Smitfraud-C.Toolbar888

L

liverdrop

New member
Here's my Jijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 9:28:53 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\ipmon.exe
C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
C:\WINDOWS\TEMP\1814437.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\smgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\scanner.exe.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\wvututq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9A04496D-82F3-8D7F-D97F-83ADDBE426C8} - C:\WINDOWS\system32\pif.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {B517B153-04DE-4143-8397-8902D56F8E42} - C:\WINDOWS\system32\ufwmrcpp.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\ilwjooyu.dll
O2 - BHO: (no name) - {EE725AE8-4F91-4F2F-BF4C-9E376C2464C7} - C:\WINDOWS\system32\ssttq.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [j1291532] rundll32 C:\WINDOWS\system32\j1291532.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\oxvxvyhb.dll",realset
O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\1814437.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\RunServices: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\§?dobe\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Wsjokl] C:\WINDOWS\s§?stem\n§àpdb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
O20 - Winlogon Notify: wvututq - C:\WINDOWS\SYSTEM32\wvututq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

I have tried the onlin scanner, it froze halfway through an had to shut off my IE. Then i tried safe mode, it just gave me a black screen with safemode written on the bottom corner and nothing else. So I scanned the computer a few times in normal mode with spybot, there were a few items related to the smitfraud that would not go away. Any help would be appreciated! Thanks much.
 
Last edited by a moderator:
I am very very sorry about this second post that I am making, but I am sort of in a very bad situation here and I need help pretty badly. I have read the "read before posting" thread but this is really urgent. I am leaving for vacation in 2 days. This is the only computer at home but my parents do not know anything about computers so I have to fix this before I leave.

Last night I downloaded a keygen program for mathtype and got the computer infected. I scanned the computer with Adaware and Spybot and attempted to remove everything on there, but a few things including Smittfraud just keep coming back. This morning I made a post on the forum, but after hours of waiting I have still not received replies while other people posting with the same topic received help within a few min. This may seem impatient or selfish of me, I understand the volunteers here are very busy but I'm starting to worry that maybe I am being ignored or maybe you guys didn't know how to fix my problem.

Again, I am very sorry for this second post and thank you for your patience.

I hope my computer isnt dying too quickly for it to be fixed. heres the newest hijacks log hope it helps. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 12:06:32 AM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\ipmon.exe
C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\smgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\scanner.exe.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\455781.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\wvututq.dll (file missing)
O2 - BHO: (no name) - {274B5F83-135E-463C-9B23-44B37B4A0A70} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\mljifcd.dll
O2 - BHO: (no name) - {8EB187F2-CD52-4AC3-ABF3-5AC3058731EC} - C:\WINDOWS\system32\geedc.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\fhpvybtb.dll
O2 - BHO: (no name) - {9A04496D-82F3-8D7F-D97F-83ADDBE426C8} - C:\WINDOWS\system32\pif.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {B517B153-04DE-4143-8397-8902D56F8E42} - C:\WINDOWS\system32\ufwmrcpp.dll (file missing)
O2 - BHO: (no name) - {FDA95400-4057-4D81-8C68-D377F899FAE7} - C:\WINDOWS\system32\jkklj.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [j1291532] rundll32 C:\WINDOWS\system32\j1291532.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\oxvxvyhb.dll",realset
O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\RunServices: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\§?dobe\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Wsjokl] C:\WINDOWS\s§?stem\n§àpdb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll
O20 - Winlogon Notify: mljifcd - C:\WINDOWS\SYSTEM32\mljifcd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
Last edited by a moderator:
Hi there.

liverdrop said:
I understand the volunteers here are very busy but I'm starting to worry that maybe I am being ignored or maybe you guys didn't know how to fix my problem.
Click to expand...

I see you started a topic yesterday. By bumping it, and also starting a second thread, assistance can be delayed as noted in our sticky topic. :sad:
liverdrop said:
This morning I made a post on the forum, but after hours of waiting I have still not received replies while other people posting with the same topic received help within a few min.
Click to expand...

The topic may sound the same, however each computer is different and your symptoms may only appear to be similar.

I will ask a helper to take a look as soon as able.
 
Hello liverdrop and welcome to the Forums :)

You have a nice malware collection there....

One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too.

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
 
SDFix

SDFix: Version 1.87

Run by Owner - 06/07/2007 Thu - 14:39:18.75

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service xpdx - Deleted after Reboot

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\539596~1 - Deleted
C:\WINDOWS\Temp\win17.tmp.exe - Deleted
C:\WINDOWS\Temp\win28.tmp.exe - Deleted
C:\WINDOWS\Temp\win2C.tmp.exe - Deleted
C:\WINDOWS\Temp\win31.tmp.exe - Deleted
C:\WINDOWS\Temp\win33.tmp.exe - Deleted
C:\WINDOWS\Temp\win3E.tmp.exe - Deleted
C:\WINDOWS\Temp\win3F.tmp.exe - Deleted
C:\WINDOWS\Temp\win42.tmp.exe - Deleted
C:\WINDOWS\Temp\win4B.tmp.exe - Deleted
C:\WINDOWS\Temp\win4FD.tmp.exe - Deleted
C:\WINDOWS\Temp\win4FF.tmp.exe - Deleted
C:\WINDOWS\Temp\win501.tmp.exe - Deleted
C:\WINDOWS\Temp\win503.tmp.exe - Deleted
C:\WINDOWS\Temp\win52B.tmp.exe - Deleted
C:\WINDOWS\Temp\win532.tmp.exe - Deleted
C:\WINDOWS\Temp\win53B.tmp.exe - Deleted
C:\WINDOWS\Temp\win544.tmp.exe - Deleted
C:\WINDOWS\Temp\win549.tmp.exe - Deleted
C:\WINDOWS\Temp\win54B.tmp.exe - Deleted
C:\WINDOWS\Temp\win554.tmp.exe - Deleted
C:\WINDOWS\Temp\win56A.tmp.exe - Deleted
C:\WINDOWS\Temp\win577.tmp.exe - Deleted
C:\WINDOWS\Temp\win59A.tmp.exe - Deleted
C:\WINDOWS\Temp\win59F.tmp.exe - Deleted
C:\WINDOWS\Temp\win5AA.tmp.exe - Deleted
C:\WINDOWS\Temp\win5D1.tmp.exe - Deleted
C:\WINDOWS\Temp\win5D5.tmp.exe - Deleted
C:\WINDOWS\Temp\win5F8.tmp.exe - Deleted
C:\WINDOWS\Temp\win5F9.tmp.exe - Deleted
C:\WINDOWS\Temp\win612.tmp.exe - Deleted
C:\WINDOWS\Temp\win614.tmp.exe - Deleted
C:\WINDOWS\Temp\win6C.tmp.exe - Deleted
C:\WINDOWS\Temp\win70.tmp.exe - Deleted
C:\WINDOWS\Temp\win73.tmp.exe - Deleted
C:\WINDOWS\Temp\win7D.tmp.exe - Deleted
C:\WINDOWS\Temp\winC.tmp.exe - Deleted
C:\WINDOWS\Temp\winE.tmp.exe - Deleted
C:\WINDOWS\Temp\cjnr4r4736DD722.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4736DD725.tmp - Deleted
C:\WINDOWS\system32\mlsdf8h6784504.exe - Deleted
C:\WINDOWS\Temp\win17.tmp.exe - Deleted
C:\WINDOWS\Temp\win28.tmp.exe - Deleted
C:\WINDOWS\Temp\win2C.tmp.exe - Deleted
C:\WINDOWS\Temp\win31.tmp.exe - Deleted
C:\WINDOWS\Temp\win33.tmp.exe - Deleted
C:\WINDOWS\Temp\win3E.tmp.exe - Deleted
C:\WINDOWS\Temp\win3F.tmp.exe - Deleted
C:\WINDOWS\Temp\win42.tmp.exe - Deleted
C:\WINDOWS\Temp\win4B.tmp.exe - Deleted
C:\WINDOWS\Temp\win4FD.tmp.exe - Deleted
C:\WINDOWS\Temp\win4FF.tmp.exe - Deleted
C:\WINDOWS\Temp\win501.tmp.exe - Deleted
C:\WINDOWS\Temp\win503.tmp.exe - Deleted
C:\WINDOWS\Temp\win52B.tmp.exe - Deleted
C:\WINDOWS\Temp\win532.tmp.exe - Deleted
C:\WINDOWS\Temp\win53B.tmp.exe - Deleted
C:\WINDOWS\Temp\win544.tmp.exe - Deleted
C:\WINDOWS\Temp\win549.tmp.exe - Deleted
C:\WINDOWS\Temp\win54B.tmp.exe - Deleted
C:\WINDOWS\Temp\win554.tmp.exe - Deleted
C:\WINDOWS\Temp\win56A.tmp.exe - Deleted
C:\WINDOWS\Temp\win577.tmp.exe - Deleted
C:\WINDOWS\Temp\win59A.tmp.exe - Deleted
C:\WINDOWS\Temp\win59F.tmp.exe - Deleted
C:\WINDOWS\Temp\win5AA.tmp.exe - Deleted
C:\WINDOWS\Temp\win5D1.tmp.exe - Deleted
C:\WINDOWS\Temp\win5D5.tmp.exe - Deleted
C:\WINDOWS\Temp\win5F8.tmp.exe - Deleted
C:\WINDOWS\Temp\win5F9.tmp.exe - Deleted
C:\WINDOWS\Temp\win612.tmp.exe - Deleted
C:\WINDOWS\Temp\win614.tmp.exe - Deleted
C:\WINDOWS\Temp\win6C.tmp.exe - Deleted
C:\WINDOWS\Temp\win70.tmp.exe - Deleted
C:\WINDOWS\Temp\win73.tmp.exe - Deleted
C:\WINDOWS\Temp\win7D.tmp.exe - Deleted
C:\WINDOWS\Temp\winC.tmp.exe - Deleted
C:\WINDOWS\Temp\winE.tmp.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\win5E.tmp.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\win62.tmp.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\uninstall.exe - Deleted
C:\WINDOWS\system32\max1d1641.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\wr.txt - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp*.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\win*.tmp - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\World of Warcraft\\WoW-1.7.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32"="C:\\WINDOWS\\system32:*:Enabled:lockx"
"C:\\Program Files\\World of Warcraft\\WoW-1.8.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe"="C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:aim"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Documents and Settings\\All Users\\Documents\\My Music\\Music Files\\Installers\\WoW\\BackgroundDownloader.exe"="C:\\Documents and Settings\\All Users\\Documents\\My Music\\Music Files\\Installers\\WoW\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win5C.tmp.exe"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win5C.tmp.exe:*:Enabled:win5C.tmp"
"C:\\WINDOWS\\TEMP\\win26.tmp.exe"="C:\\WINDOWS\\TEMP\\win26.tmp.exe:*:Enabled:win26.tmp"
"C:\\WINDOWS\\TEMP\\win66.tmp.exe"="C:\\WINDOWS\\TEMP\\win66.tmp.exe:*:Enabled:win66.tmp"
"C:\\WINDOWS\\TEMP\\win525.tmp.exe"="C:\\WINDOWS\\TEMP\\win525.tmp.exe:*:Enabled:win525.tmp"
"C:\\WINDOWS\\TEMP\\win564.tmp.exe"="C:\\WINDOWS\\TEMP\\win564.tmp.exe:*:Enabled:win564.tmp"
"C:\\WINDOWS\\TEMP\\win594.tmp.exe"="C:\\WINDOWS\\TEMP\\win594.tmp.exe:*:Enabled:win594.tmp"
"C:\\WINDOWS\\TEMP\\win5CB.tmp.exe"="C:\\WINDOWS\\TEMP\\win5CB.tmp.exe:*:Enabled:win5CB.tmp"
"C:\\WINDOWS\\TEMP\\win5EF.tmp.exe"="C:\\WINDOWS\\TEMP\\win5EF.tmp.exe:*:Enabled:win5EF.tmp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Program Files\World of Warcraft\Readme\dbghelp.dll
C:\Program Files\World of Warcraft\Readme\DivxDecoder.dll
C:\Program Files\World of Warcraft\Readme\fmod.dll
C:\Program Files\World of Warcraft\Readme\ijl15.dll
C:\Program Files\World of Warcraft\Readme\unicows.dll
C:\WINDOWS\system32\geedc.dll
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\World of Warcraft\Readme\BNUpdate.exe
C:\Program Files\World of Warcraft\Readme\Repair.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.2.3-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.2.4-to-1.3.0-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.3.1.4297-to-1.4.0-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.4.2.4375-to-1.5.0-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.5.1.4449-to-1.6.0-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.6.0.4500-to-1.6.1-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.6.1.4544-to-1.7.0-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.7.0-enUS-downloader.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.7.0-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.8.0-enUS-downloader.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.8.0-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe
C:\Program Files\World of Warcraft\Readme\WoW-1.8.3.4807-to-1.8.4.4878-enUS-patch.exe
C:\Program Files\World of Warcraft\Readme\WoW.exe
C:\Program Files\World of Warcraft\Readme\WowError.exe
C:\WINDOWS\Аdobe\dllhost.exe

Listing User Accounts:

User accounts for \\BATTLESTATIONCZ

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


Finished
 
Vundo

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 1:02:53 PM 6/6/2007

Listing files found while scanning....

C:\WINDOWS\system32\bhyvxvxo.ini
C:\WINDOWS\system32\gebbxwu.dll
C:\WINDOWS\system32\ilwjooyu.dll
C:\WINDOWS\system32\jkklkhh.dll
C:\WINDOWS\system32\opnmjhf.dll
C:\WINDOWS\system32\oxvxvyhb.dll
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\qttss.tmp
C:\WINDOWS\system32\ssqomlj.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\tuvursp.dll
C:\WINDOWS\system32\vylymuaw.dll
C:\WINDOWS\system32\wvututq.dll
C:\WINDOWS\system32\wvuvwut.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bhyvxvxo.ini
C:\WINDOWS\system32\bhyvxvxo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebbxwu.dll
C:\WINDOWS\system32\gebbxwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilwjooyu.dll
C:\WINDOWS\system32\ilwjooyu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklkhh.dll
C:\WINDOWS\system32\jkklkhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmjhf.dll
C:\WINDOWS\system32\opnmjhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oxvxvyhb.dll
C:\WINDOWS\system32\oxvxvyhb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\qttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.tmp
C:\WINDOWS\system32\qttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqomlj.dll
C:\WINDOWS\system32\ssqomlj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvursp.dll
C:\WINDOWS\system32\tuvursp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vylymuaw.dll
C:\WINDOWS\system32\vylymuaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvututq.dll
C:\WINDOWS\system32\wvututq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvwut.dll
C:\WINDOWS\system32\wvuvwut.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 2:42:58 PM 6/6/2007

Listing files found while scanning....


VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 5:25:09 PM 6/6/2007

Listing files found while scanning....

C:\WINDOWS\system32\gebbawt.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\nnnomkj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebbawt.dll
C:\WINDOWS\system32\gebbawt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jkklj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnomkj.dll
C:\WINDOWS\system32\nnnomkj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 6:02:41 PM 6/7/2007

Listing files found while scanning....

C:\WINDOWS\system32\awttrro.dll
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\mljifcd.dll
C:\WINDOWS\system32\pmnopqo.dll
C:\WINDOWS\system32\rqrppqr.dll
C:\WINDOWS\system32\wvuvtrp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awttrro.dll
C:\WINDOWS\system32\awttrro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\geedc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljifcd.dll
C:\WINDOWS\system32\mljifcd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnopqo.dll
C:\WINDOWS\system32\pmnopqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrppqr.dll
C:\WINDOWS\system32\rqrppqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvtrp.dll
C:\WINDOWS\system32\wvuvtrp.dll Has been deleted!

Performing Repairs to the registry.
Done!
 
hijack

Logfile of HijackThis v1.99.1
Scan saved at 6:14:28 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\ipmon.exe
C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\smgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\scanner.exe.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\wvututq.dll (file missing)
O2 - BHO: (no name) - {1D689806-AC94-46D5-8F80-9FC3387EDC7D} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {274B5F83-135E-463C-9B23-44B37B4A0A70} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\mljifcd.dll (file missing)
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\fhpvybtb.dll
O2 - BHO: (no name) - {9A04496D-82F3-8D7F-D97F-83ADDBE426C8} - C:\WINDOWS\system32\pif.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {B517B153-04DE-4143-8397-8902D56F8E42} - C:\WINDOWS\system32\ufwmrcpp.dll (file missing)
O2 - BHO: (no name) - {FDA95400-4057-4D81-8C68-D377F899FAE7} - C:\WINDOWS\system32\jkklj.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [j1291532] rundll32 C:\WINDOWS\system32\j1291532.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\oxvxvyhb.dll",realset
O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\RunServices: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\§?dobe\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Wsjokl] C:\WINDOWS\s§?stem\n§àpdb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
Ok looks better but we still have lots of work to do...

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
ComboFix 07-06-09.5 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-10 11:14:00 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ahhbgwov.dll
C:\WINDOWS\system32\hliawihn.dll
C:\WINDOWS\system32\winmyy32.dll
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\jkhhh.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\67GV8TK2\www.inter-focus.cn
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\67GV8TK2\www.inter-focus.cn\240180JP_Dark.swf\IFFLASHAD.sol
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\67GV8TK2\www.inter-focus.cn\IF240180JP_016.swf\IFFLASHAD.sol
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\67GV8TK2\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\avp.exe
C:\WINDOWS\hosts
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\smgr.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wnsapisu.exe
C:\WINDOWS\system32\wpcap.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\NPF

((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))

2007-06-10 10:56 93,696 --a------ C:\WINDOWS\system32\drvwuw.dll
2007-06-10 10:56 33,302 --a------ C:\WINDOWS\system32\ddcywtu.dll
2007-06-10 10:35 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 10:16 93,696 --a------ C:\WINDOWS\system32\drvvux.dll
2007-06-10 10:16 33,302 --a------ C:\WINDOWS\system32\xxyvurs.dll
2007-06-07 18:03 93,696 --a------ C:\WINDOWS\system32\drvpul.dll
2007-06-07 14:27 93,696 --a------ C:\WINDOWS\system32\drvjum.dll
2007-06-07 12:03 93,696 --a------ C:\WINDOWS\system32\drvjak.dll
2007-06-06 23:15 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-06-06 20:03 55,316 --a------ C:\WINDOWS\system32\fhpvybtb.dll
2007-06-06 19:54 28,160 --a------ C:\WINDOWS\system32\sysmon32.exe
2007-06-06 14:34 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-06 14:32 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-06 13:33 55,316 --a------ C:\WINDOWS\system32\amrgvsxb.dll
2007-06-06 13:02 <DIR> d-------- C:\VundoFix Backups
2007-06-06 12:44 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\McAfee
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-06-06 00:10 28,160 --a------ C:\WINDOWS\system32\winsys64.exe
2007-06-06 00:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-06 00:06 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-05 22:43 60,928 --a------ C:\WINDOWS\system32\pif.dll
2007-06-05 22:43 <DIR> d-------- C:\WINDOWS\sуstem
2007-06-05 22:42 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\jmrotsvu.exe
2007-06-05 22:42 <DIR> d-------- C:\WINDOWS\Аdobe
2007-06-05 22:35 351,526 --a------ C:\WINDOWS\WBDDA34I.DLL
2007-06-05 22:18 2,580 --a------ C:\WINDOWS\system32\ptjfllbb.exe
2007-06-05 22:12 14,868 --a------ C:\WINDOWS\system32\gjtpgqdf.exe
2007-06-05 22:12 10,752 --a------ C:\WINDOWS\system32\j1291532.dll
2007-06-05 22:01 30,720 --a------ C:\WINDOWS\system32\ipmon.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-10 14:50:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-06-07 18:26:34 -------- d-----w C:\Program Files\Starcraft
2007-06-07 16:12:04 -------- d-----w C:\Program Files\BigFix
2007-06-07 16:11:35 -------- d-----w C:\Program Files\Diablo II
2007-06-07 00:34:50 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-06 04:05:26 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-06 02:08:23 -------- d-----w C:\Program Files\Dragon
2007-06-05 16:26:34 -------- d-----w C:\Program Files\iTunes
2007-06-05 16:26:18 -------- d-----w C:\Program Files\iPod
2007-06-05 16:25:13 -------- d-----w C:\Program Files\QuickTime
2007-06-03 05:11:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 18:46:38 -------- d-----w C:\Program Files\DivX
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1D689806-AC94-46D5-8F80-9FC3387EDC7D}=C:\WINDOWS\system32\geedc.dll []
{274B5F83-135E-463C-9B23-44B37B4A0A70}=C:\WINDOWS\system32\ssttq.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{8A61098D-612B-4EF2-943D-64E920684061}=C:\WINDOWS\system32\xxyvurs.dll [2007-06-10 10:16]
{9A04496D-82F3-8D7F-D97F-83ADDBE426C8}=C:\WINDOWS\system32\pif.dll [2007-05-21 09:59]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
{FDA95400-4057-4D81-8C68-D377F899FAE7}=C:\WINDOWS\system32\jkklj.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 18:04]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24]
"VTTrayp"="VTtrayp.exe" [2004-10-12 06:00 C:\WINDOWS\system32\VTTrayp.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 14:17 C:\WINDOWS\SOUNDMAN.EXE]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-05 23:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"ipmon"="ipmon.exe" [2007-06-05 22:01 C:\WINDOWS\system32\ipmon.exe]
"jmrotsvu.exe"="C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe" [2007-06-05 22:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Aim6"="" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 21:46]
"Cpue"="C:\WINDOWS\Аdobe\dllhost.exe" []
"Wsjokl"="C:\WINDOWS\sуstem\nоpdb.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"E76DAFCF"=C:\WINDOWS\system32\rsbmsc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8A61098D-612B-4EF2-943D-64E920684061}"="C:\WINDOWS\system32\xxyvurs.dll" [2007-06-10 10:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvurs]
xxyvurs.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

Contents of the 'Scheduled Tasks' folder
2007-06-05 20:43:16 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 11:23:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-10 11:27:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-10 11:26
--- E O F ---
 
combofix

ComboFix 07-06-09.5 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-12 23:28:27 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dicwsrtl.dll
C:\WINDOWS\system32\hdwrgfnl.dll
C:\WINDOWS\system32\pftcdmdc.dll
C:\WINDOWS\system32\pjywblqv.dll
C:\WINDOWS\system32\svynjicl.dll
C:\WINDOWS\system32\xfsgrnxv.dll
C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\vvvwa.bak2
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\ltrswcid.ini
C:\WINDOWS\system32\lcijnyvs.ini
C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\vvvwa.bak2
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\awvvv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))


2007-06-12 23:19 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-06-12 23:19 <DIR> drahs---- C:\autorun.inf
2007-06-10 10:56 93,696 --a------ C:\WINDOWS\system32\drvwuw.dll
2007-06-10 10:56 33,302 --a------ C:\WINDOWS\system32\ddcywtu.dll
2007-06-10 10:35 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 10:16 93,696 --a------ C:\WINDOWS\system32\drvvux.dll
2007-06-10 10:16 33,302 --a------ C:\WINDOWS\system32\xxyvurs.dll
2007-06-07 18:03 93,696 --a------ C:\WINDOWS\system32\drvpul.dll
2007-06-07 14:27 93,696 --a------ C:\WINDOWS\system32\drvjum.dll
2007-06-07 12:03 93,696 --a------ C:\WINDOWS\system32\drvjak.dll
2007-06-06 23:15 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-06-06 20:03 55,316 --a------ C:\WINDOWS\system32\fhpvybtb.dll
2007-06-06 19:54 28,160 --a------ C:\WINDOWS\system32\sysmon32.exe
2007-06-06 14:34 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-06 14:32 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-06 13:33 55,316 --a------ C:\WINDOWS\system32\amrgvsxb.dll
2007-06-06 13:02 <DIR> d-------- C:\VundoFix Backups
2007-06-06 12:44 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\McAfee
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-06-06 00:10 28,160 --a------ C:\WINDOWS\system32\winsys64.exe
2007-06-06 00:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-06 00:06 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-05 22:43 60,928 --a------ C:\WINDOWS\system32\pif.dll
2007-06-05 22:43 <DIR> d-------- C:\WINDOWS\s§åstem
2007-06-05 22:42 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\jmrotsvu.exe
2007-06-05 22:42 <DIR> d-------- C:\WINDOWS\§¡dobe
2007-06-05 22:35 351,526 --a------ C:\WINDOWS\WBDDA34I.DLL
2007-06-05 22:18 2,580 --a------ C:\WINDOWS\system32\ptjfllbb.exe
2007-06-05 22:12 14,868 --a------ C:\WINDOWS\system32\gjtpgqdf.exe
2007-06-05 22:12 10,752 --a------ C:\WINDOWS\system32\j1291532.dll
2007-06-05 22:01 30,720 --a------ C:\WINDOWS\system32\ipmon.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 14:56:23 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-06-07 18:26:34 -------- d-----w C:\Program Files\Starcraft
2007-06-07 16:12:04 -------- d-----w C:\Program Files\BigFix
2007-06-07 16:11:35 -------- d-----w C:\Program Files\Diablo II
2007-06-07 00:34:50 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-06 04:05:26 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-06 02:08:23 -------- d-----w C:\Program Files\Dragon
2007-06-05 16:26:34 -------- d-----w C:\Program Files\iTunes
2007-06-05 16:26:18 -------- d-----w C:\Program Files\iPod
2007-06-05 16:25:13 -------- d-----w C:\Program Files\QuickTime
2007-06-03 05:11:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 18:46:38 -------- d-----w C:\Program Files\DivX
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1D689806-AC94-46D5-8F80-9FC3387EDC7D}=C:\WINDOWS\system32\geedc.dll []
{274B5F83-135E-463C-9B23-44B37B4A0A70}=C:\WINDOWS\system32\ssttq.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{8A61098D-612B-4EF2-943D-64E920684061}=C:\WINDOWS\system32\xxyvurs.dll [2007-06-10 10:16]
{9A04496D-82F3-8D7F-D97F-83ADDBE426C8}=C:\WINDOWS\system32\pif.dll [2007-05-21 09:59]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
{FDA95400-4057-4D81-8C68-D377F899FAE7}=C:\WINDOWS\system32\jkklj.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 18:04]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24]
"VTTrayp"="VTtrayp.exe" [2004-10-12 06:00 C:\WINDOWS\system32\VTTrayp.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 14:17 C:\WINDOWS\SOUNDMAN.EXE]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-05 23:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"ipmon"="ipmon.exe" [2007-06-05 22:01 C:\WINDOWS\system32\ipmon.exe]
"jmrotsvu.exe"="C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe" [2007-06-05 22:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Aim6"="" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 21:46]
"Cpue"="C:\WINDOWS\§¡dobe\dllhost.exe" []
"Wsjokl"="C:\WINDOWS\s§åstem\n§àpdb.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"E76DAFCF"=C:\WINDOWS\system32\rsbmsc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8A61098D-612B-4EF2-943D-64E920684061}"="C:\WINDOWS\system32\xxyvurs.dll" [2007-06-10 10:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvurs]
xxyvurs.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
2007-06-05 20:43:16 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 23:37:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-12 23:41:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-12 23:41
C:\ComboFix2.txt ... 2007-06-10 11:27

--- E O F ---
 
hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 11:25:51 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\ipmon.exe
C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\scanner.exe.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D689806-AC94-46D5-8F80-9FC3387EDC7D} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {274B5F83-135E-463C-9B23-44B37B4A0A70} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyvurs.dll
O2 - BHO: (no name) - {9A04496D-82F3-8D7F-D97F-83ADDBE426C8} - C:\WINDOWS\system32\pif.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {FDA95400-4057-4D81-8C68-D377F899FAE7} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {FE762005-5413-44FD-94E2-21BE6951F22F} - C:\WINDOWS\system32\awvvv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
O4 - HKLM\..\RunServices: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\¡ì?dobe\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Wsjokl] C:\WINDOWS\s¡ì?stem\n¡ì¨¤pdb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvurs - C:\WINDOWS\SYSTEM32\xxyvurs.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
You ran flash disinfector?

Please delete any previous versions of VundoFix.

Then we'll remove the old Java so that we'll get you clean
  • [*]Start
    [*]Control Panel
    [*]Add/Remove Programs
  • Delete the old Java,
    J2SE Runtime Environment 5.0 Update 2
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
 
Thank you so much!

Heres the Vundofix log, I am not home right now, but the person who ran the programs told me that Hijackthis did not produce a new log. I don't know if that's suppose to happen?






VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 1:02:53 PM 6/6/2007

Listing files found while scanning....

C:\WINDOWS\system32\bhyvxvxo.ini
C:\WINDOWS\system32\gebbxwu.dll
C:\WINDOWS\system32\ilwjooyu.dll
C:\WINDOWS\system32\jkklkhh.dll
C:\WINDOWS\system32\opnmjhf.dll
C:\WINDOWS\system32\oxvxvyhb.dll
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\qttss.tmp
C:\WINDOWS\system32\ssqomlj.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\tuvursp.dll
C:\WINDOWS\system32\vylymuaw.dll
C:\WINDOWS\system32\wvututq.dll
C:\WINDOWS\system32\wvuvwut.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bhyvxvxo.ini
C:\WINDOWS\system32\bhyvxvxo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebbxwu.dll
C:\WINDOWS\system32\gebbxwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilwjooyu.dll
C:\WINDOWS\system32\ilwjooyu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklkhh.dll
C:\WINDOWS\system32\jkklkhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmjhf.dll
C:\WINDOWS\system32\opnmjhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oxvxvyhb.dll
C:\WINDOWS\system32\oxvxvyhb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\qttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.tmp
C:\WINDOWS\system32\qttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqomlj.dll
C:\WINDOWS\system32\ssqomlj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvursp.dll
C:\WINDOWS\system32\tuvursp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vylymuaw.dll
C:\WINDOWS\system32\vylymuaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvututq.dll
C:\WINDOWS\system32\wvututq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvwut.dll
C:\WINDOWS\system32\wvuvwut.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 2:42:58 PM 6/6/2007

Listing files found while scanning....


VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 5:25:09 PM 6/6/2007

Listing files found while scanning....

C:\WINDOWS\system32\gebbawt.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\nnnomkj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebbawt.dll
C:\WINDOWS\system32\gebbawt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jkklj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnomkj.dll
C:\WINDOWS\system32\nnnomkj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 6:02:41 PM 6/7/2007

Listing files found while scanning....

C:\WINDOWS\system32\awttrro.dll
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\mljifcd.dll
C:\WINDOWS\system32\pmnopqo.dll
C:\WINDOWS\system32\rqrppqr.dll
C:\WINDOWS\system32\wvuvtrp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awttrro.dll
C:\WINDOWS\system32\awttrro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\geedc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljifcd.dll
C:\WINDOWS\system32\mljifcd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnopqo.dll
C:\WINDOWS\system32\pmnopqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrppqr.dll
C:\WINDOWS\system32\rqrppqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvtrp.dll
C:\WINDOWS\system32\wvuvtrp.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 1:43:55 AM 6/14/2007

Listing files found while scanning....

C:\windows\system32\ddcywtu.dll
C:\windows\system32\gjtpgqdf.exe
C:\windows\system32\j1291532.dll
C:\windows\system32\ptjfllbb.exe
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.ini
C:\windows\system32\vkratfxr.dll
C:\WINDOWS\system32\vtstq.dll
C:\windows\system32\xxyvurs.dll

Beginning removal...

Attempting to delete C:\windows\system32\ddcywtu.dll
C:\windows\system32\ddcywtu.dll Has been deleted!

Attempting to delete C:\windows\system32\gjtpgqdf.exe
C:\windows\system32\gjtpgqdf.exe Has been deleted!

Attempting to delete C:\windows\system32\j1291532.dll
C:\windows\system32\j1291532.dll Has been deleted!

Attempting to delete C:\windows\system32\ptjfllbb.exe
C:\windows\system32\ptjfllbb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini Has been deleted!

Attempting to delete C:\windows\system32\vkratfxr.dll
C:\windows\system32\vkratfxr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyvurs.dll
C:\windows\system32\xxyvurs.dll Has been deleted!

Performing Repairs to the registry.
Done!
 
sorry...nvm the no log thing...





Logfile of HijackThis v1.99.1
Scan saved at 1:34:55 AM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\scanner.exe.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D689806-AC94-46D5-8F80-9FC3387EDC7D} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {274B5F83-135E-463C-9B23-44B37B4A0A70} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A96B8B7-5943-4EA2-96D9-08A7A98E2EC0} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyvurs.dll (file missing)
O2 - BHO: (no name) - {9A04496D-82F3-8D7F-D97F-83ADDBE426C8} - C:\WINDOWS\system32\pif.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {FDA95400-4057-4D81-8C68-D377F899FAE7} - C:\WINDOWS\system32\jkklj.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\RunServices: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\¡ì?dobe\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Wsjokl] C:\WINDOWS\s¡ì?stem\n¡ì¨¤pdb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
Hi again, we'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Backup your registry:
  • Start
  • Run
  • Type the following to the box and hit Ok: regedit
  • A window opens, click on File
  • Choose Export form the menu
  • Change the save location to C:\
  • Give the filename, RegBackUp
  • Make sure that the filetype is set to Registryfiles (*.reg)
  • Click on Save and Close the window

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Please download and run Flash_Disinfector by sUBs to your desktop.
Do NOT run yet.

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

==================

Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
and any other programs you didn't install or don't recognize - if your not sure please ask first

Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.

jmrotsvu.exe

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - {1D689806-AC94-46D5-8F80-9FC3387EDC7D} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {274B5F83-135E-463C-9B23-44B37B4A0A70} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {5A96B8B7-5943-4EA2-96D9-08A7A98E2EC0} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyvurs.dll (file missing)
O2 - BHO: (no name) - {9A04496D-82F3-8D7F-D97F-83ADDBE426C8} - C:\WINDOWS\system32\pif.dll
O2 - BHO: (no name) - {FDA95400-4057-4D81-8C68-D377F899FAE7} - C:\WINDOWS\system32\jkklj.dll (file missing)
O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\RunServices: [E76DAFCF] C:\WINDOWS\system32\rsbmsc.exe
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\¡ì?dobe\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Wsjokl] C:\WINDOWS\s¡ì?stem\n¡ì¨¤pdb.exe

Please run Killbox.

Select "Delete on Reboot".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\pif.dll
C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe
C:\WINDOWS\system32\rsbmsc.exe
C:\WINDOWS\system32\drvwuw.dll
C:\WINDOWS\system32\drvvux.dll
C:\WINDOWS\system32\drvpul.dll
C:\WINDOWS\system32\drvjum.dll
C:\WINDOWS\system32\drvjak.dll
C:\WINDOWS\system32\fhpvybtb.dll
C:\WINDOWS\system32\sysmon32.exe
C:\WINDOWS\system32\amrgvsxb.dll
C:\WINDOWS\system32\winsys64.exe
C:\WINDOWS\WBDDA34I.DLL
C:\WINDOWS\system32\ptjfllbb.exe
C:\WINDOWS\system32\gjtpgqdf.exe
C:\WINDOWS\system32\j1291532.dll
C:\WINDOWS\system32\ipmon.exe
Click to expand...
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Select "All Files".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8A61098D-612B-4EF2-943D-64E920684061}"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4021e6df-0a2a-11da-b762-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
Click to expand...
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Use the Windows search
  • Start
  • Search
  • All files and folders
  • More advanced options
Checkmark these options:
  • "Search system folders"
  • "Search hidden files and folders"
  • "Search subfolders"
  • Search for this and delete if found: Info.exe
  • Search for this and delete if found: ipmon.exe
Run ATF Cleaner
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Run Flash_Disinfector tool.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Run ComboFix again.
================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
- fresh ComboFix log
 
combofix

ComboFix 07-06-09.5 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-17 11:00:35 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jtgutyjo.dll
C:\WINDOWS\system32\rybnbwkj.dll
C:\WINDOWS\system32\ojytugtj.ini
C:\WINDOWS\system32\jkwbnbyr.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-17 09:54 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-06-17 09:11 <DIR> d-------- C:\!KillBox
2007-06-17 08:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-17 08:15 84,004,826 --a------ C:\RegBackup.reg
2007-06-15 23:49 99,072 --a------ C:\mevqvvvb1.exe
2007-06-15 23:49 94,976 --a------ C:\mevqvvvb3.exe
2007-06-15 23:49 286,720 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-15 23:49 100,096 --a------ C:\mevqvvvb2.exe
2007-06-14 01:38 62,516 --a------ C:\WINDOWS\system32\rnxfstkh.dll
2007-06-12 23:19 <DIR> drahs---- C:\autorun.inf
2007-06-10 10:35 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-06 23:15 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-06-06 14:34 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-06 14:32 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-06 13:02 <DIR> d-------- C:\VundoFix Backups
2007-06-06 12:44 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\McAfee
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2007-06-06 12:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-06-06 00:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-06 00:06 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-05 22:43 <DIR> d-------- C:\WINDOWS\s§åstem
2007-06-05 22:42 <DIR> d-------- C:\WINDOWS\§¡dobe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 13:12:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-06-07 18:26:34 -------- d-----w C:\Program Files\Starcraft
2007-06-07 16:12:04 -------- d-----w C:\Program Files\BigFix
2007-06-07 16:11:35 -------- d-----w C:\Program Files\Diablo II
2007-06-07 00:34:50 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-06 04:05:26 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-06 02:08:23 -------- d-----w C:\Program Files\Dragon
2007-06-05 16:26:34 -------- d-----w C:\Program Files\iTunes
2007-06-05 16:26:18 -------- d-----w C:\Program Files\iPod
2007-06-05 16:25:13 -------- d-----w C:\Program Files\QuickTime
2007-06-03 05:11:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 18:04]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24]
"VTTrayp"="VTtrayp.exe" [2004-10-12 06:00 C:\WINDOWS\system32\VTTrayp.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 14:17 C:\WINDOWS\SOUNDMAN.EXE]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-05 23:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"jmrotsvu.exe"="C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe" []
"ipmon"="ipmon.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Aim6"="" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 21:46]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"Cpue"="C:\WINDOWS\§¡dobe\dllhost.exe" []
"Wsjokl"="C:\WINDOWS\s§åstem\n§àpdb.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"E76DAFCF"=C:\WINDOWS\system32\rsbmsc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
2007-06-05 20:43:16 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 11:05:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17 11:06:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-17 11:06
C:\ComboFix2.txt ... 2007-06-12 23:41
C:\ComboFix3.txt ... 2007-06-10 11:27

--- E O F ---
 
Avg1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

A V G A n t i - S p y w a r e - S c a n R e p o r t

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



+ C r e a t e d a t : 1 0 : 5 4 : 4 4 A M 6 / 1 7 / 2 0 0 7



+ S c a n r e s u l t :







C : \ P r o g r a m F i l e s \ A W S \ W e a t h e r B u g \ M i n i B u g T r a n s p o r t e r . d l l - > A d w a r e . A w s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ C o m m o n F i l e s \ R e a l \ W e a t h e r B u g \ M i n i B u g T r a n s p o r t e r . d l l - > A d w a r e . M i n i b u g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ p i f . d l l - > A d w a r e . P u r i t y S c a n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ H i j a c k T h i s \ b a c k u p s \ b a c k u p - 2 0 0 7 0 6 1 7 - 0 9 1 0 3 6 - 9 5 4 . d l l - > A d w a r e . P u r i t y S c a n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ P r o g r a m F i l e s \ U l t i m a t e D e f e n d e r - > A d w a r e . R o g u e S u s p e c t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / m l s d f 8 h 6 7 8 4 5 0 4 . e x e - > B a c k d o o r . H a c D e f . h g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / m a x 1 d 1 6 4 1 . e x e - > D i a l e r . G B D i a l e r . j : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 3 3 . t m p . e x e - > D o w n l o a d e r . A g e n t . b r f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 4 2 . t m p . e x e - > D o w n l o a d e r . A g e n t . b r f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 3 2 . t m p . e x e - > D o w n l o a d e r . A g e n t . b r f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 4 B . t m p . e x e - > D o w n l o a d e r . A g e n t . b r f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 6 1 4 . t m p . e x e - > D o w n l o a d e r . A g e n t . b r f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 7 3 . t m p . e x e - > D o w n l o a d e r . A g e n t . b r f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n E . t m p . e x e - > D o w n l o a d e r . A g e n t . b r f : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 2 8 . t m p . e x e - > D o w n l o a d e r . A l p h a b e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 4 F F . t m p . e x e - > D o w n l o a d e r . A l p h a b e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 E . t m p . e x e - > D o w n l o a d e r . A l p h a b e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ Q u a r a n t i n e \ C \ W I N D O W S \ s m g r . e x e . v i r - > D o w n l o a d e r . A l p h a b e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ W I N D O W S \ s m a n a g e r . 7 . e x e ~ - > D o w n l o a d e r . A l p h a b e t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ Q u a r a n t i n e \ C \ W I N D O W S \ a v p . e x e . v i r - > D o w n l o a d e r . A l p h a b e t . b : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ s y s m o n 3 2 . e x e - > D o w n l o a d e r . A l p h a b e t . c : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ Q u a r a n t i n e \ C \ P r o g r a m F i l e s \ C o m m o n F i l e s \ Y a z z l e 1 1 6 2 O i n A d m i n . e x e . v i r - > D o w n l o a d e r . P u r i t y S c a n . e g : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 3 1 . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 3 E . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 4 9 . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 9 F . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 D 5 . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 F 8 . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 6 1 2 . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 7 0 . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n C . t m p . e x e - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ Q u a r a n t i n e \ C \ W I N D O W S \ s v c h o s t . e x e . v i r - > L o g g e r . A g e n t . o r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

: m o z i l l a . 2 5 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

: m o z i l l a . 2 6 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

: m o z i l l a . 3 0 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

: m o z i l l a . 3 5 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

: m o z i l l a . 3 5 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

: m o z i l l a . 3 9 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

: m o z i l l a . 6 5 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

: m o z i l l a . 8 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

: m o z i l l a . 7 2 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d o b e : C l e a n e d .

: m o z i l l a . 7 4 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . B u r s t b e a c o n : C l e a n e d .

: m o z i l l a . 4 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . E s t a t : C l e a n e d .

: m o z i l l a . 5 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . F o r t u n e c i t y : C l e a n e d .

: m o z i l l a . 5 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . F o r t u n e c i t y : C l e a n e d .

: m o z i l l a . 7 8 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . G o o g l e a d s e r v i c e s : C l e a n e d .

: m o z i l l a . 7 8 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . G o o g l e a d s e r v i c e s : C l e a n e d .

: m o z i l l a . 1 3 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . H o t l o g : C l e a n e d .

: m o z i l l a . 4 8 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

: m o z i l l a . 4 8 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

: m o z i l l a . 4 8 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

: m o z i l l a . 5 1 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

: m o z i l l a . 5 1 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

: m o z i l l a . 5 1 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

: m o z i l l a . 5 2 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

: m o z i l l a . 5 2 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .
 
Avg2

: m o z i l l a . 5 2 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

: m o z i l l a . 1 3 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . M a s t e r s t a t s : C l e a n e d .

: m o z i l l a . 5 0 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . M s n : C l e a n e d .

: m o z i l l a . 5 0 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . M s n : C l e a n e d .

: m o z i l l a . 5 0 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . M s n : C l e a n e d .

: m o z i l l a . 5 0 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . M s n : C l e a n e d .

: m o z i l l a . 5 1 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . M s n : C l e a n e d .

: m o z i l l a . 5 1 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . M s n : C l e a n e d .

: m o z i l l a . 3 6 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . O v e r t u r e : C l e a n e d .

: m o z i l l a . 3 6 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . O v e r t u r e : C l e a n e d .

: m o z i l l a . 3 9 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . O v e r t u r e : C l e a n e d .

: m o z i l l a . 3 8 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . P a y c o u n t e r : C l e a n e d .

: m o z i l l a . 4 1 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . Q u e s t i o n m a r k e t : C l e a n e d .

: m o z i l l a . 4 1 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . Q u e s t i o n m a r k e t : C l e a n e d .

: m o z i l l a . 4 1 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . Q u e s t i o n m a r k e t : C l e a n e d .

: m o z i l l a . 3 4 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 4 4 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l m e d i a : C l e a n e d .

: m o z i l l a . 6 8 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l t r a c k e r : C l e a n e d .

: m o z i l l a . 4 5 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e v e n u e : C l e a n e d .

: m o z i l l a . 4 6 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e v s c i : C l e a n e d .

: m o z i l l a . 4 6 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e v s c i : C l e a n e d .

: m o z i l l a . 4 6 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e v s c i : C l e a n e d .

: m o z i l l a . 3 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R u 4 : C l e a n e d .

: m o z i l l a . 3 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R u 4 : C l e a n e d .

: m o z i l l a . 3 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R u 4 : C l e a n e d .

: m o z i l l a . 3 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R u 4 : C l e a n e d .

: m o z i l l a . 3 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R u 4 : C l e a n e d .

: m o z i l l a . 5 2 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

: m o z i l l a . 5 2 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

: m o z i l l a . 5 3 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

: m o z i l l a . 5 3 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

: m o z i l l a . 5 3 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

: m o z i l l a . 3 5 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S k y p e : C l e a n e d .

: m o z i l l a . 5 4 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S k y p e : C l e a n e d .

: m o z i l l a . 8 5 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S m a r t a d s e r v e r : C l e a n e d .

: m o z i l l a . 8 5 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S m a r t a d s e r v e r : C l e a n e d .

: m o z i l l a . 8 6 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S m a r t a d s e r v e r : C l e a n e d .

: m o z i l l a . 8 6 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S m a r t a d s e r v e r : C l e a n e d .

: m o z i l l a . 1 0 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S t a r w a r e : C l e a n e d .

: m o z i l l a . 1 0 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S t a r w a r e : C l e a n e d .

: m o z i l l a . 6 2 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . S t a r w a r e : C l e a n e d .

: m o z i l l a . 5 7 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

: m o z i l l a . 5 7 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

: m o z i l l a . 5 7 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

: m o z i l l a . 5 7 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

: m o z i l l a . 5 7 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

: m o z i l l a . 2 3 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a c k i n g 1 0 1 : C l e a n e d .

: m o z i l l a . 6 0 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d .

: m o z i l l a . 6 0 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d .
 
Avg3

: m o z i l l a . 6 0 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d .

: m o z i l l a . 6 0 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d .

: m o z i l l a . 6 0 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d .

: m o z i l l a . 6 0 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d .

: m o z i l l a . 6 0 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d .

: m o z i l l a . 6 1 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d .

: m o z i l l a . 6 1 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 1 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 1 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 1 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 1 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 2 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 2 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 2 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 2 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 2 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 6 2 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T r i b a l f u s i o n : C l e a n e d .

: m o z i l l a . 4 5 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . V a l u e a d : C l e a n e d .

: m o z i l l a . 4 5 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . V a l u e a d : C l e a n e d .

: m o z i l l a . 4 5 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . V a l u e a d : C l e a n e d .

: m o z i l l a . 4 5 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . V a l u e a d : C l e a n e d .

: m o z i l l a . 4 5 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . V a l u e a d : C l e a n e d .

: m o z i l l a . 2 3 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . W e b t r e n d s : C l e a n e d .

: m o z i l l a . 9 0 7 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : C l e a n e d .

: m o z i l l a . 9 0 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ 0 v f 1 i d r i . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : C l e a n e d .

C : \ ! K i l l B o x \ d r v j a k . d l l - > T r o j a n . A g e n t . q t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ d r v j u m . d l l - > T r o j a n . A g e n t . q t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ d r v p u l . d l l - > T r o j a n . A g e n t . q t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ d r v v u x . d l l - > T r o j a n . A g e n t . q t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ ! K i l l B o x \ d r v w u w . d l l - > T r o j a n . A g e n t . q t : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 2 C . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 4 F D . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 0 3 . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 2 B . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 4 4 . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 6 A . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 9 A . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 D 1 . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 5 F 9 . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 6 2 . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n 6 C . t m p . e x e - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ Q u a r a n t i n e \ C \ W I N D O W S \ s y s t e m 3 2 \ w i n m y y 3 2 . d l l . v i r - > T r o j a n . D i a l e r . q n : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ Q o o B o x \ Q u a r a n t i n e \ C \ W I N D O W S \ s y s t e m 3 2 \ w n s a p i s u . e x e . v i r - > T r o j a n . S m a l l : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .





: : R e p o r t e n d
 
You must log in or register to reply here.
Back
Top