel
2007-12-27 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-23 04:50 --------- d-----w C:\Documents and Settings****\Application Data\BitTorrent DNA
2007-12-22 19:15 --------- d-----w C:\Program Files\Trend Micro
2007-12-19 13:53 --------- d-----w C:\Program Files\eMule
2007-12-19 03:47 --------- d-----w C:\Documents and Settings\****\Application Data\BitTorrent
2007-12-06 22:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 04:32 --------- d-----w C:\Program Files\VideoLAN
2007-11-18 20:14 --------- d-----w C:\Program Files\iNav
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 19:21 --------- d-----w C:\Program Files\PdaNet for Windows Mobile
2007-11-07 22:15 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-07 22:07 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-07 22:05 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-07 14:02 --------- d-----w C:\Program Files\BitTorrent
2007-11-07 13:47 --------- d-----w C:\Program Files\eDonkey2000
2007-07-02 20:41 630,784 ----a-w C:\Documents and Settings\****\GoToAssist_chat2way__317_en.exe
2006-07-26 23:53 557,056 ----a-w C:\Documents and Settings\****\chatlnk.exe
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_20.40.45.99 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-04-24 00:42:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-28 03:57:21 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-04-24 00:42:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-28 03:57:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-04-24 00:42:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-28 03:57:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-28 21:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-12-28 04:05:07 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 19:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 17:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
- 2007-04-10 00:33:01 200,936 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-27 20:22:14 200,144 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-11-16 05:04:46 49,245 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2004-11-16 05:04:46 49,247 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2004-11-16 05:04:46 127,075 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-06-28 17:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"OfotoNow USB Detection"="C:\WINDOWS\system32\RunDLL32.exe" [2004-08-04 07:00]
"SpriteService"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
"NDSTray.exe"="NDSTray.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 17:37 C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2004-08-27 12:34 C:\WINDOWS\system32\TPSMain.exe]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

C:\Documents and Settings\Start Menu\Programs\Startup\
Anapod Manager.lnk - C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [2006-12-05 01:15:34]
PdaNet Desktop.lnk - C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe [2007-11-12 14:21:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-12-07 22:02:24]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-05-24 07:47 49152 --a------ C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 11:58 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-03-09 19:10 11776 --a------ C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware14]
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-03-08 21:13 1695744 --a------ C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
2007-08-23 07:24 8793064 --a------ C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkFlowTray]
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2005-03-08 21:05]
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys [2005-03-08 20:54]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;"C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe" [2006-08-28 00:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-09-28 15:32]
S3 pgfilter;pgfilter;C:\Program Files\PeerGuardian2\pgfilter.sys [2005-09-18 18:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de021171-b460-11d9-bb13-000e35f2ff28}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a2970d-d3f7-11da-bba5-000e35f2ff28}]
\Shell\AutoRun\command - setupSNK.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 15:03:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 15:06:18 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-28 14:34
C:\ComboFix3.txt ... 2007-12-28 13:48
.
2007-12-21 14:19:06 --- E O F ---
 
Last edited by a moderator:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:08 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\psywzrd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless Sync Client.lnk = C:\Program Files\Wireless Sync\Client\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6226 bytes
 
Hi

That looks good :)

Re-scan with kaspersky online scan.

Post:

- a fresh HijackThis log
- kaspersky report
 
Kaspersky still seems to be finding a lot of problems - hopefully there's an easy way to clean those up without messing anything up. The Kapsersky log is way too long to post (almost 93000 characters). Should I just attach it? Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:39 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\psywzrd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless Sync Client.lnk = C:\Program Files\Wireless Sync\Client\ClientShell.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6226 bytes
 
Hi

First you can try to edit out all lines with object locked skipped.

If no, please attach it.
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 29, 2007 1:05:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/12/2007
Kaspersky Anti-Virus database records: 499833
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
Z:\

Scan Statistics:
Total number of scanned objects: 74437
Number of viruses found: 7
Number of infected objects: 570
Number of suspicious objects: 0
Duration of the scan process: 02:26:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\image5[1].gif.bac_a01008 Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\TMP129.tmp.bac_a01008 Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\TMP200B.tmp.bac_a01008 Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\TMP206F.tmp.bac_a01008 Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\TMP20D2.tmp.bac_a01008 Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\win1F8E.tmp .exe.bac_a01008 Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\win1F8E.tmp .exe.bac_a01008 Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\win1F8E.tmp.exe.bac_a01008 Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\win206F.tmp.exe.bac_a01008 Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Documents and Settings\****\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2df40f00-36d53853.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\****\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2df40f00-36d53853.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\****\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2df40f00-36d53853.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\****\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2df40f00-36d53853.zip ZIP: infected - 3 skipped
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Program Files\Messenger\msmsgs.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Program Files\QuickTime\qttask.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\Smax4 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dla\tfswctrl.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drvweg.dll.vir Infected: Trojan.Win32.Dialer.yz skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ljjkjgf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cln skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\OLD54.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX8C.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rqrpp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
 
Last edited by a moderator:
C:\qoobox\Quarantine\C\WINDOWS\system32\rqrpp.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\catchme2007-12-24_203800.27.zip/rqrpp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
C:\qoobox\Quarantine\catchme2007-12-24_203800.27.zip/xxyyvuv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cln skipped
C:\qoobox\Quarantine\catchme2007-12-24_203800.27.zip ZIP: infected - 2 skipped
C:\qoobox\Quarantine\catchme2007-12-27_154140.12.zip/rqrpp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
C:\qoobox\Quarantine\catchme2007-12-27_154140.12.zip ZIP: infected - 1 skipped
C:\qoobox\Quarantine\catchme2007-12-28_105142.96.zip/rqrpp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\catchme2007-12-28_105142.96.zip ZIP: infected - 1 skipped
C:\qoobox\Quarantine\catchme2007-12-28_125335.66.zip/rqrpp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
C:\qoobox\Quarantine\catchme2007-12-28_125335.66.zip ZIP: infected - 1 skipped
C:\SDFix\backups_old1\backups.zip/backups/ctfmon.exe.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\SDFix\backups_old1\backups.zip/backups/spoolsv.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\SDFix\backups_old1\backups.zip ZIP: infected - 2 skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100169.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100170.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100171.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100172.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100176.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100177.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100190.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100191.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100193.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100194.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100195.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100196.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100197.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100198.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100199.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100200.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100201.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100202.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100203.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100205.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100206.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100207.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100208.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100209.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100210.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100211.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100212.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100213.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100215.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100218.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100293.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100296.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100297.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100298.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100299.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100300.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100301.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100302.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100304.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100305.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100306.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100307.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100308.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100309.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100311.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100312.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100313.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100314.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100315.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
 
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100321.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100328.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100329.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100330.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100331.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100333.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100334.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100335.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100336.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100337.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100338.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100339.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100340.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100342.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100343.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100345.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100346.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100347.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100348.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100349.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100351.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100353.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100355.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100360.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0100361.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101329.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101330.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101331.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101332.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101333.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101334.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101335.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101336.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101337.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101338.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101339.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101340.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101341.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101342.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101344.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101345.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101346.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101347.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101348.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101349.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101350.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101351.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101352.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1000\A0101353.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101408.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101421.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101422.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101423.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101424.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101425.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101426.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101427.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101428.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101429.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101430.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101431.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101432.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101433.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101434.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101435.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101436.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101437.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101438.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101439.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101440.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101441.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101443.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1001\A0101445.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101519.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101520.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101522.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101523.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101524.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101525.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101526.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101527.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101528.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101529.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101531.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101576.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101577.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101578.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101579.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101580.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101581.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101582.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101583.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101585.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101586.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101596.rbf Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1002\A0101638.rbf Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
 
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1004\A0101741.rbf Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102430.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102431.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102433.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102434.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102435.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102436.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102437.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102438.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102439.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102440.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102441.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102442.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102443.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102444.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102445.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102446.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102447.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102448.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1005\A0102449.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1006\A0102486.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1007\A0102494.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1007\A0102498.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1008\A0102536.rbf Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1010\A0102824.rbf Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1010\A0102858.rbf Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1010\A0102964.rbf Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103565.rbf Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103619.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103621.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103622.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103623.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103624.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103625.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103626.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103627.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103628.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103629.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103630.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1011\A0103631.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103650.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103652.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103653.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103654.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103656.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103658.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103659.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103660.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1012\A0103661.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1013\A0103662.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1013\A0103664.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1013\A0103694.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1013\A0103695.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1013\A0103696.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1013\A0103697.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1014\A0103698.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1014\A0103732.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1014\A0103733.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1014\A0103734.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1014\A0103735.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1014\A0103736.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1016\A0103861.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1016\A0103862.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1016\A0103863.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1016\A0103864.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1016\A0103865.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1016\A0103871.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103880.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103885.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103887.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103888.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103889.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103893.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103903.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103904.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103905.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103906.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1017\A0103907.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103927.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103929.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103930.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103931.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103932.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103933.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103953.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103954.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103955.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103956.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clc skipped
C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP1018\A0103957.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
 
You must log in or register to reply here.
Back
Top