Virtumonde, Advertising.com, DoubleClick

Hi

Looking better but let's take a look if more nasties present:

Download About:Buster from here. Once it is downloaded extract it to c:\aboutbuster. Do NOT use it yet.

Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

Now navigate to the c:\aboutbuster directory and double-click on AboutBuster.exe. Click Begin Removal to allow AboutBuster to scan. When it has finished, AboutBuster will open a 'Scan Completed' window. Click OK. Another information window will open. Click on Exit. AboutBuster will inform you that a log has been created. Click OK. I will need you to post that log later

Now reboot, and run hijackthis again and post a fresh log along with the about buster log.
 
AboutBuster 6.07
Scan started on [7/25/2007] at [7:51:09 AM]
-------------------------------------------------------------
C:\WINDOWS\addtz.dat
C:\WINDOWS\aoare.txt
C:\WINDOWS\apwcm.log
C:\WINDOWS\aswgx.log
C:\WINDOWS\bmbko.log
C:\WINDOWS\boome.log
C:\WINDOWS\bvxpg.log
C:\WINDOWS\bzqlq.log
C:\WINDOWS\clqyz.dat
C:\WINDOWS\cnpqd.dat
C:\WINDOWS\cwnfi.dat
C:\WINDOWS\cxpes.log
C:\WINDOWS\dmxrm.log
C:\WINDOWS\dvfwb.dat
C:\WINDOWS\dzxdl.log
C:\WINDOWS\fopzw.log
C:\WINDOWS\izcfr.dat
C:\WINDOWS\nsfjw.dat
C:\WINDOWS\n_bdaohx.log
C:\WINDOWS\rfkvx.dat
C:\WINDOWS\spcsy.dat
C:\WINDOWS\tyahw.dat
C:\WINDOWS\tymbc.log
C:\WINDOWS\uskox.dat
C:\WINDOWS\vxime.log
C:\WINDOWS\wotbw.log
C:\WINDOWS\wueaj.dat
C:\WINDOWS\xdoag.log
C:\WINDOWS\xhyhl.log
C:\WINDOWS\ycpxx.dat
C:\WINDOWS\System32\abxef.log
C:\WINDOWS\System32\borje.dat
C:\WINDOWS\System32\dmzky.dat
C:\WINDOWS\System32\fvyxr.dat
C:\WINDOWS\System32\zeglt.txt
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:53:56 AM
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:36 AM, on 7/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Documents and Settings\Roberts\Desktop\scanner\scanner.exe
C:\Program Files\America Online 9.0\shellmon.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1033&fid=RegXPWizCredOnly
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [waol.exe] C:\Program Files\America Online 9.0c\waol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/RR/Toolbar/rr-toolbar.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9886 bytes
 
Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\addtz.dat
C:\WINDOWS\aoare.txt
C:\WINDOWS\apwcm.log
C:\WINDOWS\aswgx.log
C:\WINDOWS\bmbko.log
C:\WINDOWS\boome.log
C:\WINDOWS\bvxpg.log
C:\WINDOWS\bzqlq.log
C:\WINDOWS\clqyz.dat
C:\WINDOWS\cnpqd.dat
C:\WINDOWS\cwnfi.dat
C:\WINDOWS\cxpes.log
C:\WINDOWS\dmxrm.log
C:\WINDOWS\dvfwb.dat
C:\WINDOWS\dzxdl.log
C:\WINDOWS\fopzw.log
C:\WINDOWS\izcfr.dat
C:\WINDOWS\nsfjw.dat
C:\WINDOWS\n_bdaohx.log
C:\WINDOWS\rfkvx.dat
C:\WINDOWS\spcsy.dat
C:\WINDOWS\tyahw.dat
C:\WINDOWS\tymbc.log
C:\WINDOWS\uskox.dat
C:\WINDOWS\vxime.log
C:\WINDOWS\wotbw.log
C:\WINDOWS\wueaj.dat
C:\WINDOWS\xdoag.log
C:\WINDOWS\xhyhl.log
C:\WINDOWS\ycpxx.dat
C:\WINDOWS\System32\abxef.log
C:\WINDOWS\System32\borje.dat
C:\WINDOWS\System32\dmzky.dat
C:\WINDOWS\System32\fvyxr.dat
C:\WINDOWS\System32\zeglt.txt

Save this as "CFScript" (you can replace existing CFScript)

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Re-run about:buster

Post:

- a fresh HijackThis log
- combofix report
- about:buster log
 
"Roberts" - 2007-07-25 9:24:45 - ComboFix 07-07-23.6 - Service Pack 1 NTFS
Command switches used :: C:\Documents and Settings\Roberts\Desktop\CFSript.txt


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-25 07:45 <DIR> d-------- C:\aboutbuster
2007-07-24 11:25 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 11:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-24 09:04 <DIR> d-------- C:\DOCUME~1\hi\APPLIC~1\tor
2007-07-24 00:12 <DIR> d-------- C:\DOCUME~1\hi\APPLIC~1\Talkback
2007-07-23 21:37 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-07-23 21:37 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2007-07-23 21:37 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-07-23 21:37 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-07-23 21:37 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2007-07-23 21:37 594,944 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-07-23 21:37 535,552 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-07-23 21:37 499,712 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-07-23 21:37 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2007-07-23 21:37 367,616 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-07-23 21:37 263,680 --a------ C:\WINDOWS\system32\rpcss.dll
2007-07-23 21:37 226,816 --a------ C:\WINDOWS\system32\es.dll
2007-07-23 21:37 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2007-07-23 21:37 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-07-23 21:37 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-07-23 21:37 1,194,496 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-07-23 21:37 1,183,744 --a------ C:\WINDOWS\system32\ole32.dll
2007-07-23 21:36 593,408 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-07-23 21:36 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-07-23 21:36 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-07-23 21:36 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-07-23 21:36 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2007-07-23 21:20 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-07-23 21:20 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-07-23 21:20 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-07-23 21:20 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-07-23 21:20 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-07-23 21:19 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-07-23 21:19 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-07-23 21:19 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-07-23 21:19 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-07-23 21:19 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-07-23 21:19 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-07-23 21:19 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-07-23 21:19 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-07-23 21:19 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-07-23 21:19 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-07-23 21:19 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-07-23 21:19 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-07-23 21:19 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-07-23 21:08 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2007-07-23 21:01 126,016 --a------ C:\WINDOWS\system32\eicieodt.dll
2007-07-23 17:48 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-23 05:01 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-23 04:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-07-23 04:48 <DIR> d-------- C:\WINDOWS\ehome
2007-07-23 04:33 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-07-23 04:33 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-07-23 04:33 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-07-23 04:33 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2007-07-23 04:32 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-07-23 04:32 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-07-23 04:32 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-07-23 04:32 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-07-23 04:32 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2007-07-23 04:32 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-07-23 04:32 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2007-07-23 04:30 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-07-23 04:30 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2007-07-23 04:30 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-07-23 04:28 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2007-07-23 04:22 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-07-23 04:20 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-07-23 04:20 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2007-07-23 04:20 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2007-07-23 04:20 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2007-07-23 04:19 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-07-23 04:18 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2007-07-23 04:18 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2007-07-23 04:18 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2007-07-23 04:14 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2007-07-23 04:14 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2007-07-23 04:14 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2007-07-23 04:14 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2007-07-23 04:13 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-07-23 04:13 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2007-07-23 04:13 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2007-07-23 04:13 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2007-07-23 04:13 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2007-07-23 04:13 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-07-23 04:13 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2007-07-23 04:13 16,384 --a------ C:\WINDOWS\system32\ups.exe
2007-07-23 04:13 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2007-07-23 04:12 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2007-07-23 04:12 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-07-23 04:10 9,856 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-23 04:10 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2007-07-23 04:09 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-07-23 04:09 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2007-07-23 04:09 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-07-23 04:09 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2007-07-23 04:09 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2007-07-23 04:03 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2007-07-23 04:03 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-07-23 04:02 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 11:58:48 -------- d-----w C:\Program Files\Plaxo
2007-07-25 11:57:40 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-07-24 15:21:27 -------- d-----w C:\Program Files\Lx_cats
2007-07-23 08:50:23 -------- d-----w C:\Program Files\Messenger
2007-07-23 08:48:12 -------- d-----w C:\Program Files\Movie Maker
2007-07-20 07:59:15 335 ----a-w C:\WINDOWS\nsreg.dat
2007-07-20 07:58:47 2,934 ----a-w C:\WINDOWS\mozver.dat
2007-07-12 20:10:40 -------- d-----w C:\Program Files\Lexmark 2300 Series
2007-07-04 10:02:11 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-07-04 10:01:57 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-04 09:59:58 -------- d-----w C:\Program Files\Common Files\Logitech
2007-06-30 08:27:41 -------- d-----w C:\DOCUME~1\Roberts\APPLIC~1\dvdcss
2007-06-27 03:58:06 -------- d-----w C:\Program Files\mIRC
2007-06-25 23:46:14 -------- d--h--w C:\Program Files\Incomplete
2007-05-18 10:43:38 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2006-01-23 21:43:37 1,598,576 ----a-w C:\Program Files\Aqua_Teen_Hunger_Force.mp3
2005-12-21 20:52:46 19,328 ----a-w C:\DOCUME~1\Roberts\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-12-13 00:30:22 146,207 ----a-w C:\Program Files\meteor.wmv
2005-12-13 00:13:21 2,888,042 ----a-w C:\Program Files\xmaslights2.wmv
2005-12-12 23:59:42 4,675,706 ----a-w C:\Program Files\xmaslights.wmv
2005-11-06 01:20:29 2,118,296 ----a-w C:\Program Files\Shareaza_2.2.1.0.exe
2005-11-05 01:30:12 2,452,326 ----a-w C:\Program Files\DCPlusPlus-0.668.exe
2005-11-04 09:50:53 7,924,880 ----a-w C:\Program Files\trillian-v3[1].1.exe
2005-11-04 08:05:58 107,018 ----a-w C:\Program Files\myJabFull3557.exe
2005-11-04 07:42:21 3,422,528 ----a-w C:\Program Files\BSLITEINSTALL.exe
2005-11-04 02:22:21 353,381 ----a-w C:\Program Files\LimeWireWin.exe
2005-11-04 01:57:22 5,658,296 ----a-w C:\Program Files\iMeshV6.exe
2005-10-30 00:40:57 42,463 ----a-w C:\Program Files\mythoy2k5cgtrn1.zip
2005-10-29 23:50:01 11,572,208 ----a-w C:\Program Files\QuickTimeFullInstaller.exe
2005-10-09 06:03:29 1,255,397 ----a-w C:\Program Files\morphclientsetup.exe
2005-10-08 05:06:59 1,258,698 ----a-w C:\Program Files\aresp2psetup.exe
2005-08-04 06:52:59 1,082,536 ----a-w C:\Program Files\LitHelper.zip
2005-07-28 02:28:19 10,436 ----a-w C:\Program Files\StatFrenzy.zip
2005-07-28 02:26:50 98,097 ----a-w C:\Program Files\Super Smilies.zip
2005-07-28 02:25:58 61,313 ----a-w C:\Program Files\Emote Buddy.zip
2005-07-20 06:21:50 698,608 ----a-w C:\Program Files\gmouse20.zip
2005-07-20 06:15:45 604,109 ----a-w C:\Program Files\rsmilguide.exe
2005-07-20 06:11:14 862,919 ----a-w C:\Program Files\guidepackage2.zip
2005-07-20 06:04:13 595,780 ----a-w C:\Program Files\guidepackage.zip
2005-07-02 16:27:43 6,816,904 ----a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2005-06-08 21:52:56 1,692,260 ----a-w C:\Program Files\swiftswitch(lite).exe
2005-06-04 04:59:59 4,466,776 ----a-w C:\Program Files\Install_AIM.exe
2005-06-02 19:47:06 20,798,256 ----a-w C:\Program Files\AdbeRdr70_enu_full.exe
2005-06-02 18:54:06 41,904 ----a-w C:\Program Files\AssignmentLetter-1117738441.pdf
2005-05-30 06:53:01 41,904 ----a-w C:\Program Files\AssignmentLetter-1117435978.pdf


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-05-27 20:14]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" []
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 20:34]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 17:52]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 00:41]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
"HostManager"="C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe" [2006-09-25 20:52]
"waol.exe"="C:\Program Files\America Online 9.0c\waol.exe" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-29 21:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 02:07]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 08:05]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2007-01-12 03:09]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-01-12 03:12]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-25 11:44]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-20 02:21]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe" [2006-08-30 13:46]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-12-08 14:55]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-09-25 20:52]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 07:17]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-06-01 23:27]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-13 19:32:13]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 19:06:54]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 10:30:54]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

R0 srescan;srescan;C:\WINDOWS\System32\ZoneLabs\srescan.sys
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\System32\Drivers\SbcpHid.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\System32\drivers\ASCTRM.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\System32\Drivers\LBeepKE.sys
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver;C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\System32\DRIVERS\Wdf01000.sys
S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\L8042mou.Sys
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\LHidKE.Sys
S3 LMouKE;SetPoint Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\LMouKE.Sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 09:30:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000642

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-25 9:37:10
C:\ComboFix-quarantined-files.txt ... 2007-07-25 09:34
C:\ComboFix2.txt ... 2007-07-25 07:22
C:\ComboFix3.txt ... 2007-07-24 14:56

--- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:13 AM, on 7/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Roberts\Desktop\scanner\scanner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1033&fid=RegXPWizCredOnly
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [waol.exe] C:\Program Files\America Online 9.0c\waol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/RR/Toolbar/rr-toolbar.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6094FFF-E6FF-48FF-AA1B-DE1D451CE2E8}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9793 bytes
 
AboutBuster 6.07
Scan started on [7/25/2007] at [9:39:44 AM]
-------------------------------------------------------------
C:\WINDOWS\addtz.dat
C:\WINDOWS\aoare.txt
C:\WINDOWS\apwcm.log
C:\WINDOWS\aswgx.log
C:\WINDOWS\bmbko.log
C:\WINDOWS\boome.log
C:\WINDOWS\bvxpg.log
C:\WINDOWS\bzqlq.log
C:\WINDOWS\clqyz.dat
C:\WINDOWS\cnpqd.dat
C:\WINDOWS\cwnfi.dat
C:\WINDOWS\cxpes.log
C:\WINDOWS\dmxrm.log
C:\WINDOWS\dvfwb.dat
C:\WINDOWS\dzxdl.log
C:\WINDOWS\fopzw.log
C:\WINDOWS\izcfr.dat
C:\WINDOWS\nsfjw.dat
C:\WINDOWS\n_bdaohx.log
C:\WINDOWS\rfkvx.dat
C:\WINDOWS\spcsy.dat
C:\WINDOWS\tyahw.dat
C:\WINDOWS\tymbc.log
C:\WINDOWS\uskox.dat
C:\WINDOWS\vxime.log
C:\WINDOWS\wotbw.log
C:\WINDOWS\wueaj.dat
C:\WINDOWS\xdoag.log
C:\WINDOWS\xhyhl.log
C:\WINDOWS\ycpxx.dat
C:\WINDOWS\System32\abxef.log
C:\WINDOWS\System32\borje.dat
C:\WINDOWS\System32\dmzky.dat
C:\WINDOWS\System32\fvyxr.dat
C:\WINDOWS\System32\zeglt.txt
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:42:08 AM
 
Hi

There's a spelling error in your file:

Command switches used :: C:\Documents and Settings\Roberts\Desktop\CFSript.txt

It should be:

Command switches used :: C:\Documents and Settings\Roberts\Desktop\CFScript.txt

Rename that file and try again, please :)
 
"Roberts" - 2007-07-25 10:09:50 - ComboFix 07-07-23.6 - Service Pack 1 NTFS
Command switches used :: C:\Documents and Settings\Roberts\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\addtz.dat
C:\WINDOWS\aoare.txt
C:\WINDOWS\apwcm.log
C:\WINDOWS\aswgx.log
C:\WINDOWS\bmbko.log
C:\WINDOWS\boome.log
C:\WINDOWS\bvxpg.log
C:\WINDOWS\bzqlq.log
C:\WINDOWS\clqyz.dat
C:\WINDOWS\cnpqd.dat
C:\WINDOWS\cwnfi.dat
C:\WINDOWS\cxpes.log
C:\WINDOWS\dmxrm.log
C:\WINDOWS\dvfwb.dat
C:\WINDOWS\dzxdl.log
C:\WINDOWS\fopzw.log
C:\WINDOWS\izcfr.dat
C:\WINDOWS\n_bdaohx.log
C:\WINDOWS\nsfjw.dat
C:\WINDOWS\rfkvx.dat
C:\WINDOWS\spcsy.dat
C:\WINDOWS\System32\abxef.log
C:\WINDOWS\System32\borje.dat
C:\WINDOWS\System32\dmzky.dat
C:\WINDOWS\System32\fvyxr.dat
C:\WINDOWS\System32\zeglt.txt
C:\WINDOWS\tyahw.dat
C:\WINDOWS\tymbc.log
C:\WINDOWS\uskox.dat
C:\WINDOWS\vxime.log
C:\WINDOWS\wotbw.log
C:\WINDOWS\wueaj.dat
C:\WINDOWS\xdoag.log
C:\WINDOWS\xhyhl.log
C:\WINDOWS\ycpxx.dat


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-25 07:45 <DIR> d-------- C:\aboutbuster
2007-07-24 11:25 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 11:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-24 09:04 <DIR> d-------- C:\DOCUME~1\hi\APPLIC~1\tor
2007-07-24 00:12 <DIR> d-------- C:\DOCUME~1\hi\APPLIC~1\Talkback
2007-07-23 21:37 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-07-23 21:37 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2007-07-23 21:37 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-07-23 21:37 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-07-23 21:37 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2007-07-23 21:37 594,944 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-07-23 21:37 535,552 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-07-23 21:37 499,712 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-07-23 21:37 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2007-07-23 21:37 367,616 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-07-23 21:37 263,680 --a------ C:\WINDOWS\system32\rpcss.dll
2007-07-23 21:37 226,816 --a------ C:\WINDOWS\system32\es.dll
2007-07-23 21:37 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2007-07-23 21:37 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-07-23 21:37 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-07-23 21:37 1,194,496 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-07-23 21:37 1,183,744 --a------ C:\WINDOWS\system32\ole32.dll
2007-07-23 21:36 593,408 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-07-23 21:36 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-07-23 21:36 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-07-23 21:36 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-07-23 21:36 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2007-07-23 21:20 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-07-23 21:20 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-07-23 21:20 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-07-23 21:20 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-07-23 21:20 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-07-23 21:19 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-07-23 21:19 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-07-23 21:19 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-07-23 21:19 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-07-23 21:19 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-07-23 21:19 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-07-23 21:19 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-07-23 21:19 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-07-23 21:19 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-07-23 21:19 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-07-23 21:19 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-07-23 21:19 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-07-23 21:19 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-07-23 21:08 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2007-07-23 21:01 126,016 --a------ C:\WINDOWS\system32\eicieodt.dll
2007-07-23 17:48 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-23 05:01 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-23 04:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-07-23 04:48 <DIR> d-------- C:\WINDOWS\ehome
2007-07-23 04:33 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-07-23 04:33 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-07-23 04:33 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-07-23 04:33 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2007-07-23 04:32 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-07-23 04:32 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-07-23 04:32 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-07-23 04:32 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-07-23 04:32 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2007-07-23 04:32 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-07-23 04:32 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2007-07-23 04:30 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-07-23 04:30 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2007-07-23 04:30 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-07-23 04:28 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2007-07-23 04:22 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-07-23 04:20 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-07-23 04:20 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2007-07-23 04:20 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2007-07-23 04:20 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2007-07-23 04:19 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-07-23 04:18 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2007-07-23 04:18 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2007-07-23 04:18 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2007-07-23 04:14 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2007-07-23 04:14 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2007-07-23 04:14 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2007-07-23 04:14 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2007-07-23 04:13 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-07-23 04:13 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2007-07-23 04:13 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2007-07-23 04:13 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2007-07-23 04:13 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2007-07-23 04:13 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-07-23 04:13 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2007-07-23 04:13 16,384 --a------ C:\WINDOWS\system32\ups.exe
2007-07-23 04:13 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2007-07-23 04:12 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2007-07-23 04:12 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-07-23 04:10 9,856 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-23 04:10 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2007-07-23 04:09 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-07-23 04:09 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2007-07-23 04:09 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-07-23 04:09 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2007-07-23 04:09 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2007-07-23 04:03 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2007-07-23 04:03 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-07-23 04:02 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 11:58:48 -------- d-----w C:\Program Files\Plaxo
2007-07-25 11:57:40 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-07-24 15:21:27 -------- d-----w C:\Program Files\Lx_cats
2007-07-23 08:50:23 -------- d-----w C:\Program Files\Messenger
2007-07-23 08:48:12 -------- d-----w C:\Program Files\Movie Maker
2007-07-20 07:59:15 335 ----a-w C:\WINDOWS\nsreg.dat
2007-07-20 07:58:47 2,934 ----a-w C:\WINDOWS\mozver.dat
2007-07-12 20:10:40 -------- d-----w C:\Program Files\Lexmark 2300 Series
2007-07-04 10:02:11 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-07-04 10:01:57 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-04 09:59:58 -------- d-----w C:\Program Files\Common Files\Logitech
2007-06-30 08:27:41 -------- d-----w C:\DOCUME~1\Roberts\APPLIC~1\dvdcss
2007-06-27 03:58:06 -------- d-----w C:\Program Files\mIRC
2007-06-25 23:46:14 -------- d--h--w C:\Program Files\Incomplete
2007-05-18 10:43:38 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2006-01-23 21:43:37 1,598,576 ----a-w C:\Program Files\Aqua_Teen_Hunger_Force.mp3
2005-12-21 20:52:46 19,328 ----a-w C:\DOCUME~1\Roberts\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-12-13 00:30:22 146,207 ----a-w C:\Program Files\meteor.wmv
2005-12-13 00:13:21 2,888,042 ----a-w C:\Program Files\xmaslights2.wmv
2005-12-12 23:59:42 4,675,706 ----a-w C:\Program Files\xmaslights.wmv
2005-11-06 01:20:29 2,118,296 ----a-w C:\Program Files\Shareaza_2.2.1.0.exe
2005-11-05 01:30:12 2,452,326 ----a-w C:\Program Files\DCPlusPlus-0.668.exe
2005-11-04 09:50:53 7,924,880 ----a-w C:\Program Files\trillian-v3[1].1.exe
2005-11-04 08:05:58 107,018 ----a-w C:\Program Files\myJabFull3557.exe
2005-11-04 07:42:21 3,422,528 ----a-w C:\Program Files\BSLITEINSTALL.exe
2005-11-04 02:22:21 353,381 ----a-w C:\Program Files\LimeWireWin.exe
2005-11-04 01:57:22 5,658,296 ----a-w C:\Program Files\iMeshV6.exe
2005-10-30 00:40:57 42,463 ----a-w C:\Program Files\mythoy2k5cgtrn1.zip
2005-10-29 23:50:01 11,572,208 ----a-w C:\Program Files\QuickTimeFullInstaller.exe
2005-10-09 06:03:29 1,255,397 ----a-w C:\Program Files\morphclientsetup.exe
2005-10-08 05:06:59 1,258,698 ----a-w C:\Program Files\aresp2psetup.exe
2005-08-04 06:52:59 1,082,536 ----a-w C:\Program Files\LitHelper.zip
2005-07-28 02:28:19 10,436 ----a-w C:\Program Files\StatFrenzy.zip
2005-07-28 02:26:50 98,097 ----a-w C:\Program Files\Super Smilies.zip
2005-07-28 02:25:58 61,313 ----a-w C:\Program Files\Emote Buddy.zip
2005-07-20 06:21:50 698,608 ----a-w C:\Program Files\gmouse20.zip
2005-07-20 06:15:45 604,109 ----a-w C:\Program Files\rsmilguide.exe
2005-07-20 06:11:14 862,919 ----a-w C:\Program Files\guidepackage2.zip
2005-07-20 06:04:13 595,780 ----a-w C:\Program Files\guidepackage.zip
2005-07-02 16:27:43 6,816,904 ----a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2005-06-08 21:52:56 1,692,260 ----a-w C:\Program Files\swiftswitch(lite).exe
2005-06-04 04:59:59 4,466,776 ----a-w C:\Program Files\Install_AIM.exe
2005-06-02 19:47:06 20,798,256 ----a-w C:\Program Files\AdbeRdr70_enu_full.exe
2005-06-02 18:54:06 41,904 ----a-w C:\Program Files\AssignmentLetter-1117738441.pdf
2005-05-30 06:53:01 41,904 ----a-w C:\Program Files\AssignmentLetter-1117435978.pdf


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-05-27 20:14]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" []
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 20:34]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 17:52]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 00:41]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
"HostManager"="C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe" [2006-09-25 20:52]
"waol.exe"="C:\Program Files\America Online 9.0c\waol.exe" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-29 21:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 02:07]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 08:05]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2007-01-12 03:09]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-01-12 03:12]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-25 11:44]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-20 02:21]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe" [2006-08-30 13:46]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-12-08 14:55]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-09-25 20:52]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 07:17]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-06-01 23:27]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-13 19:32:13]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 19:06:54]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 10:30:54]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

R0 srescan;srescan;C:\WINDOWS\System32\ZoneLabs\srescan.sys
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\System32\Drivers\SbcpHid.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\System32\drivers\ASCTRM.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\System32\Drivers\LBeepKE.sys
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver;C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\System32\DRIVERS\Wdf01000.sys
S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\L8042mou.Sys
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\LHidKE.Sys
S3 LMouKE;SetPoint Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\LMouKE.Sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 10:17:56
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000d08

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-25 10:22:10
C:\ComboFix-quarantined-files.txt ... 2007-07-25 10:19
C:\ComboFix2.txt ... 2007-07-25 09:37
C:\ComboFix3.txt ... 2007-07-25 07:22

--- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:23 AM, on 7/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Roberts\Desktop\scanner\scanner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1033&fid=RegXPWizCredOnly
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [waol.exe] C:\Program Files\America Online 9.0c\waol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/RR/Toolbar/rr-toolbar.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6094FFF-E6FF-48FF-AA1B-DE1D451CE2E8}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9760 bytes
 
AboutBuster 6.07
Scan started on [7/25/2007] at [10:28:18 AM]
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:32:20 AM
 
Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
Wednesday, July 25, 2007 7:07:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 25/07/2007
Kaspersky Anti-Virus database records: 367662


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 86741
Number of viruses found 11
Number of infected objects 38
Number of suspicious objects 2
Duration of the scan process 01:24:49

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\b4rbr\MyDB.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\b4rbr\toolbar.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\b4rbr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\b4rbr.abi Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\b4rbr.aby Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\b4r00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1281OinUninstaller.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Roberts\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped

C:\Documents and Settings\Roberts\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped

C:\Documents and Settings\Roberts\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped

C:\Documents and Settings\Roberts\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped

C:\Documents and Settings\Roberts\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped

C:\Documents and Settings\Roberts\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Roberts\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Roberts\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Roberts\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Roberts\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Roberts\Local Settings\Temp\~DF1F5E.tmp Object is locked skipped

C:\Documents and Settings\Roberts\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Roberts\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Roberts\ntuser.dat.LOG Object is locked skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\awtsq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\dhaxsmxu.dll.vir Infected: Trojan.Win32.BHO.bd skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\fccbbbc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197188.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197189.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197190.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197191.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197192.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197193.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197195.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197196.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197197.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197198.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197199.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197201.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197202.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197203.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197204.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197205.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197206.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197207.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197208.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197209.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197210.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197211.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197212.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197213.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197214.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197215.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197216.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197217.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197218.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197219.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197220.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197221.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197222.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197223.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197224.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197225.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197226.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197227.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197228.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197229.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197230.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197231.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197232.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197233.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197234.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197235.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197236.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197237.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197238.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197239.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197240.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197241.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197242.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197243.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197244.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197245.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197247.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197248.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197249.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197250.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197251.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197252.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197253.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197254.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197255.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197256.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197257.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197258.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197260.exe Object is locked skipped
 
C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197262.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197263.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197264.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197265.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197266.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197267.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197268.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197269.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197270.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197271.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197272.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197273.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197274.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197275.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197276.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197277.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197278.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197279.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197280.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197281.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197282.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197283.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197284.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197285.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197286.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197287.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197288.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197289.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197290.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197291.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197292.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197295.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197296.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197297.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197298.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197299.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197300.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197301.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197302.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197303.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197304.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197305.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197306.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197307.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197308.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197309.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197310.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197311.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197312.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197313.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197314.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197316.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197317.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197318.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197319.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197320.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197321.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197322.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197323.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197343.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197345.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197346.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197349.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197350.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197351.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197352.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197353.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197354.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197355.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197356.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197357.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197358.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197359.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197360.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197361.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197362.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197363.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197364.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197365.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197366.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197367.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197368.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197369.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197370.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197371.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197372.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197373.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197374.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197375.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197376.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197377.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197378.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197379.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197380.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197381.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197382.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197383.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197384.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197385.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197386.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197387.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197388.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197389.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197390.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197391.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197392.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197394.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197395.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197396.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197397.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197398.exe Object is locked skipped
 
C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197399.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197400.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197401.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197402.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197403.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197404.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197405.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197406.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197407.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197408.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197409.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197410.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197411.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197412.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197413.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197414.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197415.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197416.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197417.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197418.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197419.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197420.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197421.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197422.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197423.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197424.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197425.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197426.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197432.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197433.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197434.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197435.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197436.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197437.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197438.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197439.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197440.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197441.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197442.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197443.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197444.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197445.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197451.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197452.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197453.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197454.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197455.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197456.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197457.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197458.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197459.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197460.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197464.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197465.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197466.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197467.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197468.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197469.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197470.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197471.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197473.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197474.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197475.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197476.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197477.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197478.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197479.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197480.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197481.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197482.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197483.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197484.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197485.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197486.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197487.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197489.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197490.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197491.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197492.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197493.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197494.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197495.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197496.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197497.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197498.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197499.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197500.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197501.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197502.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197503.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197504.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197505.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197506.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197507.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197508.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197509.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197510.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197511.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197512.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197513.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197514.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197515.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197516.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197517.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197518.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197519.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197520.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197521.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197522.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197523.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197524.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197525.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197526.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197527.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197528.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197529.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197530.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197531.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197532.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197533.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197534.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197535.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197536.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197537.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197538.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197539.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197540.exe Object is locked skipped
 
C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197541.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197542.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197543.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197544.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197545.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197546.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197548.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197549.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197550.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197551.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197552.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197553.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197554.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197555.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197556.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197557.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197558.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197559.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197560.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197561.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197562.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197563.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197564.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197565.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197567.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197568.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197569.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197570.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197571.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197572.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197573.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197574.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197575.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197576.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197577.dll Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197578.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197579.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197580.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197581.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197583.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197584.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197585.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197586.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197587.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197588.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197589.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197590.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197591.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP777\A0197768.dll Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP778\A0198381.dll Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP778\A0198419.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP778\A0198421.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP778\A0198531.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203635.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:dltfl:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:imcpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:jfuzvt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:kcyty:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:mjrigr:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:phzsog:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:raozp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:tvnuv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:xfegbu:$DATA Infected: Trojan.Win32.Agent.bi skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:xfixif:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:xrqjrf:$DATA Infected: Trojan-Downloader.Win32.Small.biz skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:xsnelw:$DATA Infected: Trojan-Downloader.Win32.Small.biz skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:xzcgpj:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:ykafqu:$DATA Infected: Trojan-Downloader.Win32.Small.biz skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:ypefsh:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:zcvzv:$DATA Infected: Trojan-Downloader.Win32.Small.biz skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:zqhhl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:zvgjsq:$DATA Infected: Trojan-Downloader.Win32.Small.biz skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP780\A0203677.pif:zzhcce:$DATA Infected: Trojan.Win32.Agent.hg skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP789\A0207292.exe Object is locked skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP789\A0207293.dll Infected: Trojan.Win32.BHO.bd skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP789\A0207296.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP789\A0207297.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped

C:\System Volume Information\_restore{B21FA445-4C78-430B-8FF6-5DD15530F530}\RP789\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\NOODLE.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2BF341E4-0223-4BD9-BDB1-EDB866F63D87}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\temp\ZLT04706.TMP Object is locked skipped

C:\WINDOWS\temp\ZLT04727.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:26 PM, on 7/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Roberts\Desktop\scanner\scanner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1033&fid=RegXPWizCredOnly
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118530805\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [waol.exe] C:\Program Files\America Online 9.0c\waol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://reciperewards.aavalue.com/RR/Toolbar/rr-toolbar.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6094FFF-E6FF-48FF-AA1B-DE1D451CE2E8}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9906 bytes
 
Hi

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\QooBox\Quarantine

Empty Recycle Bin

Still problems?
 
You must log in or register to reply here.
Back
Top