Please help- Worm in the system

E

exploreint

New member
The Log from anti-virus scan is extremely long.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:08 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10866 bytes
 
Hi exploreint

Rename HijackThis.exe to exploreint.exe and post back a fresh HijackThis log, please :)
 
OK Shaba, here is the new log, thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:46 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\aagrtasv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\exploreint.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {079A4744-1229-4808-A3C0-CABA31B3391A} - (no file)
O2 - BHO: (no name) - {11249857-77F9-47E4-B4F7-8C9F5123F5E0} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69FDB1C2-D5C5-4A35-9658-EC7E65B3AD88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {947FC556-6784-4E60-B23A-E36F1CFBAA15} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {A9A51530-C28A-4ED8-AA26-A0AE6D4C0CE8} - (no file)
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - (no file)
O2 - BHO: (no name) - {C715318A-4E2A-4D3B-9E03-1B182332ACF6} - (no file)
O2 - BHO: (no name) - {D87A6D0B-505C-4329-B589-4598AEB24D04} - C:\WINDOWS\system32\geeda.dll
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjiged - C:\WINDOWS\
O20 - Winlogon Notify: sxxhibml - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\aagrtasv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12316 bytes
 
Hi

You have a keylogger so you should change all online passwords from known clean computer:

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download combofix from one of these links and save it to Desktop:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:10 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\aagrtasv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\exploreint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {079A4744-1229-4808-A3C0-CABA31B3391A} - (no file)
O2 - BHO: (no name) - {11249857-77F9-47E4-B4F7-8C9F5123F5E0} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69FDB1C2-D5C5-4A35-9658-EC7E65B3AD88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {85B62385-6804-4F20-AB74-D96C3359058A} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: {eda58e97-d406-053b-0e34-4fc873d6cee8} - {8eec6d37-8cf4-43e0-b350-604d79e85ade} - C:\WINDOWS\system32\vnenmrna.dll
O2 - BHO: (no name) - {947FC556-6784-4E60-B23A-E36F1CFBAA15} - (no file)
O2 - BHO: (no name) - {A9A51530-C28A-4ED8-AA26-A0AE6D4C0CE8} - (no file)
O2 - BHO: (no name) - {C715318A-4E2A-4D3B-9E03-1B182332ACF6} - (no file)
O2 - BHO: (no name) - {D87A6D0B-505C-4329-B589-4598AEB24D04} - (no file)
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjiged - C:\WINDOWS\
O20 - Winlogon Notify: sxxhibml - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\aagrtasv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12057 bytes


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 12:33:32 PM 11/19/2007

Listing files found while scanning....

C:\windows\system32\adeeg.bak1
C:\windows\system32\adeeg.bak2
C:\windows\system32\adeeg.ini
C:\windows\system32\byfeqxah.dll
C:\windows\system32\geeda.dll
C:\windows\system32\qomjgff.dll

Beginning removal...

Attempting to delete C:\windows\system32\adeeg.bak1
C:\windows\system32\adeeg.bak1 Has been deleted!

Attempting to delete C:\windows\system32\adeeg.bak2
C:\windows\system32\adeeg.bak2 Has been deleted!

Attempting to delete C:\windows\system32\adeeg.ini
C:\windows\system32\adeeg.ini Has been deleted!

Attempting to delete C:\windows\system32\byfeqxah.dll
C:\windows\system32\byfeqxah.dll Has been deleted!

Attempting to delete C:\windows\system32\geeda.dll
C:\windows\system32\geeda.dll Has been deleted!

Attempting to delete C:\windows\system32\qomjgff.dll
C:\windows\system32\qomjgff.dll Has been deleted!

Performing Repairs to the registry.
Done!

Unable to run Combofix get message that program expired as today is 11/19/2007
 
Hi

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
 
Deckard's System Scanner v20071014.68
Run by Q12 Alex on 2007-11-20 08:08:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-11-20 14:08:54 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-11-20 13:39:12 UTC - RP2 - Microsoft OneCare Protection Checkpoint
1: 2007-11-19 22:26:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Q12 Alex.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:29 AM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\aagrtasv.exe
C:\Documents and Settings\Q12 Alex\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Q12 Alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {079A4744-1229-4808-A3C0-CABA31B3391A} - (no file)
O2 - BHO: (no name) - {11249857-77F9-47E4-B4F7-8C9F5123F5E0} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69FDB1C2-D5C5-4A35-9658-EC7E65B3AD88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {85B62385-6804-4F20-AB74-D96C3359058A} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: {eda58e97-d406-053b-0e34-4fc873d6cee8} - {8eec6d37-8cf4-43e0-b350-604d79e85ade} - C:\WINDOWS\system32\vnenmrna.dll
O2 - BHO: (no name) - {947FC556-6784-4E60-B23A-E36F1CFBAA15} - (no file)
O2 - BHO: (no name) - {A9A51530-C28A-4ED8-AA26-A0AE6D4C0CE8} - (no file)
O2 - BHO: (no name) - {C715318A-4E2A-4D3B-9E03-1B182332ACF6} - (no file)
O2 - BHO: (no name) - {D87A6D0B-505C-4329-B589-4598AEB24D04} - (no file)
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjiged - C:\WINDOWS\
O20 - Winlogon Notify: sxxhibml - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\aagrtasv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11926 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 z520bus (Sony Ericsson 520 driver (WDM)) - c:\windows\system32\drivers\z520bus.sys <Not Verified; MCCI; Sony Ericsson 520>
S3 z520mdfl (Sony Ericsson 520 USB WMC Modem Filter) - c:\windows\system32\drivers\z520mdfl.sys <Not Verified; MCCI; Sony Ericsson 520 USB WMC Modem Filter Driver>
S3 z520mdm (Sony Ericsson 520 USB WMC Modem Drivers) - c:\windows\system32\drivers\z520mdm.sys <Not Verified; MCCI; Sony Ericsson 520 USB WMC Modem>
S3 z520mgmt (Sony Ericsson 520 USB WMC Device Management Drivers) - c:\windows\system32\drivers\z520mgmt.sys <Not Verified; MCCI; Sony Ericsson 520 USB WMC Device Management>
S3 z520obex (Sony Ericsson 520 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\z520obex.sys <Not Verified; MCCI; Sony Ericsson 520 USB WMC OBEX Interface>
S3 z525bus (Sony Ericsson Z525 Driver driver (WDM)) - c:\windows\system32\drivers\z525bus.sys <Not Verified; MCCI; Sony Ericsson Z525 Driver>
S3 z525mdfl (Sony Ericsson Z525 USB WMC Modem Filter) - c:\windows\system32\drivers\z525mdfl.sys <Not Verified; MCCI; Sony Ericsson Z525 USB WMC Modem Filter Driver>
S3 z525mdm (Sony Ericsson Z525 USB WMC Modem Driver) - c:\windows\system32\drivers\z525mdm.sys <Not Verified; MCCI; Sony Ericsson Z525 USB WMC Data Modem>
S3 z525mgmt (Sony Ericsson Z525 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\z525mgmt.sys <Not Verified; MCCI; Sony Ericsson Z525 USB WMC Device Management>
S3 z525obex (Sony Ericsson Z525 USB WMC OBEX Interface) - c:\windows\system32\drivers\z525obex.sys <Not Verified; MCCI; Sony Ericsson Z525 USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DomainService - c:\windows\system32\aagrtasv.exe /service <Not Verified; ; DDC>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-19 11:45:20 428 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{811BD7B1-9924-40B5-9D71-1FA9F46DA408}.job
2007-09-12 16:15:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-05-09 10:47:51 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
 
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-19 11:57:12 81984 --a------ C:\WINDOWS\system32\vnenmrna.dll
2007-11-19 11:54:30 85056 --a------ C:\WINDOWS\system32\xpxxiotl.dll
2007-11-19 11:45:28 71232 --a------ C:\WINDOWS\system32\xnlcxsws.exe <Not Verified; ; DDC>
2007-11-18 19:58:41 81984 --a------ C:\WINDOWS\system32\xqqyhsgd.dll
2007-11-18 19:56:08 71232 --a------ C:\WINDOWS\system32\cwfvbmow.exe <Not Verified; ; DDC>
2007-11-16 09:24:25 85056 --a------ C:\WINDOWS\system32\gmptwebs.dll
2007-11-16 09:19:24 81984 --a------ C:\WINDOWS\system32\mqnbdqki.dll
2007-11-16 09:13:24 71232 --a------ C:\WINDOWS\system32\aagrtasv.exe <Not Verified; ; DDC>
2007-11-15 09:56:10 0 d-------- C:\Program Files\Trend Micro
2007-11-15 09:39:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-15 09:39:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-14 16:35:05 79424 --a------ C:\WINDOWS\system32\jdguoefo.dll
2007-11-14 16:32:05 85056 --a------ C:\WINDOWS\system32\urylakwj.dll
2007-11-14 16:29:05 71232 --a------ C:\WINDOWS\system32\hyqephhe.exe <Not Verified; ; DDC>
2007-11-14 11:24:35 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-14 11:24:35 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-14 11:24:35 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-14 11:24:34 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-14 11:24:34 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-14 11:24:31 0 d-------- C:\Program Files\Trojan Remover
2007-11-14 11:24:31 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Simply Super Software
2007-11-14 11:24:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-13 15:21:39 80448 --a------ C:\WINDOWS\system32\bfyrmtia.dll
2007-11-13 15:15:13 71232 --a------ C:\WINDOWS\system32\txyfdrfh.exe <Not Verified; ; DDC>
2007-11-13 15:03:34 80448 --a------ C:\WINDOWS\system32\ispitfqf.dll
2007-11-13 15:00:34 144480 --a------ C:\WINDOWS\system32\cxvvupkt.dll
2007-11-13 14:57:34 85056 --a------ C:\WINDOWS\system32\achhginx.dll
2007-11-13 09:49:00 0 d-------- C:\85cbd9eeac5a5e9f990e3392b9c9
2007-11-13 09:48:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:27:58 0 d-------- C:\WinPE
2007-11-13 09:22:57 0 d-------- C:\Program Files\Windows Imaging
2007-11-13 09:16:10 0 d-------- C:\Program Files\Windows AIK
2007-11-13 09:12:11 0 d-------- C:\Program Files\MSXML 6.0
2007-11-12 15:03:53 144480 --a------ C:\WINDOWS\system32\hlqqcshi.dll
2007-11-12 14:57:52 81472 --a------ C:\WINDOWS\system32\wyejgweb.dll
2007-11-12 10:52:01 0 d-------- C:\Program Files\Lavasoft
2007-11-12 10:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-12 10:51:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-11 14:15:59 128 --a------ C:\winlogon.exe
2007-11-11 13:55:14 79936 --a------ C:\WINDOWS\system32\kivjyxcr.dll
2007-11-11 13:46:51 71232 --a------ C:\WINDOWS\system32\mkhcnafs.exe <Not Verified; ; DDC>
2007-11-10 13:18:28 81472 --a------ C:\WINDOWS\system32\qskokyxb.dll
2007-11-10 13:07:07 71232 --a------ C:\WINDOWS\system32\xirmbjeu.exe <Not Verified; ; DDC>
2007-11-09 13:05:57 77888 --a------ C:\WINDOWS\system32\fqameehf.dll
2007-11-09 12:54:25 71232 --a------ C:\WINDOWS\system32\wkpelmdl.exe <Not Verified; ; DDC>
2007-11-08 12:13:36 71232 --a------ C:\WINDOWS\system32\tjxptdle.exe <Not Verified; ; DDC>
2007-11-07 12:19:00 86080 --a------ C:\WINDOWS\system32\rkfkpdno.dll
2007-11-07 12:16:00 79936 --a------ C:\WINDOWS\system32\erwundcg.dll
2007-11-07 11:57:22 82 --a------ C:\n.bat
2007-11-07 11:57:12 0 --a------ C:\z.dat
2007-11-07 11:57:04 133120 --a------ C:\z.exe
2007-11-02 23:15:00 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-02 23:09:55 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 22:28:51 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-01 13:01:22 0 d-------- C:\WINDOWS\pss
2007-10-27 14:26:26 66 --a------ C:\WINDOWS\system32\RegisterIDriveEDll.bat
2007-10-27 14:26:26 733184 --a------ C:\WINDOWS\system32\IDriveEService.dll <Not Verified; Pro Soft Net Corporation; IDrive-E>
2007-10-27 14:26:25 55808 --a------ C:\WINDOWS\system32\zlib1.dll <Not Verified; ; zlib>
2007-10-27 14:26:25 135168 --a------ C:\WINDOWS\system32\LogMail.dll <Not Verified; Pro-Softnet Corporation; IBackup For Windows>


-- Find3M Report ---------------------------------------------------------------

2007-11-19 16:28:36 0 d-------- C:\Program Files\IDriveE
2007-11-19 16:28:00 0 d-------- C:\Program Files\Plaxo
2007-11-19 11:50:07 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\American Airlines DealFinder
2007-11-12 10:51:09 0 d-------- C:\Program Files\Common Files
2007-11-10 13:16:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-27 22:07:15 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Vso
2007-10-27 22:07:15 33 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.log
2007-10-27 22:07:12 7887 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.cat
2007-10-27 22:07:11 47360 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-10-27 22:07:11 1144 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.inf
2007-10-27 22:05:27 0 d-------- C:\Program Files\Picasa2
2007-10-27 13:29:32 0 d-------- C:\Program Files\Java
2007-10-22 11:37:17 256 --a------ C:\WINDOWS\system32\pool.bin
2007-10-19 13:51:51 0 d-------- C:\Program Files\Common Files\Research In Motion
2007-10-14 11:08:56 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Roxio
2007-10-13 20:34:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-13 20:33:21 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-13 20:33:01 0 d-------- C:\Program Files\Roxio
2007-10-13 20:32:27 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-13 20:28:30 0 d-------- C:\Program Files\Research In Motion
2007-10-13 16:06:34 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Teleca
2007-10-13 16:06:29 0 d-------- C:\Program Files\Sony Ericsson
2007-10-13 16:06:11 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-10-08 21:33:53 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Blackberry Desktop
2007-10-08 21:28:57 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Research In Motion
2007-09-30 13:58:34 0 d-------- C:\Program Files\iTunes
2007-09-30 13:57:58 0 d-------- C:\Program Files\iPod
2007-09-26 19:29:00 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-09-26 19:28:55 0 d-------- C:\Program Files\Coupons


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{079A4744-1229-4808-A3C0-CABA31B3391A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11249857-77F9-47E4-B4F7-8C9F5123F5E0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69FDB1C2-D5C5-4A35-9658-EC7E65B3AD88}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85B62385-6804-4F20-AB74-D96C3359058A}]
C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8eec6d37-8cf4-43e0-b350-604d79e85ade}]
11/19/2007 11:57 AM 81984 --a------ C:\WINDOWS\system32\vnenmrna.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{947FC556-6784-4E60-B23A-E36F1CFBAA15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9A51530-C28A-4ED8-AA26-A0AE6D4C0CE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C715318A-4E2A-4D3B-9E03-1B182332ACF6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D87A6D0B-505C-4329-B589-4598AEB24D04}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [08/23/2006 04:14 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 12:48 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 05:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 05:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 05:45 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"FaxMonitor"="C:\Program Files\IPFax\FaxMonitor.exe" [01/21/2002 02:45 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/06/2006 10:51 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"American Airlines DealFinder"="C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe" [09/03/2007 01:55 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [07/25/2007 03:02 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [07/25/2007 03:06 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/23/2007 10:43 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/10/2004 05:00 AM C:\WINDOWS\system32\bthprops.cpl]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [10/31/2007 01:18 PM]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [01/10/2007 11:15 AM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [11/11/2007 01:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe" [08/28/2007 09:04 AM]
"IDriveE Startup"="C:\Program Files\IDriveE\IDrvieEStartup.exe" [09/25/2007 10:57 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjiged]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sxxhibml]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

7457 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-20 08:13:05 ------------
 
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2250 @ 1.73GHz
CPU 1: Genuine Intel(R) CPU T2250 @ 1.73GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1526.37 MiB / 910.72 MiB
Pagefile Memory (total/avail): 3422.56 MiB / 2948.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.51 MiB

C: is Fixed (NTFS) - 49.79 GiB total, 18.38 GiB free.
D: is CDROM (CDFS)
M: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HM060HI - 54.49 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 49.79 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"="C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"="C:\\Program Files\\American Airlines DealFinder\\American_Airlines_DealFinder.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\rclrxyws.exe"="C:\\WINDOWS\\system32\\rcl"
"C:\\WINDOWS\\system32\\hslynsus.exe"="C:\\WINDOWS\\system32\\hsl"
"C:\\WINDOWS\\system32\\cmrscpjh.exe"="C:\\WINDOWS\\system32\\cmr"
"C:\\WINDOWS\\system32\\hyqephhe.exe"="C:\\WINDOWS\\system32\\hyq"
"C:\\WINDOWS\\system32\\aagrtasv.exe"="C:\\WINDOWS\\system32\\aag"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Q12 Alex\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Q12 Alex
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Windows Imaging
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Q12ALE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\Q12ALE~1\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=Q12 Alex
USERPROFILE=C:\Documents and Settings\Q12 Alex
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Q12 Alex (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
American Airlines DealFinder (remove only) --> "C:\Program Files\American Airlines DealFinder\Uninstall.exe" -R
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{0725C68F-FD3A-4476-BDA0-C002C7FE307C}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{0725C68F-FD3A-4476-BDA0-C002C7FE307C}
BlackBerry v4.2.1 for the 8100 Series Wireless Handheld --> MsiExec.exe /X{C9416263-0E35-41C9-91C0-32100F0D3448}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
CommuniKate 2.0 Video Conferencing --> MsiExec.exe /X{BE35F900-AA44-4655-88FC-C872AF2AF384}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dell Resource CD --> MsiExec.exe /X{2764CA82-DFB9-4498-AF85-719340BF5305}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
GTOneCare --> MsiExec.exe /X{EE7C954E-2356-491D-9188-D1852ADF41FE}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IDrive-E version 2.0.7 October 19 2007 --> "C:\Program Files\IDriveE\unins000.exe"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
IPFax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAC19E84-F3D2-4437-A104-8DB80E36973C}\setup.exe"
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft English TTS Engine --> MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service --> MsiExec.exe /I{62514E51-0E57-41B8-968C-43BB55694CC6}
Microsoft Streets & Trips 2007 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Live OneCare Resources v2.0.2500.10 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{CB8410EA-A3D5-47F2-8653-D4EEA4BF8D4C}
Microsoft Windows OneCare Live v2.0.2392.4 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.0.2500.10 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Mozilla Firefox (2.0.0.9) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Plaxo Toolbar for Outlook and Outlook Express --> C:\Program Files\Plaxo\3.3.0.39\uninstall_en_us.exe
PowerDVD 5.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
Trojan Remover 6.6.4 --> "C:\Program Files\Trojan Remover\unins000.exe"
TTS Wrapper --> MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
ucietb --> MsiExec.exe /I{14B8E594-40F1-45AF-975F-33301144C6D1}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Windows Automated Installation Kit --> MsiExec.exe /I{31E8F586-4EF7-4500-844D-BA8756474FF1}
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type9221 / Warning
Event Submitted/Written: 11/19/2007 04:28:44 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type9220 / Warning
Event Submitted/Written: 11/19/2007 04:28:44 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type9219 / Warning
Event Submitted/Written: 11/19/2007 04:28:44 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type9218 / Warning
Event Submitted/Written: 11/19/2007 04:28:44 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type9217 / Warning
Event Submitted/Written: 11/19/2007 04:28:44 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{364EC092-93CF-4DDC-9D7A-7278452028E0}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16938 / Error
Event Submitted/Written: 11/20/2007 07:39:12 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The DomainService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Event Record #/Type16935 / Warning
Event Submitted/Written: 11/20/2007 07:39:06 AM
Event ID/Source: 1006 / OneCareMP
Event Description:
%NT AUTHORITY29 scan has detected spyware or other potentially unwanted software.

For more information please see the following:
%NT AUTHORITY295

Scan ID: {41FF1A1F-FBBA-4D32-AF34-7A2B1DABB7DB}

Scan Type: %NT AUTHORITY02

Scan Parameters: %NT AUTHORITY09

User: NT AUTHORITY\SYSTEM

Name: %NT AUTHORITY291

ID: %NT AUTHORITY292

Severity: 1.5.1941.05

Category: 1.5.1941.06

Path Found: %NT AUTHORITY296

Detection Type: 1.5.1941.02

Event Record #/Type16927 / Error
Event Submitted/Written: 11/19/2007 04:28:22 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.0.0.2.
The machine with the IP address 10.0.0.3 did not allow the name to be claimed by
this machine.

Event Record #/Type16920 / Warning
Event Submitted/Written: 11/19/2007 04:27:22 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %29 can't undo changes that you allow.

For more information please see the following:
%295

Scan ID: {D5FB00A4-D5B7-43BF-8437-84A262385D22}

Agent: %43

User: \

Name: %291

ID: %292

Severity: 1.5.1941.05

Category: 1.5.1941.06

Path Found: %296

Alert Type: %298

Process Name:

Detection Type: 1.5.1941.02

Status: 1.5.1941.00

Event Record #/Type16919 / Warning
Event Submitted/Written: 11/19/2007 04:27:22 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.

For more information please see the following:
%NT AUTHORITY295

Scan ID: {2463DEFA-B9A2-40BE-A2A4-5C21B0E94C2F}

Agent: %NT AUTHORITY43

User: NT AUTHORITY\SYSTEM

Name: %NT AUTHORITY291

ID: %NT AUTHORITY292

Severity: 1.5.1941.05

Category: 1.5.1941.06

Path Found: %NT AUTHORITY296

Alert Type: %NT AUTHORITY298

Process Name:

Detection Type: 1.5.1941.02

Status: 1.5.1941.00



-- End of Deckard's System Scanner: finished at 2007-11-20 08:13:05 ------------
 
Hi

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {079A4744-1229-4808-A3C0-CABA31B3391A} - (no file)
O2 - BHO: (no name) - {11249857-77F9-47E4-B4F7-8C9F5123F5E0} - (no file)
O2 - BHO: (no name) - {69FDB1C2-D5C5-4A35-9658-EC7E65B3AD88} - (no file)
O2 - BHO: (no name) - {85B62385-6804-4F20-AB74-D96C3359058A} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: {eda58e97-d406-053b-0e34-4fc873d6cee8} - {8eec6d37-8cf4-43e0-b350-604d79e85ade} - C:\WINDOWS\system32\vnenmrna.dll
O2 - BHO: (no name) - {947FC556-6784-4E60-B23A-E36F1CFBAA15} - (no file)
O2 - BHO: (no name) - {A9A51530-C28A-4ED8-AA26-A0AE6D4C0CE8} - (no file)
O2 - BHO: (no name) - {C715318A-4E2A-4D3B-9E03-1B182332ACF6} - (no file)
O2 - BHO: (no name) - {D87A6D0B-505C-4329-B589-4598AEB24D04} - (no file)
O20 - Winlogon Notify: ljjiged - C:\WINDOWS\
O20 - Winlogon Notify: sxxhibml - C:\WINDOWS\

Close all windows including browser and press fix checked.

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\rclrxyws.exe"=-
"C:\\WINDOWS\\system32\\hslynsus.exe"=-
"C:\\WINDOWS\\system32\\cmrscpjh.exe"=-
"C:\\WINDOWS\\system32\\hyqephhe.exe"=-
"C:\\WINDOWS\\system32\\aagrtasv.exe"=-

It should look like this ->
reg.gif


Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Please download the Killbox.
Save it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\vnenmrna.dll
C:\WINDOWS\system32\xpxxiotl.dll
C:\WINDOWS\system32\xnlcxsws.exe
C:\WINDOWS\system32\xqqyhsgd.dll
C:\WINDOWS\system32\cwfvbmow.exe
C:\WINDOWS\system32\gmptwebs.dll
C:\WINDOWS\system32\mqnbdqki.dll
C:\WINDOWS\system32\aagrtasv.exe
C:\WINDOWS\system32\jdguoefo.dll
C:\WINDOWS\system32\urylakwj.dll
C:\WINDOWS\system32\hyqephhe.exe
C:\WINDOWS\system32\bfyrmtia.dll
C:\WINDOWS\system32\txyfdrfh.exe
C:\WINDOWS\system32\ispitfqf.dll
C:\WINDOWS\system32\cxvvupkt.dll
C:\WINDOWS\system32\achhginx.dll
C:\winlogon.exe
C:\WINDOWS\system32\kivjyxcr.dll
C:\WINDOWS\system32\mkhcnafs.exe
C:\WINDOWS\system32\qskokyxb.dll
C:\WINDOWS\system32\xirmbjeu.exe
C:\WINDOWS\system32\fqameehf.dll
C:\WINDOWS\system32\wkpelmdl.exe
C:\WINDOWS\system32\tjxptdle.exe
C:\WINDOWS\system32\rkfkpdno.dll
C:\WINDOWS\system32\erwundcg.dll
C:\n.bat
C:\z.dat
C:\z.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Re-run dss

Post dss log (main.txt only)
 
Last edited:
Deckard's System Scanner v20071014.68
Run by Q12 Alex on 2007-11-20 10:06:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Q12 Alex.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:10 AM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Q12 Alex\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Q12ALE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\aagrtasv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11115 bytes

-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 09:55:00 0 d-------- C:\!KillBox
2007-11-15 09:56:10 0 d-------- C:\Program Files\Trend Micro
2007-11-15 09:39:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-15 09:39:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-14 11:24:35 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-14 11:24:35 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-14 11:24:35 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-14 11:24:34 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-14 11:24:34 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-14 11:24:31 0 d-------- C:\Program Files\Trojan Remover
2007-11-14 11:24:31 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Simply Super Software
2007-11-14 11:24:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-13 09:49:00 0 d-------- C:\85cbd9eeac5a5e9f990e3392b9c9
2007-11-13 09:48:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:27:58 0 d-------- C:\WinPE
2007-11-13 09:22:57 0 d-------- C:\Program Files\Windows Imaging
2007-11-13 09:16:10 0 d-------- C:\Program Files\Windows AIK
2007-11-13 09:12:11 0 d-------- C:\Program Files\MSXML 6.0
2007-11-12 15:03:53 144480 --a------ C:\WINDOWS\system32\hlqqcshi.dll
2007-11-12 14:57:52 81472 --a------ C:\WINDOWS\system32\wyejgweb.dll
2007-11-12 10:52:01 0 d-------- C:\Program Files\Lavasoft
2007-11-12 10:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-12 10:51:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 23:15:00 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-02 23:09:55 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 22:28:51 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-01 13:01:22 0 d-------- C:\WINDOWS\pss
2007-10-27 14:26:26 66 --a------ C:\WINDOWS\system32\RegisterIDriveEDll.bat
2007-10-27 14:26:26 733184 --a------ C:\WINDOWS\system32\IDriveEService.dll <Not Verified; Pro Soft Net Corporation; IDrive-E>
2007-10-27 14:26:25 55808 --a------ C:\WINDOWS\system32\zlib1.dll <Not Verified; ; zlib>
2007-10-27 14:26:25 135168 --a------ C:\WINDOWS\system32\LogMail.dll <Not Verified; Pro-Softnet Corporation; IBackup For Windows>


-- Find3M Report ---------------------------------------------------------------

2007-11-20 09:59:55 0 d-------- C:\Program Files\IDriveE
2007-11-20 09:59:22 0 d-------- C:\Program Files\Plaxo
2007-11-19 11:50:07 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\American Airlines DealFinder
2007-11-12 10:51:09 0 d-------- C:\Program Files\Common Files
2007-11-10 13:16:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-27 22:07:15 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Vso
2007-10-27 22:07:15 33 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.log
2007-10-27 22:07:12 7887 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.cat
2007-10-27 22:07:11 47360 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-10-27 22:07:11 1144 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.inf
2007-10-27 22:05:27 0 d-------- C:\Program Files\Picasa2
2007-10-27 13:29:32 0 d-------- C:\Program Files\Java
2007-10-22 11:37:17 256 --a------ C:\WINDOWS\system32\pool.bin
2007-10-19 13:51:51 0 d-------- C:\Program Files\Common Files\Research In Motion
2007-10-14 11:08:56 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Roxio
2007-10-13 20:34:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-13 20:33:21 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-13 20:33:01 0 d-------- C:\Program Files\Roxio
2007-10-13 20:32:27 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-13 20:28:30 0 d-------- C:\Program Files\Research In Motion
2007-10-13 16:06:34 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Teleca
2007-10-13 16:06:29 0 d-------- C:\Program Files\Sony Ericsson
2007-10-13 16:06:11 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-10-08 21:33:53 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Blackberry Desktop
2007-10-08 21:28:57 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Research In Motion
2007-09-30 13:58:34 0 d-------- C:\Program Files\iTunes
2007-09-30 13:57:58 0 d-------- C:\Program Files\iPod
2007-09-26 19:29:00 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-09-26 19:28:55 0 d-------- C:\Program Files\Coupons
 
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [08/23/2006 04:14 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 12:48 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 05:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 05:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 05:45 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"FaxMonitor"="C:\Program Files\IPFax\FaxMonitor.exe" [01/21/2002 02:45 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/06/2006 10:51 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"American Airlines DealFinder"="C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe" [09/03/2007 01:55 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [07/25/2007 03:02 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [07/25/2007 03:06 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/23/2007 10:43 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/10/2004 05:00 AM C:\WINDOWS\system32\bthprops.cpl]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [10/31/2007 01:18 PM]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [01/10/2007 11:15 AM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [11/11/2007 01:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe" [08/28/2007 09:04 AM]
"IDriveE Startup"="C:\Program Files\IDriveE\IDrvieEStartup.exe" [09/25/2007 10:57 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2007-11-20 10:06:29 ------------
 
Hi

Delete these:

C:\WINDOWS\system32\hlqqcshi.dll
C:\WINDOWS\system32\wyejgweb.dll

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:28 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MIFAE3~1\Streets.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\exploreint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\aagrtasv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11124 bytes
 
Hi

Try to split into multiple replies.

If still too long, edit out all lines with object locked skipped.
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 20, 2007 3:03:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/11/2007
Kaspersky Anti-Virus database records: 462399
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
M:\

Scan Statistics:
Total number of scanned objects: 76463
Number of viruses found: 9
Number of infected objects: 9638
Number of suspicious objects: 0
Duration of the scan process: 01:24:03

Infected Object Name / Virus Name / Last Action
C:\!KillBox\aagrtasv.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\achhginx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\!KillBox\cwfvbmow.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\cxvvupkt.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.p skipped
C:\!KillBox\gmptwebs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\!KillBox\hyqephhe.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\mkhcnafs.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\tjxptdle.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\txyfdrfh.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\urylakwj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\!KillBox\wkpelmdl.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\xirmbjeu.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\xnlcxsws.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\!KillBox\xpxxiotl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\!KillBox\z.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0005/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0005/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0005 Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0006/stream/data0004 Infected: not-a-virus:AdWare.Win32.BHO.ha skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0006/stream Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
C:\Deckard\System Scanner\20071120100556\backup\DOCUME~1\Q12ALE~1\LOCALS~1\Temp\Temporary Directory 1 for [Full] quicken 2008 business with Bonus.zip\setup.exe NSIS: infected - 7 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-11022007-233442.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Q12 Alex\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\History\History.IE5\MSHist012007112020071121\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temp\~DF7713.tmp Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temp\~DF8BC8.tmp Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temp\~DFCEDB.tmp Object is locked skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temporary Internet Files\Content.IE5\8BL8KNYV\cmp74[1] Infected: not-a-virus:AdWare.Win32.SecToolBar.p skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temporary Internet Files\Content.IE5\8BL8KNYV\pochki20071106[1] Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temporary Internet Files\Content.IE5\F3V9LRXY\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Documents and Settings\Q12 Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Q12 Alex\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Q12 Alex\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live(3)\ClientSD(2)\Ent.dat Object is locked skipped
C:\RTBTrace.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000077.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000078.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000080.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000081.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000083.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000085.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000086.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000088.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000090.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.p skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000091.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000094.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000096.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000098.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000099.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000103.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\A0000134.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.p skipped
C:\System Volume Information\_restore{6FC82577-5B45-4927-9274-DC02549D4BCD}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\'\#1 DVD Ripper 6.00 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\#1 DVD Ripper 6.00 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\#1 Video Converter 4.1.35 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\#1 Video Converter 4.1.35 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\#1 Video Converter 4.1.37 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\#1 Video Converter 4.1.37 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\00jj99uuii66ddxxqqq.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\00jj99uuii66ddxxqqq.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1 Click DVD Movie 3.0.0.5 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\1 Click DVD Movie 3.0.0.5 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1 Lucky Fuck 1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\1 Lucky Fuck 1 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10 books on Hacking Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\10 books on Hacking Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\101 Jukebox Classics Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\101 Jukebox Classics Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\10thWolf Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\10thWolf Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123 DVD Converter v4.6.1 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\123 DVD Converter v4.6.1 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123 DVD Ripper 1.00.060718 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\123 DVD Ripper 1.00.060718 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\123 Video Converter v4.3.3 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\123 Video Converter v4.3.3 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1408 (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\1408 (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\15 Minutes (2001) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\15 Minutes (2001) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\18 And Easy 10 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\18 And Easy 10 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\18 And Easy 10 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\18 And Easy 10 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\18 Wheels Of Steel Across America Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\18 Wheels Of Steel Across America Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\18 Wheels Of Steel Across America Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\18 Wheels Of Steel Across America Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\18 Wheels Of Steel Haulin Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\18 Wheels Of Steel Haulin Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\18Eighteen - Courtney Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\18Eighteen - Courtney Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\18Eighteen - Courtney Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\18Eighteen - Courtney Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1Click DVD Copy 5.3.1.7 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\1Click DVD Copy 5.3.1.7 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\1st Security Agent with 1st Screen Lock 7.5 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\1st Security Agent with 1st Screen Lock 7.5 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\20 Years Of Jethro Tull, Awesome Collection Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\20 Years Of Jethro Tull, Awesome Collection Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\20 Years Of Jethro Tull, Awesome Collection Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\20 Years Of Jethro Tull, Awesome Collection Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\21 Sextury - Perky Tits Anetta With Sexy Skin Fucked Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\21 Sextury - Perky Tits Anetta With Sexy Skin Fucked Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\28 Weeks Later (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\28 Weeks Later (2007) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\28 Weeks Later (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\28 Weeks Later (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\2nd Speech Center v3.2.7.406 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\2nd Speech Center v3.2.7.406 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\2Pac - 2Pacalypse Now (1991) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\2Pac - 2Pacalypse Now (1991) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\2Pac - Me Against the World Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\2Pac - Me Against the World Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\2Pac - The 10TH Anniversary Collection Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\2Pac - The 10TH Anniversary Collection Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\2Pac - The 10TH Anniversary Collection Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\2Pac - The 10TH Anniversary Collection Keygen.zip ZIP: infected - 1 skipped
 
C:\WINDOWS\Fonts\'\3 Doors Down - Away From The Sun Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3 Doors Down - Away From The Sun Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3 Doors Down - Greatest Hits Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3 Doors Down - Greatest Hits Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3 Doors Down - The Better Life Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3 Doors Down - The Better Life Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3 Ways All Ways Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3 Ways All Ways Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3-D Fish School (3D Screensaver) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3-D Fish School (3D Screensaver) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\30 Days of Night (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\30 Days of Night (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\30 Days Of Night Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\30 Days Of Night Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\300 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\300 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\310 to Yuma (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\310 to Yuma (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\35 AI brushes Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\35 AI brushes Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3Com Network Supervisor v5.1 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3Com Network Supervisor v5.1 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D Album PicturePro Platinum v3.1 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D Album PicturePro Platinum v3.1 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D Desktop for Windows XP and Vista Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D Desktop for Windows XP and Vista Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D Home Architect Design Suite Deluxe Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D Home Architect Design Suite Deluxe Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D Me Now Professional 1.5.1.1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D Me Now Professional 1.5.1.1 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D Model Trains Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D Model Trains Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D ProductBox 2007 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D ProductBox 2007 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D SexVilla v30.001 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D SexVilla v30.001 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D Ultra Pinball - Thrillride Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D Ultra Pinball - Thrillride Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D War Chess Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D War Chess Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D-Shape 3DViewer 1.52 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3D-Shape 3DViewer 1.52 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3DNA Desktop 1.1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3DNA Desktop 1.1 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3DNA Desktop v1.1 ! Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3DNA Desktop v1.1 ! Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3GP to AVI Converter - Splitter v1.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3GP to AVI Converter - Splitter v1.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3nity CD DVD Burner 1.7 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\3nity CD DVD Burner 1.7 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\48 Angels (2006) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\48 Angels (2006) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\50 Cent - Before Curtis [2007] Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\50 Cent - Before Curtis [2007] Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\50 Cent - Curtis (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\50 Cent - Curtis (2007) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\50 Cent - Curtis (Explicit) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\50 Cent - Curtis (Explicit) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\50 Cent - Curtis (Explicit) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\50 Cent - Curtis (Explicit) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\50 Things You are Not Supposed To Know Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\50 Things You are Not Supposed To Know Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\7 Wonders II Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\7 Wonders II Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\7 Wonders of the Ancient World 2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\7 Wonders of the Ancient World 2 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\7 Wonders of the Ancient World Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\7 Wonders of the Ancient World Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\7-Zip 4.54 Beta Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\7-Zip 4.54 Beta Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\84 Garfield Comic Strips Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\84 Garfield Comic Strips Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\84 Garfield Comic Strips Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\84 Garfield Comic Strips Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\88 Minutes (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\88 Minutes (2007) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\88 Minutes (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\88 Minutes (2007) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\88 Minutes (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\88 Minutes (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\88 Minutes Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\88 Minutes Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\911 First Responders Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\911 First Responders Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Bridge Too Far (1977) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Bridge Too Far (1977) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Cinderella Story (2004) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Cinderella Story (2004) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Cold Day in Hell (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Cold Day in Hell (2007) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Current Affair - Life In An Hourglass (2007) (EP) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Current Affair - Life In An Hourglass (2007) (EP) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Dead Calling Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Dead Calling Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Dirty Western Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Dirty Western Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Dog's Breakfast (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Dog's Breakfast (2007) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Dogs Breakfast (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Dogs Breakfast (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Fish Called Wanda (1988) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Fish Called Wanda (1988) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Manager's Guide to the Design and Conduct of Clinical Trials Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Manager's Guide to the Design and Conduct of Clinical Trials Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Mighty Heart (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Mighty Heart (2007) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A New Wave (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A New Wave (2007) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Secret Handshake (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Secret Handshake (2007) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Secret Handshake (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Secret Handshake (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A Taste Of Cherry Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A Taste Of Cherry Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A wiking in Hollywood Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A wiking in Hollywood Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A-Z RealPlayer Video Converter v3.75 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A-Z RealPlayer Video Converter v3.75 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A-Z Video Converter Ultimate 7.52 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A-Z Video Converter Ultimate 7.52 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A-Z Video Converter Ultimate v7.44 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A-Z Video Converter Ultimate v7.44 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A-Z Video Converter Ultimate v7.44 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A-Z Video Converter Ultimate v7.44 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A-Z Video Converter Ultimate v7.55 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A-Z Video Converter Ultimate v7.55 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A1 Keyword Research 1.0.2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A1 Keyword Research 1.0.2 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A1 Sitemap Generator 1.4.8 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A1 Sitemap Generator 1.4.8 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A1 Website Analyzer 1.1.9 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A1 Website Analyzer 1.1.9 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A1 Website Download 1.1.8 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A1 Website Download 1.1.8 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A1 Website Download v1.1.8 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A1 Website Download v1.1.8 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\A2M 9 The Art Of Ass To Mouth Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\A2M 9 The Art Of Ass To Mouth Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AAA Logo 1.2.1 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AAA Logo 1.2.1 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AAA Logo 1.2.1 Retail Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AAA Logo 1.2.1 Retail Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AAA PDF Password Remover 2.0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AAA PDF Password Remover 2.0 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Abby FineReader OCR v8.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Abby FineReader OCR v8.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ABBYY FineReader Professional 9.0.0.662 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\ABBYY FineReader Professional 9.0.0.662 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ableton Live 6.0.9 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ableton Live 6.0.9 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ableton Live v6.0.7 Retail Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ableton Live v6.0.7 Retail Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Abode Photoshop CS3 Extended Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Abode Photoshop CS3 Extended Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Abode Photoshop CS3 Extended Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Abode Photoshop CS3 Extended Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Above The Law - Sex MoneyMusic (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Above The Law - Sex MoneyMusic (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Absolute DVD Copy v1.5.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Absolute DVD Copy v1.5.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Absolute DVD Ripper v1.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Absolute DVD Ripper v1.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Absolute DVD Ripper v1.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Absolute DVD Ripper v1.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Patch.zip ZIP: infected - 1 skipped
 
C:\WINDOWS\Fonts\'\ACA Capture 5.50 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\ACA Capture 5.50 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acala DVD Creator v2.7.9 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acala DVD Creator v2.7.9 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acala Video MP3 Ripper v2.8.4 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acala Video MP3 Ripper v2.8.4 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Access Manager 7.4 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Access Manager 7.4 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ACD Systems ACDSee Pro 2.0.219 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\ACD Systems ACDSee Pro 2.0.219 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ace Utilities 3.3.1 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ace Utilities 3.3.1 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ace Utilities 3.3.1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ace Utilities 3.3.1 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ace Utilities v4.0.0 Build 4050 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ace Utilities v4.0.0 Build 4050 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ace Utilities v4.0.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ace Utilities v4.0.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ace Utilities v4.0.0.4050 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ace Utilities v4.0.0.4050 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AceFTP Pro 3.80.2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AceFTP Pro 3.80.2 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AceFTP Pro v3.80.2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AceFTP Pro v3.80.2 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aces over Europe Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aces over Europe Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aces over Pacific Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aces over Pacific Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica CD DVD Label Maker v3.08 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acoustica CD DVD Label Maker v3.08 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Mixcraft v3.0 b22 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acoustica Mixcraft v3.0 b22 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition 4.00 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition 4.00 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition 4.00.357 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition 4.00.357 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition v4.00.353 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition v4.00.353 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acronis True Image Home 10.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acronis True Image Home 10.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acronis True Image Home 10.0.4940 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acronis True Image Home 10.0.4940 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acronis True Image Home v10.0.4942 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acronis True Image Home v10.0.4942 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Act of War Direct Action Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Act of War Direct Action Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Act of War High Treason Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Act of War High Treason Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Boot Disk 3.0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active Boot Disk 3.0 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Boot Disk Pro v.2.1 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active Boot Disk Pro v.2.1 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Desktop Calendar Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active Desktop Calendar Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Fax v4.10.0214 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active Fax v4.10.0214 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active File Recovery Enterprise 7.1 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active File Recovery Enterprise 7.1 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Keyboard 3.1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active Keyboard 3.1 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Keys 2.31 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active Keys 2.31 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active KillDisk Pro Suite v5.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active KillDisk Pro Suite v5.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Password Changer 3.5 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active Password Changer 3.5 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Webcam 7.8 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Active Webcam 7.8 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acts Of Death (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acts Of Death (2007) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acts Of Death (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Acts Of Death (2007) Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Actual Spy 2.8 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Actual Spy 2.8 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ad-Aware 2007 Free 7.0.1.2 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ad-Aware 2007 Free 7.0.1.2 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ad-Aware 2007 Pro v7.0.1.5 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ad-Aware 2007 Pro v7.0.1.5 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AdamEve - Guilty As Sin Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AdamEve - Guilty As Sin Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AdAware Pro v7.0.1.4 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AdAware Pro v7.0.1.4 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adblock Pro 2.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adblock Pro 2.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AdMuncher v.4.7.build 2710 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AdMuncher v.4.7.build 2710 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional 7.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional 7.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional 8 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional 8 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional 8.1.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional 8.1.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe After Effects CS3 Professional Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe After Effects CS3 Professional Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Audition 2.0 - Classroom In A Book Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Audition 2.0 - Classroom In A Book Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Audition 2.0 - Classroom In A Book Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Audition 2.0 - Classroom In A Book Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Audition 2.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Audition 2.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Captivate 3.0.0.580 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Captivate 3.0.0.580 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Captivate v2.0.1177 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Captivate v2.0.1177 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Captivate v2.0.1177 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Captivate v2.0.1177 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Creative Suite 3 Design Premium Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Creative Suite 3 Design Premium Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe CS3 Master Collection 3 Disk Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe CS3 Master Collection 3 Disk Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe CS3 Master Collection Corporate Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe CS3 Master Collection Corporate Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe CS3 Production Premium Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe CS3 Production Premium Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Dreamweaver CS3 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Dreamweaver CS3 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Fireworks CS3 9.0.1188 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Fireworks CS3 9.0.1188 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Fireworks CS3 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Fireworks CS3 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Flash CS3 Professional Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Flash CS3 Professional Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Flash Player 9.0.28.0 - Final Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Flash Player 9.0.28.0 - Final Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Flash Pro CS3 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Flash Pro CS3 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Illustrator CS3 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Illustrator CS3 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe OnLocation CS3 v3.0.1095 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe OnLocation CS3 v3.0.1095 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS Portable Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS Portable Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS2 (Police Tested) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS2 (Police Tested) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Cs2 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Cs2 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 10.0 Extended Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 10.0 Extended Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended (Portable) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended (Portable) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended - Lite Edition Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended - Lite Edition Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended - Lite Edition Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended - Lite Edition Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended - Lite Edition Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended - Lite Edition Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements v5 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements v5 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Lightroom 1.2 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Photoshop Lightroom 1.2 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Premiere Elements v3.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Premiere Elements v3.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Reader 8.1.1 for Windows XP SP2Vista Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Reader 8.1.1 for Windows XP SP2Vista Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Soundbooth CS3 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe Soundbooth CS3 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe.After.Effects.CS3.Professional-CRD Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe.After.Effects.CS3.Professional-CRD Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe® Acrobat® 8 Professional Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adobe® Acrobat® 8 Professional Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AdsGone Popup Killer 2007 7.0.8 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AdsGone Popup Killer 2007 7.0.8 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AduSoft DVDCreator 4.73 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AduSoft DVDCreator 4.73 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advance - Flynnville Train - Flynnville Train Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advance - Flynnville Train - Flynnville Train Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Business Card Maker 2.0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Business Card Maker 2.0 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Call Recorder 1.3 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Call Recorder 1.3 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Diary 2.1 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Diary 2.1 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Email Extractor Pro 2.78 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Email Extractor Pro 2.78 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced File Organizer 3.0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced File Organizer 3.0 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Find and Replace 3.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Find and Replace 3.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Image Resizer 2.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Image Resizer 2.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Instant Messengers Password Recovery v3.50 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Instant Messengers Password Recovery v3.50 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced JPEG Compressor v5 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced JPEG Compressor v5 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced JPEG Compressor v5.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced JPEG Compressor v5.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Knack AK-Player 4.0.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Knack AK-Player 4.0.0 Keygen.zip ZIP: infected - 1 skipped
 
C:\WINDOWS\Fonts\'\Advanced Log Analyzer 1.6 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Log Analyzer 1.6 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced MP3 Converter V3.00 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced MP3 Converter V3.00 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Net Monitor for Classroom Professional 2.66 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Net Monitor for Classroom Professional 2.66 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Registry Doctor Pro 6.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Registry Doctor Pro 6.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Security Administrator 11.5 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Security Administrator 11.5 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced System Optimizer 2.01.4 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced System Optimizer 2.01.4 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller PRO 8.1 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller PRO 8.1 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller PRO v8.1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller PRO v8.1 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Windows Optimizer 5.11.3 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced Windows Optimizer 5.11.3 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced WMA Workshop v2.2 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advanced WMA Workshop v2.2 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advent Rising Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Advent Rising Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adventure Sex 4 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Adventure Sex 4 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aeon Flux (2005) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aeon Flux (2005) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aerial Mahjong Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aerial Mahjong Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aerial Mahjong Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aerial Mahjong Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aerosmith - Get Your Wings Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aerosmith - Get Your Wings Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aerosmith - Permanent Vacation Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aerosmith - Permanent Vacation Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aerosmith - Pump Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aerosmith - Pump Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Afghan Knights (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Afghan Knights (2007) Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Age Of Empires 2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Age Of Empires 2 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Age of Empires III Plus The War Chiefs Expansion Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Age of Empires III Plus The War Chiefs Expansion Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Age of Mythology Gold Edition Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Age of Mythology Gold Edition Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ages Of Pirates Caribbean Tales Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ages Of Pirates Caribbean Tales Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Agnitum Outpost Firewall Pro 2008 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Agnitum Outpost Firewall Pro 2008 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ahead Nero 7.9.6.0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Ahead Nero 7.9.6.0 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AI Roboform 6.9.8 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AI Roboform 6.9.8 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AI Roboform Pro v6.9.3 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AI Roboform Pro v6.9.3 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AI Roboform Pro v6.9.5 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AI Roboform Pro v6.9.5 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AI Roboform Pro v6.9.5 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AI Roboform Pro v6.9.5 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AI.Roboform.Pro.v6.9.3 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AI.Roboform.Pro.v6.9.3 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aide PDF to DXF Converter v4.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aide PDF to DXF Converter v4.0 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AIM Monitor Sniffer 3.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AIM Monitor Sniffer 3.0 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aimee Mann - Bachelor No. 2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aimee Mann - Bachelor No. 2 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Aimersoft DVD to Mobile Devices Converter Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Aimersoft DVD to Mobile Devices Converter Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Airport Tycoon 3 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Airport Tycoon 3 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AJC Active Backup v1.5.6 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AJC Active Backup v1.5.6 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AJC Diff v1.9.1 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AJC Diff v1.9.1 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AJC Diff v1.9.1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AJC Diff v1.9.1 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AJC Directory Synchronizer v2.7.6 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AJC Directory Synchronizer v2.7.6 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AJC Directory Synchronizer v2.7.6 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AJC Directory Synchronizer v2.7.6 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AJC Grep v1.3.4 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AJC Grep v1.3.4 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AJC Grep v1.3.4 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\AJC Grep v1.3.4 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Akon - In My Ghetto (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Akon - In My Ghetto (2007) Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Akon - In My Ghetto [2007] Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Akon - In My Ghetto [2007] Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Akon - Konvicted Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Akon - Konvicted Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Akon - Konvicted Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Akon - Konvicted Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Akon-Unplugged (Bootleg)-2007 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Akon-Unplugged (Bootleg)-2007 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Akti Blog 1.5.80 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Akti Blog 1.5.80 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alarm Master Plus v4.23 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alarm Master Plus v4.23 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alawar Star Defender 3 v1.19 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alawar Star Defender 3 v1.19 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Albert Fish (2007 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Albert Fish (2007 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alchemy Mindworks Presentation Wizard 2 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alchemy Mindworks Presentation Wizard 2 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alchemy, the Ancient Science Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alchemy, the Ancient Science Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.4719 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.4719 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.5403 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.5403 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.5403 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.5403 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.5429 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.5429 Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alcohol 120% v1.9.6.5429 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alcohol 120% v1.9.6.5429 Patch.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Algolab Photo Vector v1.98.65 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Algolab Photo Vector v1.98.65 Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alias Season 1 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\Alias Season 1 Crack.zip ZIP: infected - 1 skipped
 
You must log in or register to reply here.
Back
Top