virtumonde.crack spyware

OriginalMcBlood · May 4, 2009

Open notepad and copy/paste the text in the quotebox below into it:

Code:

Driver::
icyvjrws
cel90xbe

DDS::
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

File::
C:\WINDOWS\TEMP\System.exe
C:\WINDOWS\csauie1.ocx
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B0D69EF.wmf
D:\Documents and Settings\The Family\Application Data\nvsvc1024.dll
D:\Documents and Settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-68161e1c
D:\Documents and Settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-75a95481
D:\Documents and Settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-6f01188c
D:\Documents and Settings\The Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-3450a110.zip
D:\Documents and Settings\The Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-52495110.zip
D:\Documents and Settings\The Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-4fb0852d.zip
K:\My Documents 2\Downloads 2\downloaded stuff originals\Pro Evolution Soccer 2009 crack - [ pes2009.exe ].exe Infected: Trojan.Win32.VB.kki 1
K:\Programs 2\KONAMI\Pro Evolution 2009\cracked exe(s)\Pro Evolution Soccer 2009 crack - [ pes2009.exe ].exe
c:\windows\system32\drivers\icyvjrws.sys

Save this as
CFScript

As instructed I unistalled and deleted programs and files that may compromise the security of the PC.

As mentioned in an earlier post I ran another KOS after this and as K appeared to be clean I disconnected it from the PC. The script above includes an address to a drive which is no longer there and also a file which no longer exists deleted and deleted from recycle bin.

More than happy to reconnect drive if needed or do you wish me to omit these lines of code from the script. Or will it be fine with these lines in. The potential for combo fix to seriously damage the computer scares me and I do not want to make any errors.

Blade81 said:
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

At the minute I have 2 browsers on that machine I.E7 and Google Chrome therefore neither Firefox or opera. Although I plan to switch to firefox when the pc is secure.

I currently have no access to the infected machine so this part of the message may be redundant but I wanted to query before I go and follow your instructions on the infected pc.

Also I though I had the latest versions of Java and Adobe as I update all of this type of software on at least a monthly basis in my maintenance routine virus, spyware scans, defrag and applicable updates. I do it mainly to prevent this type of vunerability but maybe something has gone wrong in the updates!

Will follow instructions when I have access to the machine later today will post when complete but the KOS took approximately 5 hours the first time and 7 hours the second time but should be less if K does not need to be scanned as this held the majority of the files.

Thanks

OriginalMcBlood · May 4, 2009

virus total results

Hello I have done the virus total scan results are attached.
I have also updated Java and Adobe as requested, although adobe reader appeared to be the same version 9.1.
I have also used ATF so ignore question regarding this in previous post.

All I need now is clarification with regards to the cfs script for use with combofix and I will run this, dds and KOS and post.

as always thank you.

Blade81 · May 4, 2009

Hi

You can leave those K: drive related items off the cfscript.

OriginalMcBlood · May 4, 2009

combofix and dds logs

Hi please find logs below and attached will post kos when completed.

ComboFix 09-05-02.4 - The Family 04/05/2009 20:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1991 [GMT 1:00]
Running from: d:\documents and settings\The Family\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\The Family\Desktop\CFScript.txt
AV: ntl Netguard Anti-virus *On-access scanning disabled* (Updated)
FW: ntl Netguard Firewall *disabled*
FILE ::
c:\windows\csauie1.ocx
c:\windows\system32\drivers\icyvjrws.sys
c:\windows\TEMP\System.exe
d:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B0D69EF.wmf
d:\documents and settings\The Family\Application Data\nvsvc1024.dll
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-68161e1c
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-75a95481
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-6f01188c
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-3450a110.zip
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-52495110.zip
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-4fb0852d.zip
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\csauie1.ocx
d:\documents and settings\The Family\Application Data\nvsvc1024.dll
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-68161e1c
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-75a95481
d:\documents and settings\The Family\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-6f01188c
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CEL90XBE
-------\Service_cel90xbe
-------\Service_icyvjrws

((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-04 17:12 . 2009-05-04 17:12 -------- d-----w c:\program files\Common Files\Adobe
2009-05-03 18:43 . 2009-05-03 18:43 -------- d-----w d:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-27 20:27 . 2009-04-27 20:27 -------- d-----w c:\program files\Trend Micro
2009-04-27 20:23 . 2009-04-27 20:23 -------- d-----w c:\program files\ERUNT
2009-04-27 19:37 . 2009-04-27 19:37 -------- d-----w c:\windows\system32\append.dll
2009-04-27 19:37 . 2009-04-27 19:37 -------- d-----w c:\windows\system32\xlib254.dll
2009-04-27 17:32 . 2009-04-27 17:39 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-27 17:32 . 2009-04-27 17:39 -------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-21 18:23 . 2009-04-21 18:23 -------- d-----w d:\documents and settings\The Family\Application Data\DriverCure
2009-04-21 18:23 . 2009-04-21 18:23 -------- d-----w d:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-21 18:23 . 2009-04-22 16:53 -------- d-----w d:\documents and settings\All Users\Application Data\DriverCure
2009-04-21 18:17 . 2009-04-21 18:17 -------- d-sh--w d:\documents and settings\The Family\IECompatCache
2009-04-21 18:07 . 2009-04-21 18:07 -------- d-sh--w d:\documents and settings\The Family\PrivacIE
2009-04-21 18:06 . 2009-04-21 18:06 -------- d-sh--w d:\documents and settings\NetworkService\IETldCache
2009-04-21 18:05 . 2009-04-21 18:05 -------- d-sh--w d:\documents and settings\LocalService\IETldCache
2009-04-21 18:04 . 2009-04-21 18:04 -------- d-sh--w d:\documents and settings\The Family\IETldCache
2009-04-21 18:01 . 2008-04-14 00:11 81920 ----a-w c:\windows\system32\ieencode.dll
2009-04-21 18:01 . 2009-04-21 18:01 -------- d-----w c:\windows\system32\MpEngineStore
2009-04-20 19:58 . 2009-04-20 19:58 -------- d-----w d:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-18 21:32 . 2006-08-23 08:45 57344 ----a-w c:\windows\system32\digest32.dll
2009-04-16 20:38 . 2009-04-16 20:38 -------- d-----w d:\documents and settings\oblivion\Data
2009-04-16 20:38 . 2009-04-16 20:38 -------- d-----w d:\documents and settings\oblivion\lex
2009-04-16 20:38 . 2007-04-04 18:12 7491584 ----a-w d:\documents and settings\oblivion\TESConstructionSet.exe
2009-04-16 20:38 . 2005-02-18 10:23 212992 ----a-w d:\documents and settings\oblivion\ssce5432.dll
2009-04-16 20:38 . 2009-04-16 20:45 -------- d-----w d:\documents and settings\oblivion
2009-04-15 20:52 . 2009-04-15 20:52 -------- d-----w d:\documents and settings\The Family\Application Data\2K Sports
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 19:09 . 2006-10-10 20:56 230 ----a-w c:\windows\freedom.backup.dat
2009-05-04 19:07 . 2004-08-10 16:04 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 18:30 . 2009-03-07 20:41 248 ----a-w c:\windows\Tasks\Setup my PC.job
2009-05-04 18:27 . 2009-03-07 13:38 946 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2687666314-1017323166-2936280733-1006.job
2009-05-04 17:36 . 2006-10-10 07:11 -------- d-----w c:\program files\Java
2009-05-04 17:31 . 2008-12-22 13:41 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-03 19:01 . 2009-04-21 18:23 378 ----a-w c:\windows\Tasks\DriverCure.job
2009-05-03 19:01 . 2009-04-21 18:23 426 ----a-w c:\windows\Tasks\ParetoLogic Update Version2.job
2009-05-02 12:44 . 2006-10-10 20:47 -------- d-----w c:\program files\Common Files\PestPatrol
2009-05-02 12:43 . 2006-10-10 20:47 -------- d-----w c:\program files\Common Files\Command Software
2009-04-25 21:57 . 2009-02-20 01:05 3152 ----a-w d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-21 18:23 . 2009-04-21 18:23 404 ----a-w c:\windows\Tasks\ParetoLogic Registration.job
2009-04-20 19:45 . 2007-09-07 16:37 -------- d-----w c:\program files\EA GAMES
2009-04-16 20:38 . 2006-10-10 07:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 16:16 . 2008-10-08 17:52 34 ----a-w d:\documents and settings\The Family\jagex_runescape_preferences.dat
2009-03-25 11:05 . 2009-03-25 11:05 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-21 12:29 . 2006-10-10 07:11 -------- d-----w c:\program files\Realtek
2009-03-20 21:45 . 2009-03-20 21:45 -------- d-----w c:\program files\Thrustmaster
2009-03-20 21:16 . 2009-01-17 18:05 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 21:15 . 2009-01-17 18:05 -------- d-----w c:\program files\AGEIA Technologies
2009-03-20 20:53 . 2009-03-20 20:53 -------- d-----w c:\program files\DIFX
2009-03-19 16:03 . 2009-03-19 16:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-07 20:41 . 2009-03-07 20:37 95344 ----a-w d:\documents and settings\The Family.049907920267.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-07 20:40 . 2009-03-07 20:40 150 ----a-w d:\documents and settings\The Family.049907920267.000\Local Settings\Application Data\fusioncache.dat
2009-02-20 12:31 . 2006-10-09 23:32 95344 ----a-w d:\documents and settings\The Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-11 23:17 . 2009-02-11 23:17 4304 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-02-09 11:13 . 2004-08-10 15:38 1846784 ----a-w c:\windows\system32\win32k.sys
2006-10-15 15:57 . 2006-10-15 20:00 774144 ----a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-03_19.03.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-05-03 19:02 . 2009-05-03 19:02 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-04 19:08 . 2009-05-04 19:08 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-04 18:14 . 2009-05-04 18:14 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
+ 2009-05-04 19:07 . 2009-05-04 19:07 16384 c:\windows\Temp\Perflib_Perfdata_2e4.dat
+ 2009-05-04 19:07 . 2009-05-04 19:07 16384 c:\windows\Temp\Perflib_Perfdata_2cc.dat
+ 2009-05-04 19:08 . 2009-05-04 19:08 16384 c:\windows\Temp\History\History.IE5\index.dat
- 2009-05-03 19:02 . 2009-05-03 19:02 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-05-04 19:08 . 2009-05-04 19:08 16384 c:\windows\Temp\Cookies\index.dat
- 2009-05-03 19:02 . 2009-05-03 19:02 16384 c:\windows\Temp\Cookies\index.dat
- 2006-10-09 23:24 . 2009-05-03 19:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-10-09 23:24 . 2009-05-04 19:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-09 23:24 . 2009-05-03 19:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-09 23:24 . 2009-05-04 19:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-09 23:24 . 2009-05-03 19:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-10-09 23:24 . 2009-05-04 19:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-18 21:56 . 2006-09-05 14:27 581632 c:\windows\system32\snapapi32.dll
+ 2009-02-18 21:56 . 2006-08-31 15:42 581632 c:\windows\system32\snapapi32.dll
+ 2009-05-04 17:31 . 2009-05-04 17:31 148888 c:\windows\system32\javaws.exe
- 2008-12-22 13:41 . 2008-12-22 13:41 148888 c:\windows\system32\javaws.exe
- 2008-12-22 13:41 . 2008-12-22 13:41 144792 c:\windows\system32\javaw.exe
+ 2009-05-04 17:31 . 2009-05-04 17:31 144792 c:\windows\system32\javaw.exe
- 2008-12-22 13:41 . 2008-12-22 13:41 144792 c:\windows\system32\java.exe
+ 2009-05-04 17:31 . 2009-05-04 17:31 144792 c:\windows\system32\java.exe
+ 2009-05-04 16:44 . 2009-05-04 16:44 544768 c:\windows\ERDNT\AutoBackup\04-05-2009\Users\00000002\UsrClass.dat
+ 2009-05-04 16:44 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\04-05-2009\ERDNT.EXE
+ 2009-05-04 16:44 . 2009-05-04 16:44 11935744 c:\windows\ERDNT\AutoBackup\04-05-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
2005-07-05 14:30 135168 ----a-w c:\program files\ntl\ntl Netguard\FBHR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2009-05-04 17:31 320920 ----a-w c:\program files\Java\jre6\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2009-02-17 16:11 408440 ----a-w c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-05-04 17:31 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-05-04 17:31 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2006-11-08 1040832]
"Google Update"="d:\documents and settings\The Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-07 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Motive SmartBridge"="c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 380928]
"ntl Netguard"="c:\program files\ntl\ntl Netguard\RPS.exe" [2005-07-05 229376]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-18 282624]
"4oD"="c:\program files\Kontiki\KHost.exe" [2006-11-08 1040832]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-08 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-08 185896]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-03 18085888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\The Family\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
broadband medic.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe [2006-10-10 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-12-11 2322432]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2008-12-20 233472]
"UPnPMonitor"= {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll [2008-04-14 239616]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll, digest32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"d:\\Documents and Settings\\The Family\\My Documents\\Downloads\\WoW-enGB-Installer-downloader.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
"4719:TCP"= 4719:TCP:4719
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S2 FWS;Radialpoint Service;c:\program files\ntl\ntl Netguard\fws.exe [2005-07-05 274432]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys [2004-06-04 70888]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-12-28 287232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - N:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0968251a-9bb6-11dd-a0b1-001e2aaf0479}]
\Shell\AutoRun\command - J:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ccdf9fd-fca0-11db-9be0-0017316f265c}]
\Shell\AutoRun\command - l:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2687666314-1017323166-2936280733-1006.job
- d:\documents and settings\The Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-07 13:38]
2009-05-04 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]
.
- - - - ORPHANS REMOVED - - - -
SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-PostBootReminder-{7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
uInternet Connection Wizard,ShellNext = hxxp://www.ntlworld.com/welcome
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MICROS~3\OFFICE11\REFIEBAR.DLL
IE: {{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {{DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} -
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\HP\hpcoretech\comp\hpuiprot.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.shockwave.com/content/chocolatier2/sis/Chocolatier2Web.1.0.0.10.cab
DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 20:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2687666314-1017323166-2936280733-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2687666314-1017323166-2936280733-1006\Software\SecuROM\License information*]
"datasecu"=hex:6a,b8,24,27,32,5c,ae,29,48,f4,7e,8a,3a,ca,02,ad,ed,48,f1,c3,ba,
d8,05,92,a0,0d,49,76,f6,72,92,04,b1,2f,00,af,95,cc,fc,da,e2,00,05,e5,09,95,\
"rkeysecu"=hex:36,4e,91,58,c0,fd,da,b0,58,97,27,be,96,e2,71,a0
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2908)
c:\progra~1\ntl\BROADB~1\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\system32\searchindexer.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\apps\ABOARD\AOSD.EXE
c:\windows\system32\searchprotocolhost.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-05-04 20:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 19:13
ComboFix2.txt 2009-05-03 19:09
Pre-Run: 3,098,062,848 bytes free
Post-Run: 3,089,707,008 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
353 --- E O F --- 2009-04-18 12:54

DDS (Ver_09-03-16.01) - NTFSx86
Run by The Family at 20:21:45.34 on 04/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1973 [GMT 1:00]
AV: ntl Netguard Anti-virus *On-access scanning disabled* (Updated)
FW: ntl Netguard Firewall *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ntl\ntl Netguard\fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\APPS\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\The Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\The Family\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
uInternet Connection Wizard,ShellNext = hxxp://www.ntlworld.com/welcome
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\ntl\ntl netguard\pkR.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZKBho Class: {56071e0d-c61b-11d3-b41c-00e02927a304} - c:\program files\ntl\ntl netguard\FBHR.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SmpcSys] c:\apps\smp\SmpSys.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Google Update] "d:\documents and settings\the family\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\ntl\broadb~1\smartb~1\MotiveSB.exe
mRun: [ntl Netguard] "c:\program files\ntl\ntl netguard\RPS.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\thefam~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.shockwave.com/content/chocolatier2/sis/Chocolatier2Web.1.0.0.10.cab
DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll, digest32.dll
============= SERVICES / DRIVERS ===============
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 FWS;Radialpoint Service;c:\program files\ntl\ntl netguard\fws.exe [2005-7-5 274432]
R3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2004-6-4 70888]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-21 1684736]
=============== Created Last 30 ================
2009-05-03 19:56 161,792 a------- c:\windows\SWREG.exe
2009-05-03 19:56 98,816 a------- c:\windows\sed.exe
2009-05-01 18:15 <DIR> a-dshr-- C:\autorun.inf
2009-04-27 21:27 <DIR> --d----- c:\program files\Trend Micro
2009-04-27 20:37 <DIR> --d----- c:\windows\system32\xlib254.dll
2009-04-27 20:37 <DIR> --d----- c:\windows\system32\append.dll
2009-04-27 18:32 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-27 18:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-25 14:21 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-25 14:21 1,409 a------- c:\windows\QTFont.for
2009-04-21 19:23 <DIR> --d----- d:\docume~1\thefam~1\applic~1\DriverCure
2009-04-21 19:23 <DIR> --d----- d:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-21 19:23 <DIR> --d----- d:\docume~1\alluse~1\applic~1\DriverCure
2009-04-21 19:17 <DIR> --dsh--- d:\documents and settings\the family\IECompatCache
2009-04-21 19:07 <DIR> --dsh--- d:\documents and settings\the family\PrivacIE
2009-04-21 19:04 <DIR> --dsh--- d:\documents and settings\the family\IETldCache
2009-04-21 19:01 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-21 19:01 <DIR> --d----- c:\windows\system32\MpEngineStore
2009-04-18 22:32 57,344 a------- c:\windows\system32\digest32.dll
2009-04-15 21:52 <DIR> --d----- d:\docume~1\thefam~1\applic~1\2K Sports
==================== Find3M ====================
2009-05-04 18:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-06 17:16 34 a------- d:\documents and settings\the family\jagex_runescape_preferences.dat
2009-02-12 00:17 4,304 a------- c:\windows\system32\ealregsnapshot1.reg
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 12:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2007-12-28 16:02 287,232 a------- c:\windows\inf\wg111v3\wg111v3.sys
2007-12-28 15:59 342,528 a------- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 18:53 63,488 a------- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 18:52 32,768 a------- c:\windows\inf\wg111v3\SetDrv.exe
2007-05-10 20:52 6,420 a------- d:\docume~1\thefam~1\applic~1\wklnhst.dat
2006-12-15 12:30 315,392 a------- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 12:30 212,992 a------- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 12:30 98,304 a------- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 12:30 20,480 a------- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 12:30 19,968 a------- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-10-15 16:57 774,144 a------- c:\program files\RngInterstitial.dll
============= FINISH: 20:21:56.75 ===============

OriginalMcBlood · May 4, 2009

KOS log

oh well this is interesting infected objects has increased from 45 when I last ran KOS, after uninstalling and deleting files that compromised security (not posted), to 392 on this scan after it has been treated to a good cleaning.

I hope this is it getting worse before it gets better phase!

Here is the KOS log

Cheers Original McBlood

KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 04, 2009 21:19:49
Records in database: 2130243
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 111104
Threat name: 7
Infected objects: 392
Suspicious objects: 1
Duration of the scan: 02:14:43

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\csauie1.ocx.vir Infected: not-a-virus:AdWare.Win32.Coupons.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\services.exe.vir Infected: Backdoor.Win32.SdBot.jpe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\isyhvxyp.dll.vir Infected: Packed.Win32.Krap.n 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfCuVmm.dll.vir Infected: Trojan-Downloader.Win32.BHO.kml 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mvyerpjt.dll.vir Infected: Packed.Win32.Krap.n 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vrqzew.dll.vir Infected: Packed.Win32.Krap.n 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUlMecY.dll.vir Infected: Trojan-Downloader.Win32.BHO.kml 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wowfx.dll.vir Infected: Trojan.Win32.Agent.alos 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_wowfx_.dll.zip Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP722\A0260522.dll Infected: Trojan.Win32.BHO.hxd 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260542.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260544.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260545.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260546.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260547.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260548.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260549.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260550.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260551.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260552.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260557.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260558.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260559.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260560.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260561.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260563.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260564.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260565.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260566.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260568.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260569.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260570.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260571.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260572.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260573.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260574.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260575.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260576.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260577.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260578.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260579.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260586.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260587.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260588.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260589.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260590.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260591.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260592.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260593.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260594.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260595.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260596.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260597.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260598.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260599.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260600.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260601.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260602.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260603.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260604.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260605.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260606.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260607.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260608.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260609.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260610.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260611.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260612.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260613.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260614.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260615.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260616.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260620.dll Infected: Packed.Win32.Krap.n 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260621.dll Infected: Trojan-Downloader.Win32.BHO.kml 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\A0260622.dll Infected: Packed.Win32.Krap.n 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-10.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-100.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-101.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-102.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-103.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-104.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-105.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-106.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-107.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-108.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-109.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-11.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-110.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-111.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-112.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-113.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-114.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-115.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-116.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-117.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-118.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-119.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-12.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-120.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-121.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-122.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-123.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-124.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-125.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-126.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-127.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-128.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-129.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-13.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-130.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-131.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-132.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-133.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-134.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-14.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-15.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-16.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-17.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-18.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-19.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-2.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-20.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-21.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-22.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-23.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-24.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-25.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-26.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-27.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-28.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-29.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-3.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-30.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-31.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-32.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-33.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-34.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-35.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-36.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-37.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-38.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-39.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-4.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-40.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-41.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-42.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-43.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-44.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-45.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-46.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-47.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-48.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-49.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-5.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-50.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-51.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-52.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-53.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-54.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-55.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-56.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-57.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-58.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-59.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-6.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-60.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-61.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-62.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-63.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-64.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-65.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-66.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-67.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-68.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-69.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-7.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-70.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-71.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-72.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-73.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-74.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-75.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-76.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-77.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-78.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-79.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-8.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-80.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-81.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-82.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-83.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-84.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-85.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-86.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-87.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-88.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-89.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-9.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-90.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-91.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-92.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-93.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-94.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-95.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-96.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-97.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-98.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP723\snapshot\MFEX-99.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP724\A0261972.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP724\A0262023.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP724\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\A0263169.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\A0263178.exe Infected: Backdoor.Win32.SdBot.jpe 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\A0263205.dll Infected: Packed.Win32.Krap.n 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\A0263206.dll Infected: Trojan-Downloader.Win32.BHO.kml 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\A0263207.dll Infected: Packed.Win32.Krap.n 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\A0263208.dll Infected: Packed.Win32.Krap.n 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\A0263209.dll Infected: Trojan-Downloader.Win32.BHO.kml 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\A0263222.dll Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-10.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-100.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-101.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-102.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-103.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-104.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-105.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-106.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-107.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-108.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-109.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-11.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-110.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-111.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-112.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-113.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-114.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-115.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-116.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-117.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-118.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-119.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-12.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-120.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-121.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-122.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-123.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-124.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-125.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-126.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-127.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-128.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-129.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-13.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-130.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-131.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-132.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-133.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-134.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-135.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-136.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-137.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-138.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-139.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-14.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-140.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-141.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-142.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-143.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-144.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-145.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-146.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-147.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-148.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-149.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-15.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-150.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-151.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-152.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-153.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-154.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-155.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-156.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-157.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-158.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-159.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-16.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-160.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-161.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-162.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-163.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-164.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-165.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-166.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-167.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-168.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-169.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-17.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-170.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-171.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-18.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-19.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-2.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-20.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-21.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-22.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-23.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-24.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-25.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-26.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-27.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-28.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-29.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-3.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-30.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-31.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-32.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-33.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-34.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-35.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-36.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-37.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-38.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-39.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-4.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-40.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-41.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-42.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-43.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-44.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-45.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-46.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-47.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-48.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-49.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-5.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-50.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-51.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-52.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-53.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-54.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-55.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-56.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-57.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-58.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-59.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-6.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-60.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-61.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-62.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-63.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-64.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-65.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-66.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-67.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-68.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-69.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-7.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-70.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-71.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-72.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-73.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-74.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-75.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-76.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-77.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-78.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-79.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-8.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-80.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-81.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-82.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-83.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-84.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-85.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-86.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-87.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-88.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-89.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-9.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-90.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-91.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-92.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-93.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-94.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-95.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-96.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-97.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-98.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP725\snapshot\MFEX-99.DAT Infected: Trojan.Win32.Agent.alos 1
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP732\A0264034.ocx Infected: not-a-virus:AdWare.Win32.Coupons.u 1
D:\Documents and Settings\The Family\Local Settings\Application Data\Identities\{D688B133-BB08-44AA-9610-0788232F351C}\Microsoft\Outlook Express\Dylan.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
The selected area was scanned.

Blade81 · May 5, 2009

Hi

Most of those bad findings are in system restore and ComboFix quarantined items.

Go thru email messages in following mail box and delete suspicious looking ones:
D:\Documents and Settings\The Family\Local Settings\Application Data\Identities\{D688B133-BB08-44AA-9610-0788232F351C}\Microsoft\Outlook Express\Dylan.dbx

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file & dds.txt file contents in your next reply. How's the system running?

OriginalMcBlood · May 5, 2009

system performance

The system runs fine. That was never an issue but with 2 gb of ram and a 3 ghz dual core surfing will practically not even register.

As it is in the process of being cleaned at the moment I have not used it with the exception of what you have requested and the cleaning process.

One thing that has resulted from the work so far is that a few days before my first post on this thread on boot up MS DEP kicked in and it would throw up about 5 - 10 DDM proxy messages program shut down ( access protected areas, blah blah). These could just be closed and everything ran fine. They do not appear at all now. I take this as an indication that potentially the most dangerous infection has been irradicated.

These DDM proxy messages were the reason I DLed Spybot and the resulting scan results prompted the post.

I have never had a problem with this machine performance wise. The registry could do with a clean out, some missing Dlls for one of the smartbridges but that is to be expected after 3-4 years of use. I could do with updating some of my drivers but I can not find a source that I trust 100% and I am not 100% which drivers are needed, got all the standard ones up to date GPU, sound, peripherals etc but some of the more less obvious I am sure need updating.

I have a realtime CPU and RAM usage indicator in my task bar at all times and I have not seen any increase in the usage of either over the last few days/ weeks.

The Pc as I said seemed to be 100% clean until the DEP kicked in. This now just makes me wonder how long stuff has been hiding in here. As I said I like to keep this pc in shape and it is scanned (defrag, software update etc..) at a minimum monthly but more often weekly if not more with my anti virus/spyware.

I will follow instructions and post results when I have access to the infected machine later today.

cheers.

OriginalMcBlood · May 5, 2009

malware log and new dds

okay here you go:

logs are too long to post so all attached, too big to attach so zipped and attached
over 1000 infected files found and most of them outwith quarantine.

Blade81 · May 5, 2009

Hi again,

This topic may give you some idea what reason might had led to the infection.

Uninstall Macromedia Flash Player 8 and get the latest one here.

Any symptoms left?

OriginalMcBlood · May 5, 2009

bad news

unfortunately yes.
started a second malware bytes scan after posting scans. It finished about 10 mins ago and 2 infected files showed up one was snapapi.dll and I can not remeber the other I did not delete I just exited out of malware bytes because I did not want to clear anything with out your okay incase it messed up the cleaning process.

Should I run malware bytes again keep the log and just delete and check with another scan?

thanks.

Blade81 · May 6, 2009

Hi

Yes, run scan again and let it quarantine all findings. Post back the report & a fresh dds.txt log.

OriginalMcBlood · May 6, 2009

Hope this is my final post

Slightly different from your instructions ran a scan quarantined and deleted before you posted sorry.
Anyway here are the logs:

Malwarebytes' Anti-Malware 1.36
Database version: 2078
Windows 5.1.2600 Service Pack 3
05/05/2009 23:54:04
mbam-log-2009-05-05 (23-54-04).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 222831
Time elapsed: 1 hour(s), 16 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: snapapi32.dll -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\snapapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Blade81 · May 7, 2009

Looks better again. How's the system performing?

OriginalMcBlood · May 7, 2009

Good news finally

I spent approximately 10 hours yesterday running alternate spybot, MBAM scan cycles and each app would find between 1 and 6 infected items, files or other. Most commonly these were registry items. It was different infection types each time, video egg and win32 being the most common. The apps would then state that the infections were successfully quarantined and deleted only for more to show up on the next scan.

On about the 4th cycle spybot turned up clean, hooray but then on the MBAM part of the cycle infections were found, quarantined and deleted. So I carried on cycling the scans. Spybot round 5, clean, okay good so far; MBAM round 5 clean.

Hooray!:2thumb:

I'll run another cycle of both scans later today but it is looking good. I have updated everything. I will install secunia PSI and file hippo, switch to firefox as a browser and lock it down tight and double check the info from your last post for the best ways to avoid this again and software to use etc Everything should be plain sailing from here.

Thanks alot for all your help on this I know this has been a particulary long one. It really is appreciated.Feel free to have warm happy feeling inside and a sense of true philanthrophy.

So in the words of Douglas Adams "so long and thanks for all the fish"

OriginalMcBlood.

Blade81 · May 7, 2009

You're welcome

Before I give you all clean with final instructions (uninstalling ComboFix etc) I want to see if anything bad still shows up. Please let me know in a few days how the things are and post a fresh dds.txt log then.

OriginalMcBlood · May 10, 2009

Hmm interesting

Hello,
unfortunately I'm back again. I have gone back to using the pc as normal. I have ran a number of scans over the last few days and the results are interesting.

They seem to have an almost random nature sometimes they turn up blank (clean) but most often they have about 2 signs of infection always reported as successfully deleted. These 2 are normally different every time most commonly Trojan agents "videoegg" and "snapapi.dll" they will have an entry in the system32 folder and a registry entry.

Yesterday I had a little consistency in that 2 successive scans turned up with the same findings; Snapapi entries.

Included is the mbam log from yesterday and DDS scans from earlier today.

Thanks.

Malwarebytes' Anti-Malware 1.36
Database version: 2101
Windows 5.1.2600 Service Pack 3

09/05/2009 22:26:53
mbam-log-2009-05-09 (22-26-53).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Objects scanned: 360260
Time elapsed: 1 hour(s), 53 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: snapapi32.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\snapapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

DDS (Ver_09-03-16.01) - NTFSx86
Run by The Family at 15:07:29.04 on 10/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1819 [GMT 1:00]

AV: ntl Netguard Anti-virus *On-access scanning enabled* (Updated)
FW: ntl Netguard Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ntl\ntl Netguard\fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\The Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Documents and Settings\The Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
uInternet Connection Wizard,ShellNext = hxxp://www.ntlworld.com/welcome
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\ntl\ntl netguard\pkR.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZKBho Class: {56071e0d-c61b-11d3-b41c-00e02927a304} - c:\program files\ntl\ntl netguard\FBHR.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {ee16ce5a-a23c-4591-be45-cd87af77b015} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SmpcSys] c:\apps\smp\SmpSys.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Google Update] "d:\documents and settings\the family\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\ntl\broadb~1\smartb~1\MotiveSB.exe
mRun: [ntl Netguard] "c:\program files\ntl\ntl netguard\RPS.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\thefam~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: d:\docume~1\thefam~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.shockwave.com/content/chocolatier2/sis/Chocolatier2Web.1.0.0.10.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\thefam~1\applic~1\mozilla\firefox\profiles\1i8880in.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ntlworld.com/
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\documents and settings\the family\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 FWS;Radialpoint Service;c:\program files\ntl\ntl netguard\fws.exe [2005-7-5 274432]
R3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2004-6-4 70888]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-21 1684736]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]

=============== Created Last 30 ================

2009-05-10 14:55 <DIR> --d----- C:\OEMSettings
2009-05-07 21:30 <DIR> --d----- d:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-05-07 21:30 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-05-07 21:30 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-05-07 21:23 <DIR> --d----- c:\windows\NV24243848.TMP
2009-05-07 21:13 <DIR> --d----- d:\docume~1\thefam~1\applic~1\DAEMON Tools Lite
2009-05-07 20:50 <DIR> --d----- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-05-07 20:41 <DIR> --d----- c:\program files\Secunia
2009-05-05 23:59 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-05-05 23:59 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-05-05 23:59 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-05-05 23:59 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-05-05 23:59 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-05-05 23:59 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-05-05 23:59 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-05-05 23:59 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-05 23:59 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-05 23:59 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-05-05 22:35 <DIR> --d----- c:\windows\system32\Adobe
2009-05-05 18:52 <DIR> --d----- d:\docume~1\thefam~1\applic~1\Malwarebytes
2009-05-05 18:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-05 18:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 18:52 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 18:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-03 19:56 161,792 a------- c:\windows\SWREG.exe
2009-05-03 19:56 98,816 a------- c:\windows\sed.exe
2009-05-01 18:15 <DIR> a-dshr-- C:\autorun.inf
2009-04-27 21:27 <DIR> --d----- c:\program files\Trend Micro
2009-04-27 18:32 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-27 18:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-25 14:21 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-25 14:21 1,409 a------- c:\windows\QTFont.for
2009-04-21 19:23 <DIR> --d----- d:\docume~1\thefam~1\applic~1\DriverCure
2009-04-21 19:23 <DIR> --d----- d:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-21 19:23 <DIR> --d----- d:\docume~1\alluse~1\applic~1\DriverCure
2009-04-21 19:17 <DIR> --dsh--- d:\documents and settings\the family\IECompatCache
2009-04-21 19:07 <DIR> --dsh--- d:\documents and settings\the family\PrivacIE
2009-04-21 19:04 <DIR> --dsh--- d:\documents and settings\the family\IETldCache
2009-04-21 19:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-21 19:01 <DIR> --d----- c:\windows\system32\MpEngineStore
2009-04-16 17:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 17:45 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 17:45 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 21:52 <DIR> --d----- d:\docume~1\thefam~1\applic~1\2K Sports

==================== Find3M ====================

2009-05-07 21:13 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-04 18:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-06 17:16 34 a------- d:\documents and settings\the family\jagex_runescape_preferences.dat
2009-03-27 08:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-24 12:03 7,808 a------- c:\windows\system32\drivers\psi_mf.sys
2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 05:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 11:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 11:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 06:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-12 00:17 4,304 a------- c:\windows\system32\ealregsnapshot1.reg
2007-12-28 15:02 287,232 a------- c:\windows\inf\wg111v3\wg111v3.sys
2007-12-28 14:59 342,528 a------- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 17:53 63,488 a------- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 17:52 32,768 a------- c:\windows\inf\wg111v3\SetDrv.exe
2007-05-10 20:52 6,420 a------- d:\docume~1\thefam~1\applic~1\wklnhst.dat
2006-12-15 11:30 315,392 a------- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 11:30 212,992 a------- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 11:30 98,304 a------- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 11:30 20,480 a------- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 11:30 19,968 a------- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-10-15 16:57 774,144 a------- c:\program files\RngInterstitial.dll

============= FINISH: 15:08:08.56 ===============

Blade81 · May 10, 2009

Hi

Uninstall VideoEgg Publisher. DAEMON Tools Toolbar should be uninstalled as well. Have you noticed if those findings appear after using removable drive in the system?

OriginalMcBlood · May 10, 2009

Done although it stated daemon tools toolbar already removed I did not install it.

I also have no idea what video egg was/is and I was not aware it was installed possibly put on by someone else using pc although my kids are meant to be under strict instructions not to download anything before I give it the ok! I do not think that is happening, well earlier file findings prove it.

Having put the usb drive back on makes no difference to the scan results or performance. I have ran scans with it both attached and not, there seems to be no affect on scan or effect to results.

I will start another scan just now and post result with new dds but as I have said it may turn up clean this time only to turn up infected if I ran one immediately after.

Blade81 · May 10, 2009

Hi

You could reboot the system between the scans to see if something in startup brings bad items back.

OriginalMcBlood · May 10, 2009

some consistency

hi,
here are the logs it has now found these infected items on 3 successive scans.

Two other things that may be worth mentioning are:
1) Processes system running on idle before clean were normally 60 or 61 now 59 and that includes MBAM, spybot and Secuna PSI. So I think I have been running with an infested system for quite some time.

2) The latency between commanding a program to run and it beginning has magnified by a factor of about 3 if not more since clean.

Anyway logs:

Malwarebytes' Anti-Malware 1.36
Database version: 2104
Windows 5.1.2600 Service Pack 3

10/05/2009 20:03:23
mbam-log-2009-05-10 (20-03-23).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Objects scanned: 360783
Time elapsed: 2 hour(s), 19 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: snapapi32.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\snapapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

DDS (Ver_09-03-16.01) - NTFSx86
Run by The Family at 20:04:44.50 on 10/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1292 [GMT 1:00]

AV: ntl Netguard Anti-virus *On-access scanning enabled* (Updated)
FW: ntl Netguard Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ntl\ntl Netguard\fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\The Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
D:\DOCUME~1\THEFAM~1\LOCALS~1\Temp\5F.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
D:\Documents and Settings\The Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
uInternet Connection Wizard,ShellNext = hxxp://www.ntlworld.com/welcome
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\ntl\ntl netguard\pkR.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZKBho Class: {56071e0d-c61b-11d3-b41c-00e02927a304} - c:\program files\ntl\ntl netguard\FBHR.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {ee16ce5a-a23c-4591-be45-cd87af77b015} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SmpcSys] c:\apps\smp\SmpSys.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Google Update] "d:\documents and settings\the family\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\ntl\broadb~1\smartb~1\MotiveSB.exe
mRun: [ntl Netguard] "c:\program files\ntl\ntl netguard\RPS.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\thefam~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: d:\docume~1\thefam~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.shockwave.com/content/chocolatier2/sis/Chocolatier2Web.1.0.0.10.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\thefam~1\applic~1\mozilla\firefox\profiles\1i8880in.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ntlworld.com/
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\documents and settings\the family\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox 3.5 beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox 3.5 beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 FWS;Radialpoint Service;c:\program files\ntl\ntl netguard\fws.exe [2005-7-5 274432]
R3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2004-6-4 70888]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-5 38496]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-21 1684736]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]

=============== Created Last 30 ================

2009-05-10 20:03 61,440 a------- c:\windows\system32\drivers\khqv.sys
2009-05-10 14:55 <DIR> --d----- C:\OEMSettings
2009-05-07 21:30 <DIR> --d----- d:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-05-07 21:30 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-05-07 21:30 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-05-07 21:23 <DIR> --d----- c:\windows\NV24243848.TMP
2009-05-07 21:13 <DIR> --d----- d:\docume~1\thefam~1\applic~1\DAEMON Tools Lite
2009-05-07 20:50 <DIR> --d----- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-05-07 20:41 <DIR> --d----- c:\program files\Secunia
2009-05-05 23:59 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-05-05 23:59 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-05-05 23:59 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-05-05 23:59 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-05-05 23:59 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-05-05 23:59 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-05-05 23:59 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-05-05 23:59 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-05 23:59 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-05 23:59 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-05-05 22:35 <DIR> --d----- c:\windows\system32\Adobe
2009-05-05 18:52 <DIR> --d----- d:\docume~1\thefam~1\applic~1\Malwarebytes
2009-05-05 18:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-05 18:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 18:52 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 18:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-03 19:56 161,792 a------- c:\windows\SWREG.exe
2009-05-03 19:56 98,816 a------- c:\windows\sed.exe
2009-05-01 18:15 <DIR> a-dshr-- C:\autorun.inf
2009-04-27 21:27 <DIR> --d----- c:\program files\Trend Micro
2009-04-27 18:32 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-27 18:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-25 14:21 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-25 14:21 1,409 a------- c:\windows\QTFont.for
2009-04-21 19:23 <DIR> --d----- d:\docume~1\thefam~1\applic~1\DriverCure
2009-04-21 19:23 <DIR> --d----- d:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-21 19:23 <DIR> --d----- d:\docume~1\alluse~1\applic~1\DriverCure
2009-04-21 19:17 <DIR> --dsh--- d:\documents and settings\the family\IECompatCache
2009-04-21 19:07 <DIR> --dsh--- d:\documents and settings\the family\PrivacIE
2009-04-21 19:04 <DIR> --dsh--- d:\documents and settings\the family\IETldCache
2009-04-21 19:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-21 19:01 <DIR> --d----- c:\windows\system32\MpEngineStore
2009-04-16 17:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 17:45 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 17:45 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 21:52 <DIR> --d----- d:\docume~1\thefam~1\applic~1\2K Sports

==================== Find3M ====================

2009-05-07 21:13 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-04 18:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-06 17:16 34 a------- d:\documents and settings\the family\jagex_runescape_preferences.dat
2009-03-27 08:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-24 12:03 7,808 a------- c:\windows\system32\drivers\psi_mf.sys
2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 05:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 11:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 11:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 06:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-12 00:17 4,304 a------- c:\windows\system32\ealregsnapshot1.reg
2007-12-28 15:02 287,232 a------- c:\windows\inf\wg111v3\wg111v3.sys
2007-12-28 14:59 342,528 a------- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 17:53 63,488 a------- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 17:52 32,768 a------- c:\windows\inf\wg111v3\SetDrv.exe
2007-05-10 20:52 6,420 a------- d:\docume~1\thefam~1\applic~1\wklnhst.dat
2006-12-15 11:30 315,392 a------- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 11:30 212,992 a------- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 11:30 98,304 a------- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 11:30 20,480 a------- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 11:30 19,968 a------- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-10-15 16:57 774,144 a------- c:\program files\RngInterstitial.dll

============= FINISH: 20:05:23.92 ===============

virtumonde.crack spyware

New member

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member