pahurley

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About pahurley

  • Rank
    Member
  1. Hi, No worries you must be busy and after all it's Christmas. Yes i cleaned out the quarantine folder. Happy New Year
  2. Merry Christmas to you and all the team. You all do a fantastic job. yes i've installed the firewall and it seems to be running well. I've done what you said so far. Thanks again. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mkkxalka ******************* Script file located at: \??\C:\Program Files\gdwmaoby.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\SYSTEM32\BBOFGJUL.INI deleted successfully. File C:\WINDOWS\SYSTEM32\BMQMVKTL.INI deleted successfully. File C:\WINDOWS\SYSTEM32\BRVFDTDT.INI deleted successfully. File C:\WINDOWS\SYSTEM32\CUVDNIGR.INI deleted successfully. File C:\WINDOWS\SYSTEM32\DESDIRQI.INI deleted successfully. File C:\WINDOWS\SYSTEM32\DORBRIPT.INI deleted successfully. File C:\WINDOWS\SYSTEM32\DQFRMGAX.INI deleted successfully. File C:\WINDOWS\SYSTEM32\DSPXHAYF.INI deleted successfully. File C:\WINDOWS\SYSTEM32\EXUDODAL.INI deleted successfully. File C:\WINDOWS\SYSTEM32\FCPELWGT.INI deleted successfully. File C:\WINDOWS\SYSTEM32\FMDOQAMY.INI deleted successfully. File C:\WINDOWS\SYSTEM32\FRBQSWLC.INI deleted successfully. File C:\WINDOWS\SYSTEM32\FUURANFX.INI deleted successfully. File C:\WINDOWS\SYSTEM32\GNWPKTDY.INI deleted successfully. File C:\WINDOWS\SYSTEM32\GVUAHLKW.INI deleted successfully. File C:\WINDOWS\SYSTEM32\GWLAMFCY.INI deleted successfully. File C:\WINDOWS\SYSTEM32\GXCOFAHP.INI deleted successfully. File C:\WINDOWS\SYSTEM32\HXHXIRYI.INI deleted successfully. File C:\WINDOWS\SYSTEM32\ICRJCAFE.INI deleted successfully. File C:\WINDOWS\SYSTEM32\IKDRJIWE.INI deleted successfully. File C:\WINDOWS\SYSTEM32\JBAWKUWM.INI deleted successfully. File C:\WINDOWS\SYSTEM32\JFTFCMGG.INI deleted successfully. File C:\WINDOWS\SYSTEM32\JJILWGIP.INI deleted successfully. File C:\WINDOWS\SYSTEM32\JVAWEMJA.INI deleted successfully. File C:\WINDOWS\SYSTEM32\JXBFSTCU.INI deleted successfully. File C:\WINDOWS\SYSTEM32\KGUUABWB.INI deleted successfully. File C:\WINDOWS\SYSTEM32\KJLRIKGH.INI deleted successfully. File C:\WINDOWS\SYSTEM32\KURNVVKV.INI deleted successfully. File C:\WINDOWS\SYSTEM32\LCVMCDJC.INI deleted successfully. File C:\WINDOWS\SYSTEM32\LNDHUAUM.INI deleted successfully. File C:\WINDOWS\SYSTEM32\LPJAANDU.INI deleted successfully. File C:\WINDOWS\SYSTEM32\LQMSIUFK.INI deleted successfully. File C:\WINDOWS\SYSTEM32\LUSPPAXE.INI deleted successfully. File C:\WINDOWS\SYSTEM32\MPUFDRNQ.INI deleted successfully. File C:\WINDOWS\SYSTEM32\NFTIRJOU.INI deleted successfully. File C:\WINDOWS\SYSTEM32\OPKGMXLT.INI deleted successfully. File C:\WINDOWS\SYSTEM32\OSFJUEHE.INI deleted successfully. File C:\WINDOWS\SYSTEM32\OWQEJGXX.INI deleted successfully. File C:\WINDOWS\SYSTEM32\PGUJRPYI.INI deleted successfully. File C:\WINDOWS\SYSTEM32\QEIDRFHQ.INI deleted successfully. File C:\WINDOWS\SYSTEM32\QOIKAXSI.INI deleted successfully. File C:\WINDOWS\SYSTEM32\QSOXNKTG.INI deleted successfully. File C:\WINDOWS\SYSTEM32\QYONDJTJ.INI deleted successfully. File C:\WINDOWS\SYSTEM32\RLWWVWAR.INI deleted successfully. File C:\WINDOWS\SYSTEM32\SSLONQBH.INI deleted successfully. File C:\WINDOWS\SYSTEM32\STELMBGW.INI deleted successfully. File C:\WINDOWS\SYSTEM32\TNSNXVLV.INI deleted successfully. File C:\WINDOWS\SYSTEM32\VASHLJQI.INI deleted successfully. File C:\WINDOWS\SYSTEM32\VFLYADLS.INI deleted successfully. File C:\WINDOWS\SYSTEM32\VHHSSEEL.INI deleted successfully. File C:\WINDOWS\SYSTEM32\VWQQNCWS.INI deleted successfully. File C:\WINDOWS\SYSTEM32\YCPVTDPI.INI deleted successfully. File C:\WINDOWS\SYSTEM32\YCSXPMRN.INI deleted successfully. File C:\WINDOWS\SYSTEM32\YEHYFHVO.INI deleted successfully. File C:\WINDOWS\SYSTEM32\YSQCYSAG.INI deleted successfully. File C:\WINDOWS\SYSTEM32\CDXDKHHH.INI deleted successfully. File C:\WINDOWS\SYSTEM32\DHWOSMQP.INI deleted successfully. File C:\WINDOWS\SYSTEM32\DTFUWALC.INI deleted successfully. File C:\WINDOWS\SYSTEM32\EIJVMQMX.INI deleted successfully. File C:\WINDOWS\SYSTEM32\HGQMOEJO.INI deleted successfully. File C:\WINDOWS\SYSTEM32\LBRLDWTC.INI deleted successfully. File C:\WINDOWS\SYSTEM32\OFBMUAPB.INI deleted successfully. File C:\WINDOWS\SYSTEM32\OISVLBDA.INI deleted successfully. File C:\WINDOWS\SYSTEM32\TIYKSQSI.INI deleted successfully. File C:\WINDOWS\SYSTEM32\WKGTPEUY.INI deleted successfully. File C:\WINDOWS\SYSTEM32\WPTWQDWV.INI deleted successfully. File C:\WINDOWS\SYSTEM32\XEGKCFNS.INI deleted successfully. File C:\WINDOWS\SYSTEM32\CPHQKXSX.INI deleted successfully. File C:\WINDOWS\SYSTEM32\HCSKLQML.INI deleted successfully. File C:\WINDOWS\SYSTEM32\LJSJVRJA.INI deleted successfully. Completed script processing. ******************* Finished! Terminate.
  3. Hi Sorry about the delay. Thanks for all your help so far. Things are looking good. Another 596 found!!! I can understand Sandybarone's frustrations when you think your doing the right thing and still these pesky viruses get through. Scanning Report Sunday, December 23, 2007 21:05:55 - 01:16:24 Computer name: TIGGER Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ -------------------------------------------------------------------------------- Result: 596 malware found Backdoor.Win32.MSNMaker.an (virus) C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE (Renamed & Submitted) Email-Worm.Win32.Mydoom.l (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE2BD591A (Renamed & Submitted) Exploit.HTML.Mht (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5BA77097.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6A630BAC.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\733C2F93.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74317C85.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\748A6A24.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74C45DE4.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74EF7FB5.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\758F0905.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\75C07ECF.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\76772E06.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\76BB1FBA.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\77066567.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\776526FF.HTM (Renamed) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\78192C3A.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\785075FD.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\78B50B8D.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\78E02D5E.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\791E4B1A.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\796C3AC4.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\79C8525F.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\79E22243.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7A02461F.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7A5135C8.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7A9C7B76.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7AEA6B1F.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7B2C32D8.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7B914868.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7C1A2BD1.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7C893F57.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7CCA070F.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7D1C20B5.HTM (Renamed & Submitted) Exploit.VBS.Phel.a (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\553925F3.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\55CF314D.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\565B3EB3.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\56BD2A47.HTM (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5BC1407A.HTM (Renamed) IM-Worm.Win32.Agent.p (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031382.EXE (Renamed & Submitted) IM-Worm.Win32.Agent.z (virus) C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\GEL.EXE (Renamed & Submitted) C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\OSA.EXE (Renamed & Submitted) Possible Browser Hijack attempt (spyware) System (Disinfected) Trojan-Downloader.JS.Lamdez (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6B9D197D (Renamed & Submitted) Trojan-Downloader.Win32.Adload.a (virus) C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\QUARANTINE\2C345F8F.EXE (Renamed & Submitted) Trojan-Downloader.Win32.ConHook.hl (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031507.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031511.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031515.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031517.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031518.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031519.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031520.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031521.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031523.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031524.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031526.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031527.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031529.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031530.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031532.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031533.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031534.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031537.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031538.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031539.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031541.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031543.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031545.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031546.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031547.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031548.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031549.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031550.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031552.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031555.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031556.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031557.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031558.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031559.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031560.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031563.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031566.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031568.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031569.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031573.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031577.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031578.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031581.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031582.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031583.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031585.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031588.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031589.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031592.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031593.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031598.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031599.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031600.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031602.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031603.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031605.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031607.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031608.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031609.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031610.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031612.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031613.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031615.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031617.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031619.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031620.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031621.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031624.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031625.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031626.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031627.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031631.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031632.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031633.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031635.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031636.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031637.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031638.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031641.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031642.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031643.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031650.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031651.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031653.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031654.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031655.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031656.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031658.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031659.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031661.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031662.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031663.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031664.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031666.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031668.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031669.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031670.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031672.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031674.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031675.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031676.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031677.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031678.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031679.DLL (Renamed & Submitted) Trojan-Downloader.Win32.Donn.aa (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\326B306F.EXE (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\454F15A5.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Harnig.gen (virus) C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\QUARANTINEDF61F4E.EXE (Renamed) Trojan-Downloader.Win32.IstBar.jx (virus) C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\QUARANTINE\183C4EA8.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Small.kf (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6E437194 (Renamed & Submitted) Trojan-Dropper.Win32.Delf.cp (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2B4B1578 (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\75AC10C4.EXE (Renamed & Submitted) Trojan-Dropper.Win32.Small.gx (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINEF633CD9 (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5C946CDA (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5DA05FB3 (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74C44545 (Renamed & Submitted) Trojan.Java.ClassLoader.d (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\36144F09 (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74D81E26 (Renamed & Submitted) Trojan.Java.ClassLoader.h (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINEF39194A (Renamed & Submitted) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2FD377C0 (Renamed & Submitted) Trojan.Java.ClassLoader.i (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2CDE2AEC (Renamed & Submitted) Trojan.Java.ClassLoader.k (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\363E7BC1 (Renamed & Submitted) Trojan.Win32.BHO.om (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033731.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033732.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033733.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033734.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033735.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033736.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033737.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033738.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033739.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033740.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033741.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033742.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033743.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033744.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033745.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033746.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033747.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033748.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033749.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033750.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033751.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033752.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033753.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033754.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033755.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033756.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033757.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033758.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033759.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033760.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033761.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033762.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033763.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033764.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033765.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033766.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033767.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033768.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033769.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033770.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033771.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033772.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033773.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033774.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033775.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033776.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033777.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033778.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033779.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033780.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033781.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033782.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033783.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033784.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033785.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033786.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033787.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033788.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033789.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033790.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033791.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033792.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033793.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033794.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033795.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033796.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033797.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033798.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033799.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033800.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033801.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033802.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033803.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033804.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033805.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033806.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033807.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033808.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033809.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033810.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033811.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033812.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033813.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033814.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033815.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033816.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033817.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033818.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033819.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033820.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033821.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033822.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033823.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033824.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033825.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033826.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033827.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033828.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033829.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033830.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033831.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033832.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033833.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033834.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033835.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033836.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033837.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033838.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033839.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033840.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033841.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033842.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033843.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033844.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033845.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033846.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033847.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033848.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033849.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033850.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033851.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033852.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033853.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033854.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033855.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033856.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033857.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033858.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033859.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033860.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033861.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033862.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033863.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033864.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033865.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033866.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033867.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033868.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033869.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033870.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033871.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033872.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033873.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033874.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033875.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033876.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033877.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033878.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033879.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033880.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033881.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033882.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033883.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033884.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033885.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033886.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033887.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033888.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033889.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033890.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033891.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033892.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033893.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033894.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033895.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033896.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033897.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033898.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033899.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033900.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033901.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033902.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033903.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033904.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033905.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033906.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033907.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033908.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033909.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033910.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033911.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033912.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033913.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033914.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033915.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033916.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033917.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033918.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033919.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033920.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033921.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033922.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033923.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033924.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033925.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033926.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033927.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033928.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033929.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033930.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033931.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033932.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033933.DLL (Renamed & Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031580.DLL (Renamed & Submitted) Trojan.Win32.Harnig.a (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\298A3A88 (Renamed & Submitted) Trojan.Win32.LowZones.dm (virus) C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\QUARANTINE\4B8114AF.EXE (Renamed & Submitted) Trojan.Win32.Qhost.wu (virus) C:\WINDOWS\SYSTEM32\AATCGPIT.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\ARPYUNHR.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\BNPRJLNX.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\CQAHRCMW.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\CROYJOTH.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\ECKXHANN.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\EJWHDMKI.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\FBJWUTES.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\FDOQBSBT.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\GHMFDOQP.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\GLTFBUTA.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\HRWCQQGY.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\IAIGTOIJ.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\IIEKOYJQ.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\JGWROEXQ.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\KEQPHLQA.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\KPEEHUGX.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\KSHVTYHS.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\KUMIYLTQ.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\KUQMTWOR.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\LJFAXWYU.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\LMXRXCCX.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\LWDUQDKI.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\MVJRRCHO.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\NWNQYMSW.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\OIRHJQCM.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\OUJNWWUE.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\QNASKWQE.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\RWPOVLIK.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\SJOACXCM.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\SOJUMJLM.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\SPDAORRC.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\TTAUPIOR.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\TUVYMSCJ.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\URMHTPBY.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\VEHJDTHR.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\WCWEJUYE.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\WTWUNMSR.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\XJORYOVD.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\XPYYQXYU.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\XQEVMJPP.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\XTYWQBRF.EXE (Renamed & Submitted) C:\WINDOWS\SYSTEM32\YYNKCLPJ.EXE (Renamed & Submitted) Trojan.Win32.StartPage.aq (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\67A7411D (Renamed & Submitted) Trojan.Win32.StartPage.ho (virus) C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1A6800B3 (Renamed & Submitted) Vundo.gen38 (virus) C:\WINDOWS\SYSTEM32\BBOFGJUL.INI (Submitted) C:\WINDOWS\SYSTEM32\BMQMVKTL.INI (Submitted) C:\WINDOWS\SYSTEM32\BRVFDTDT.INI C:\WINDOWS\SYSTEM32\CUVDNIGR.INI (Submitted) C:\WINDOWS\SYSTEM32\DESDIRQI.INI (Submitted) C:\WINDOWS\SYSTEM32\DORBRIPT.INI (Submitted) C:\WINDOWS\SYSTEM32\DQFRMGAX.INI (Submitted) C:\WINDOWS\SYSTEM32\DSPXHAYF.INI (Submitted) C:\WINDOWS\SYSTEM32\EXUDODAL.INI (Submitted) C:\WINDOWS\SYSTEM32\FCPELWGT.INI (Submitted) C:\WINDOWS\SYSTEM32\FMDOQAMY.INI (Submitted) C:\WINDOWS\SYSTEM32\FRBQSWLC.INI (Submitted) C:\WINDOWS\SYSTEM32\FUURANFX.INI (Submitted) C:\WINDOWS\SYSTEM32\GNWPKTDY.INI (Submitted) C:\WINDOWS\SYSTEM32\GVUAHLKW.INI (Submitted) C:\WINDOWS\SYSTEM32\GWLAMFCY.INI (Submitted) C:\WINDOWS\SYSTEM32\GXCOFAHP.INI C:\WINDOWS\SYSTEM32\HXHXIRYI.INI (Submitted) C:\WINDOWS\SYSTEM32\ICRJCAFE.INI (Submitted) C:\WINDOWS\SYSTEM32\IKDRJIWE.INI (Submitted) C:\WINDOWS\SYSTEM32\JBAWKUWM.INI (Submitted) C:\WINDOWS\SYSTEM32\JFTFCMGG.INI (Submitted) C:\WINDOWS\SYSTEM32\JJILWGIP.INI (Submitted) C:\WINDOWS\SYSTEM32\JVAWEMJA.INI (Submitted) C:\WINDOWS\SYSTEM32\JXBFSTCU.INI C:\WINDOWS\SYSTEM32\KGUUABWB.INI (Submitted) C:\WINDOWS\SYSTEM32\KJLRIKGH.INI (Submitted) C:\WINDOWS\SYSTEM32\KURNVVKV.INI (Submitted) C:\WINDOWS\SYSTEM32\LCVMCDJC.INI (Submitted) C:\WINDOWS\SYSTEM32\LNDHUAUM.INI (Submitted) C:\WINDOWS\SYSTEM32\LPJAANDU.INI (Submitted) C:\WINDOWS\SYSTEM32\LQMSIUFK.INI (Submitted) C:\WINDOWS\SYSTEM32\LUSPPAXE.INI (Submitted) C:\WINDOWS\SYSTEM32\MPUFDRNQ.INI (Submitted) C:\WINDOWS\SYSTEM32\NFTIRJOU.INI (Submitted) C:\WINDOWS\SYSTEM32\OPKGMXLT.INI (Submitted) C:\WINDOWS\SYSTEM32\OSFJUEHE.INI (Submitted) C:\WINDOWS\SYSTEM32\OWQEJGXX.INI (Submitted) C:\WINDOWS\SYSTEM32\PGUJRPYI.INI (Submitted) C:\WINDOWS\SYSTEM32\QEIDRFHQ.INI (Submitted) C:\WINDOWS\SYSTEM32\QOIKAXSI.INI (Submitted) C:\WINDOWS\SYSTEM32\QSOXNKTG.INI (Submitted) C:\WINDOWS\SYSTEM32\QYONDJTJ.INI (Submitted) C:\WINDOWS\SYSTEM32\RLWWVWAR.INI (Submitted) C:\WINDOWS\SYSTEM32\SSLONQBH.INI (Submitted) C:\WINDOWS\SYSTEM32\STELMBGW.INI (Submitted) C:\WINDOWS\SYSTEM32\TNSNXVLV.INI (Submitted) C:\WINDOWS\SYSTEM32\VASHLJQI.INI (Submitted) C:\WINDOWS\SYSTEM32\VFLYADLS.INI (Submitted) C:\WINDOWS\SYSTEM32\VHHSSEEL.INI (Submitted) C:\WINDOWS\SYSTEM32\VWQQNCWS.INI (Submitted) C:\WINDOWS\SYSTEM32\YCPVTDPI.INI (Submitted) C:\WINDOWS\SYSTEM32\YCSXPMRN.INI (Submitted) C:\WINDOWS\SYSTEM32\YEHYFHVO.INI (Submitted) C:\WINDOWS\SYSTEM32\YSQCYSAG.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031278.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031297.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP559\A0030763.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0030698.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP556\A0030695.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP555\A0030690.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP546\A0030379.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0030296.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0030254.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0028981.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP520\A0028822.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP519\A0028814.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0028601.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0026372.INI (Submitted) Vundo.gen39 (virus) C:\WINDOWS\SYSTEM32\CDXDKHHH.INI (Submitted) C:\WINDOWS\SYSTEM32\DHWOSMQP.INI (Submitted) C:\WINDOWS\SYSTEM32\DTFUWALC.INI (Submitted) C:\WINDOWS\SYSTEM32\EIJVMQMX.INI (Submitted) C:\WINDOWS\SYSTEM32\HGQMOEJO.INI (Submitted) C:\WINDOWS\SYSTEM32\LBRLDWTC.INI (Submitted) C:\WINDOWS\SYSTEM32\OFBMUAPB.INI (Submitted) C:\WINDOWS\SYSTEM32\OISVLBDA.INI (Submitted) C:\WINDOWS\SYSTEM32\TIYKSQSI.INI (Submitted) C:\WINDOWS\SYSTEM32\WKGTPEUY.INI (Submitted) C:\WINDOWS\SYSTEM32\WPTWQDWV.INI (Submitted) C:\WINDOWS\SYSTEM32\XEGKCFNS.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031349.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031369.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0028637.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0028631.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP503\A0028622.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0028454.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP494\A0028359.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP492\A0027358.INI (Submitted) Vundo.gen41 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031667.DLL (Submitted) Vundo.gen45 (virus) C:\WINDOWS\SYSTEM32\CPHQKXSX.INI (Submitted) C:\WINDOWS\SYSTEM32\HCSKLQML.INI (Submitted) C:\WINDOWS\SYSTEM32\LJSJVRJA.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\A0028644.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\A0028641.INI (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP492\A0028342.INI (Submitted) W32/Vundo.AG (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031565.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031611.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031657.DLL (Submitted) W32/Vundo.dam (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031508.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031513.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031514.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031525.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031528.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031531.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031535.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031536.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031540.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031551.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031553.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031554.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031562.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031567.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031572.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031574.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031575.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031576.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031579.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031584.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031586.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031587.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031590.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031591.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031595.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031596.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031597.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031601.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031604.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031606.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031616.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031622.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031623.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031628.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031629.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031630.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031634.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031639.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031640.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031645.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031646.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031647.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031648.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031649.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031660.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031665.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031680.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031689.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031433.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031434.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031435.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031463.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031485.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031486.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031341.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031342.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031222.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031290.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031311.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031312.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0030871.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0030872.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0030873.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030778.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030779.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030780.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030781.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030782.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0030717.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0030718.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030642.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030643.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030644.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030645.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030646.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030647.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP549\A0030576.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0030527.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0030529.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0030530.DLL (Submitted) C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0030531.DLL (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 58398 System: 5560 Not scanned: 8 Actions: Disinfected: 1 Renamed: 415 Deleted: 0 None: 180 Submitted: 589 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{53151994-4BFB-4F91-8211-8BADA696D9D6}.BIN C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSYS.DLL C:\DOCUMENTS AND SETTINGS\PAUL\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\OUTLOOK.PST C:\DOCUMENTS AND SETTINGS\PAUL\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBDAM -------------------------------------------------------------------------------- Options Scanning engines: F-Secure Libra: 2.4.2, 2007-12-20 F-Secure AVP: 7.0.171, 2007-12-23 F-Secure Orion: 1.2.37, 2007-12-21 F-Secure Blacklight: 1.0.64 F-Secure Draco: 1.0.35, 0600-150-72 F-Secure Pegasus: 1.19.0, 2007-11-18 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXSWF Use Advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2006 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  4. Hi, sorry not sure how I managed to get virtumonde. I've followed the precautions and run norton (which i've lost confidence with) and constantly run AdAware and keep the windows firewall on. My teenage daughter is the main user so i'm not sure whether it's something she does. Could you please recommend some sofware. Any further advice would be very welcome. Thanks for all your help so far. Paul ComboFix 07-12-16.4 - Paul 2007-12-20 18:07:25.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT 0:00] Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Paul\Desktop\CFScript.txt * Created a new restore point FILE C:\DOCUME~1\Paul\jip.exe . ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))) . 2007-12-17 10:08 . 2007-12-17 11:32 <DIR> d-------- C:\VundoFix Backups 2007-12-16 16:05 . 2007-12-16 16:05 970,674 ---hs---- C:\WINDOWS\SYSTEM32\fnlmtsax.ini 2007-12-16 10:10 . 2007-12-16 16:00 970,614 ---hs---- C:\WINDOWS\SYSTEM32\tphusbpi.ini 2007-12-16 10:01 . 2007-12-16 10:01 970,494 ---hs---- C:\WINDOWS\SYSTEM32\ohrppcjv.ini 2007-12-16 00:51 . 2007-12-16 00:51 294 ---hs---- C:\WINDOWS\SYSTEM32\jrxxgyiw.ini 2007-12-16 00:43 . 2007-12-16 09:59 414 ---hs---- C:\WINDOWS\SYSTEM32\vbteicli.ini 2007-12-15 23:16 . 2007-12-15 23:16 1,659,877 ---hs---- C:\WINDOWS\SYSTEM32\xtdnljvo.ini 2007-12-15 18:20 . 2007-12-15 23:14 1,659,817 ---hs---- C:\WINDOWS\SYSTEM32\tbbahpku.ini 2007-12-14 14:56 . 2007-12-15 09:37 941,710 ---hs---- C:\WINDOWS\SYSTEM32\ymdcoopt.ini 2007-12-13 22:45 . 2007-12-14 11:00 934,296 ---hs---- C:\WINDOWS\SYSTEM32\hgqmoejo.ini 2007-12-13 18:57 . 2007-12-13 22:39 812,706 ---hs---- C:\WINDOWS\SYSTEM32\gvjdpmrj.ini 2007-12-13 18:45 . 2007-12-13 18:46 830,639 ---hs---- C:\WINDOWS\SYSTEM32\sdteogtm.ini 2007-12-13 09:52 . 2007-12-13 18:44 830,579 ---hs---- C:\WINDOWS\SYSTEM32\gusikrct.ini 2007-12-13 09:43 . 2007-12-13 09:44 859,477 ---hs---- C:\WINDOWS\SYSTEM32\veduvobj.ini 2007-12-12 23:18 . 2007-12-13 09:38 933,424 ---hs---- C:\WINDOWS\SYSTEM32\ycsxpmrn.ini 2007-12-12 19:09 . 2007-12-12 19:09 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-12-12 18:46 . 2007-12-12 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd 2007-12-12 18:45 . 2007-12-12 19:09 <DIR> d-------- C:\Program Files\Logitech 2007-12-12 18:45 . 2007-12-12 19:13 <DIR> d-------- C:\Program Files\Common Files\LogiShrd 2007-12-12 18:45 . 2007-12-12 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2007-12-12 18:33 . 2007-12-12 18:33 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ArcSoft 2007-12-12 09:52 . 2007-12-12 23:10 919,432 ---hs---- C:\WINDOWS\SYSTEM32\lndhuaum.ini 2007-12-12 03:06 . 2007-12-12 03:06 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI 2007-12-11 10:29 . 2007-12-12 09:43 855,757 ---hs---- C:\WINDOWS\SYSTEM32\mgrmdyig.ini 2007-12-10 22:23 . 2007-12-10 22:24 858,582 ---hs---- C:\WINDOWS\SYSTEM32\xskbhidg.ini 2007-12-10 22:08 . 2007-12-10 22:08 833,576 ---hs---- C:\WINDOWS\SYSTEM32\bmgvhqpv.ini 2007-12-07 11:22 . 2007-12-10 22:07 833,516 ---hs---- C:\WINDOWS\SYSTEM32\jhwfxjwh.ini 2007-12-07 11:19 . 2007-12-07 11:19 2,112 --a------ C:\WINDOWS\SYSTEM32\wcwejuye.exe 2007-12-06 11:22 . 2007-12-07 09:47 807,805 ---hs---- C:\WINDOWS\SYSTEM32\dyrqdavw.ini 2007-12-06 11:19 . 2007-12-06 11:19 2,112 --a------ C:\WINDOWS\SYSTEM32\kshvtyhs.exe 2007-12-06 10:55 . 2007-12-06 10:55 807,700 ---hs---- C:\WINDOWS\SYSTEM32\owqejgxx.ini 2007-12-06 10:10 . 2007-12-06 10:50 807,640 ---hs---- C:\WINDOWS\SYSTEM32\gvuahlkw.ini 2007-12-06 10:01 . 2007-12-06 10:01 2,112 --a------ C:\WINDOWS\SYSTEM32\fdoqbsbt.exe 2007-12-06 09:42 . 2007-12-06 09:58 807,658 ---hs---- C:\WINDOWS\SYSTEM32\rtsjkclp.ini 2007-12-06 09:39 . 2007-12-06 09:39 2,112 --a------ C:\WINDOWS\SYSTEM32\ghmfdoqp.exe 2007-12-05 09:51 . 2007-12-06 09:30 806,319 ---hs---- C:\WINDOWS\SYSTEM32\qxciiwhe.ini 2007-12-05 09:39 . 2007-12-05 09:39 2,112 --a------ C:\WINDOWS\SYSTEM32\xpyyqxyu.exe 2007-12-04 20:50 . 2007-12-04 20:50 794,040 ---hs---- C:\WINDOWS\SYSTEM32\piadoavq.ini 2007-12-04 20:35 . 2007-12-04 20:35 2,112 --a------ C:\WINDOWS\SYSTEM32\jgwroexq.exe 2007-12-03 20:33 . 2007-12-04 20:33 793,980 ---hs---- C:\WINDOWS\SYSTEM32\iqkeiqti.ini 2007-12-03 20:32 . 2007-12-03 20:32 2,112 --a------ C:\WINDOWS\SYSTEM32\gltfbuta.exe 2007-12-03 19:19 . 2007-12-03 19:19 2,112 --a------ C:\WINDOWS\SYSTEM32\spdaorrc.exe 2007-12-02 20:04 . 2007-12-03 19:29 793,793 ---hs---- C:\WINDOWS\SYSTEM32\xifkanps.ini 2007-12-02 19:19 . 2007-12-02 19:19 2,112 --a------ C:\WINDOWS\SYSTEM32\mvjrrcho.exe 2007-12-01 19:31 . 2007-12-02 19:32 793,724 ---hs---- C:\WINDOWS\SYSTEM32\cuvdnigr.ini 2007-12-01 19:25 . 2007-12-01 19:25 2,112 --a------ C:\WINDOWS\SYSTEM32\aatcgpit.exe 2007-11-30 19:32 . 2007-12-01 17:36 793,682 ---hs---- C:\WINDOWS\SYSTEM32\dorbript.ini 2007-11-30 19:22 . 2007-11-30 19:22 2,112 --a------ C:\WINDOWS\SYSTEM32\wtwunmsr.exe 2007-11-30 19:12 . 2007-11-30 19:12 2,112 --a------ C:\WINDOWS\SYSTEM32\ejwhdmki.exe 2007-11-30 18:58 . 2007-11-30 18:58 2,112 --a------ C:\WINDOWS\SYSTEM32\bnprjlnx.exe 2007-11-29 19:01 . 2007-11-29 19:01 2,112 --a------ C:\WINDOWS\SYSTEM32\keqphlqa.exe 2007-11-28 20:07 . 2007-11-29 18:55 789,470 ---hs---- C:\WINDOWS\SYSTEM32\wyjljumn.ini 2007-11-28 20:01 . 2007-11-28 20:01 2,112 --a------ C:\WINDOWS\SYSTEM32\xqevmjpp.exe 2007-11-28 17:38 . 2007-11-28 19:49 789,358 ---hs---- C:\WINDOWS\SYSTEM32\ofylnbqt.ini 2007-11-28 17:34 . 2007-11-28 17:34 2,112 --a------ C:\WINDOWS\SYSTEM32\qnaskwqe.exe 2007-11-28 13:42 . 2007-11-28 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-28 13:41 . 2007-11-28 13:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-28 13:39 . 2007-11-28 15:19 783,175 ---hs---- C:\WINDOWS\SYSTEM32\wipmhjge.ini 2007-11-28 13:30 . 2007-11-28 13:30 2,112 --a------ C:\WINDOWS\SYSTEM32\vehjdthr.exe 2007-11-28 11:52 . 2007-11-28 11:52 2,112 --a------ C:\WINDOWS\SYSTEM32\kuqmtwor.exe 2007-11-28 11:46 . 2007-11-28 11:46 783,859 ---hs---- C:\WINDOWS\SYSTEM32\agvhotjk.ini 2007-11-28 11:29 . 2007-11-28 11:44 783,799 ---hs---- C:\WINDOWS\SYSTEM32\llbgfouh.ini 2007-11-28 11:23 . 2007-11-28 11:23 2,112 --a------ C:\WINDOWS\SYSTEM32\urmhtpby.exe 2007-11-28 11:20 . 2007-11-28 11:21 783,679 ---hs---- C:\WINDOWS\SYSTEM32\volabheb.ini 2007-11-28 10:33 . 2007-11-28 11:15 782,235 ---hs---- C:\WINDOWS\SYSTEM32\ifemfoeu.ini 2007-11-28 10:30 . 2007-11-28 10:30 2,112 --a------ C:\WINDOWS\SYSTEM32\oujnwwue.exe 2007-11-27 20:41 . 2007-11-28 10:30 784,504 ---hs---- C:\WINDOWS\SYSTEM32\frjtupop.ini 2007-11-27 20:32 . 2007-11-27 20:32 2,112 --a------ C:\WINDOWS\SYSTEM32\cqahrcmw.exe 2007-11-26 20:35 . 2007-11-27 20:35 784,245 ---hs---- C:\WINDOWS\SYSTEM32\ufxsomsb.ini 2007-11-26 20:35 . 2007-11-26 20:35 2,112 --a------ C:\WINDOWS\SYSTEM32\iaigtoij.exe 2007-11-26 18:16 . 2007-11-26 18:16 780,275 ---hs---- C:\WINDOWS\SYSTEM32\rposderu.ini 2007-11-26 18:10 . 2007-11-26 18:10 2,112 --a------ C:\WINDOWS\SYSTEM32\fbjwutes.exe 2007-11-25 22:00 . 2007-11-25 22:00 294 ---hs---- C:\WINDOWS\SYSTEM32\mldqxvfr.ini 2007-11-25 21:51 . 2007-11-25 21:51 2,112 --a------ C:\WINDOWS\SYSTEM32\lmxrxccx.exe 2007-11-25 21:18 . 2007-11-25 21:19 775,832 ---hs---- C:\WINDOWS\SYSTEM32\gsrpotub.ini 2007-11-25 21:06 . 2007-11-25 21:06 2,112 --a------ C:\WINDOWS\SYSTEM32\sojumjlm.exe 2007-11-25 20:33 . 2007-11-25 20:53 775,919 ---hs---- C:\WINDOWS\SYSTEM32\opkgmxlt.ini 2007-11-25 20:20 . 2007-11-25 20:20 2,112 --a------ C:\WINDOWS\SYSTEM32\nwnqymsw.exe 2007-11-25 20:15 . 2007-11-25 20:15 775,832 ---hs---- C:\WINDOWS\SYSTEM32\bnsgoktc.ini 2007-11-25 18:10 . 2007-11-25 18:10 294 ---hs---- C:\WINDOWS\SYSTEM32\cpogcmnm.ini 2007-11-25 14:17 . 2007-11-25 17:58 775,928 ---hs---- C:\WINDOWS\SYSTEM32\mpufdrnq.ini 2007-11-25 14:08 . 2007-11-25 14:08 2,112 --a------ C:\WINDOWS\SYSTEM32\eckxhann.exe 2007-11-24 19:07 . 2007-11-25 14:05 776,004 ---hs---- C:\WINDOWS\SYSTEM32\koposjku.ini 2007-11-24 19:04 . 2007-11-24 19:04 2,112 --a------ C:\WINDOWS\SYSTEM32\yynkclpj.exe 2007-11-23 19:08 . 2007-11-24 15:56 775,868 ---hs---- C:\WINDOWS\SYSTEM32\frbqswlc.ini 2007-11-23 18:58 . 2007-11-23 18:58 2,112 --a------ C:\WINDOWS\SYSTEM32\sjoacxcm.exe 2007-11-23 17:34 . 2007-11-23 17:34 2,112 --a------ C:\WINDOWS\SYSTEM32\rwpovlik.exe 2007-11-23 15:48 . 2007-11-23 15:48 773,857 ---hs---- C:\WINDOWS\SYSTEM32\lqmsiufk.ini 2007-11-23 15:46 . 2007-11-23 15:46 2,112 --a------ C:\WINDOWS\SYSTEM32\ljfaxwyu.exe 2007-11-23 15:18 . 2007-11-23 15:18 773,009 ---hs---- C:\WINDOWS\SYSTEM32\tnsnxvlv.ini 2007-11-23 15:05 . 2007-11-23 15:05 2,112 --a------ C:\WINDOWS\SYSTEM32\hrwcqqgy.exe 2007-11-23 14:47 . 2007-11-23 14:47 773,009 ---hs---- C:\WINDOWS\SYSTEM32\gwlamfcy.ini 2007-11-22 21:36 . 2007-11-22 21:36 2,112 --a------ C:\WINDOWS\SYSTEM32\oirhjqcm.exe 2007-11-22 20:13 . 2007-11-22 20:13 738,217 ---hs---- C:\WINDOWS\SYSTEM32\qtqbsewh.ini 2007-11-22 20:07 . 2007-11-22 20:07 2,112 --a------ C:\WINDOWS\SYSTEM32\xjoryovd.exe 2007-11-21 20:07 . 2007-11-22 20:08 802,345 ---hs---- C:\WINDOWS\SYSTEM32\xqmayftb.ini 2007-11-21 20:05 . 2007-11-21 20:05 2,112 --a------ C:\WINDOWS\SYSTEM32\arpyunhr.exe 2007-11-21 19:25 . 2007-11-21 19:25 714,761 ---hs---- C:\WINDOWS\SYSTEM32\yrjrgtmw.ini 2007-11-21 19:07 . 2007-11-27 20:43 230,432 --a------ C:\PA207.DAT 2007-11-21 19:05 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 18:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-20 15:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-12 19:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-12 18:40 --------- d-----w C:\Program Files\Yahoo! Games 2007-12-12 09:50 --------- d-----w C:\Program Files\AOL 8.0 2007-12-11 17:08 --------- d-----w C:\Program Files\EA GAMES 2007-11-28 13:43 --------- d-----w C:\Program Files\Lavasoft 2007-11-28 13:43 --------- d-----w C:\Documents and Settings\Paul\Application Data\Lavasoft 2007-11-21 16:33 --------- d-----w C:\Program Files\Java 2007-11-15 10:43 43,520 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll 2007-10-29 15:01 --------- d-----w C:\Program Files\MetaTrader 4 2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll 2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll 2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll 2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll 2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll 2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll 2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll 2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll 2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll 2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll 2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll 2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll 2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll 2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll 2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll 2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll 2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll 2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll 2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll 2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll 2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll 2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll 2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll 2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll 2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll 2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe 2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll 2006-07-29 20:08 32,288 ----a-w C:\Documents and Settings\Paul\Application Data\GDIPFONTCACHEV1.DAT 2006-01-11 18:39 31,208 ----a-w C:\Documents and Settings\Sophie\Application Data\GDIPFONTCACHEV1.DAT 2005-10-21 15:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((( [email protected]_15.26.24.25 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-20 09:19:43 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT + 2007-12-20 18:04:29 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT - 2007-12-20 09:19:43 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT + 2007-12-20 18:04:30 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C194241C-8BE2-43CF-9F5A-2436E866FD79}] C:\WINDOWS\system32\vtsqo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0d8436-386c-4210-b549-4d4a35f0f85f}] C:\WINDOWS\system32\bgmoirsp.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56] "STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 12:25] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-17 15:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2007-11-20 20:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 10:27] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-12-03 21:01] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 11:12] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-27 20:02] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 10:05] "AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 11:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-15 23:18] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 23:07] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-26 15:42] "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 19:09:23] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] . Contents of the 'Scheduled Tasks' folder "2007-12-14 22:10:04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Paul.job" - C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exeh/task: "2007-12-20 00:32:06 C:\WINDOWS\Tasks\Symantec Drmc.job" - C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 18:12:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 18:14:01 C:\ComboFix-quarantined-files.txt ... 2007-08-26 14:07 C:\ComboFix2.txt ... 2007-12-20 15:27 C:\ComboFix3.txt ... 2007-08-26 14:07 . 2007-12-12 03:06:58 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:16:24, on 20/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Password Manager\AcctMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C194241C-8BE2-43CF-9F5A-2436E866FD79} - C:\WINDOWS\system32\vtsqo.dll (file missing) O2 - BHO: {f58f0f53-a4d4-945b-0124-c6836348d0ec} - {ce0d8436-386c-4210-b549-4d4a35f0f85f} - C:\WINDOWS\system32\bgmoirsp.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147116639140 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 15947 bytes
  5. Hi, sorry combofix.exe took 3 days!!! Process LVPrcsrv.exe was taking 99% of the cpu. I eventually stopped the process and it flew through the rest of combo fix. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:41, on 2007-12-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Password Manager\AcctMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C194241C-8BE2-43CF-9F5A-2436E866FD79} - C:\WINDOWS\system32\vtsqo.dll (file missing) O2 - BHO: {f58f0f53-a4d4-945b-0124-c6836348d0ec} - {ce0d8436-386c-4210-b549-4d4a35f0f85f} - C:\WINDOWS\system32\bgmoirsp.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147116639140 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer = 212.139.132.20 212.139.132.5 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 16323 bytes ComboFix 07-08-26.3 - "Paul" 2007-08-26 14:49:06.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.171 [GMT 1:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\Cache0880D1.bin C:\Program Files\MyWebSearch\bar\Cache0883A0.bin C:\Program Files\MyWebSearch\bar\Cache0884E8.bin C:\Program Files\MyWebSearch\bar\Cache088601.bin C:\Program Files\MyWebSearch\bar\Cache08873A.bin C:\Program Files\MyWebSearch\bar\Cache3E3EC3C.bin C:\Program Files\MyWebSearch\bar\Cache3E3EFA7.bin C:\Program Files\MyWebSearch\bar\Cache3E3F12E.bin C:\Program Files\MyWebSearch\bar\Cache\1121FF00.bin C:\Program Files\MyWebSearch\bar\Cache\112200E5.bin C:\Program Files\MyWebSearch\bar\Cache\1125C02F.bin C:\Program Files\MyWebSearch\bar\Cache\1125C242.bin C:\Program Files\MyWebSearch\bar\Cache\11290E21.bin C:\Program Files\MyWebSearch\bar\Cache\11419406.bin C:\Program Files\MyWebSearch\bar\Cache\17819F98.bin C:\Program Files\MyWebSearch\bar\Cache\1DCD52EF.bin C:\Program Files\MyWebSearch\bar\Cache\2890649A C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search C:\Program Files\MyWebSearch\bar\MSNBackgrounds\1B4F1D67.jpeg C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak C:\Program Files\MyWebSearch\bar\Settings\settings.htm C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL C:\WINDOWS\system32\datghpto.dll C:\WINDOWS\system32\dlxkamwk.dll C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\fdxpojdb.dll C:\WINDOWS\system32\hdikmnar.dll C:\WINDOWS\system32\injbwcbj.dll C:\WINDOWS\system32\iyxiqkvs.dll C:\WINDOWS\SYSTEM32\jmllm.bak1 C:\WINDOWS\SYSTEM32\jmllm.bak2 C:\WINDOWS\SYSTEM32\jmllm.ini C:\WINDOWS\SYSTEM32\jmllm.ini2 C:\WINDOWS\SYSTEM32\jmllm.tmp C:\WINDOWS\system32\mllmj.dll C:\WINDOWS\system32\mrkxgsvf.dll C:\WINDOWS\system32\pgyancjg.dll C:\WINDOWS\system32\piqteadb\svchost.exe C:\WINDOWS\system32\pqkbfyuj.dll C:\WINDOWS\system32\qhuqvxca.dll C:\WINDOWS\system32\qlogolnu.dll C:\WINDOWS\system32\ssqnnlk.dll C:\WINDOWS\system32\svajhlts.dll C:\WINDOWS\system32\system C:\WINDOWS\system32\system\msxml4.dll C:\WINDOWS\system32\system\msxml4r.dll C:\WINDOWS\system32\uegxrihr.dll C:\WINDOWS\system32\uejgdmnl.dll C:\WINDOWS\system32\vamxfahc.dll C:\WINDOWS\system32\vckyxllf.dll C:\WINDOWS\system32\vojsdcda.dll C:\WINDOWS\system32\vugcrnlp.dll C:\WINDOWS\system32\xofbaddy.dll C:\WINDOWS\system32\yhobkpxw.dll ((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 ))))))))))))))))))))))))))))))) 2007-08-26 14:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-16 07:23 189,952 --a------ C:\DOCUME~1\Paul\jip.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-26 15:04 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-22 10:28 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 09:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 08:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2005-10-21 16:03 774144 --a------ C:\Program Files\RngInterstitial.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-12-03 22:01] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 12:12] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-27 21:02] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05] "AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 12:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-16 00:18] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 03:02] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 00:07] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 13:25] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-17 16:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Windows Recylinder Check"=uajnogrwyd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] C:\DOCUME~1\Adrian\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] C:\DOCUME~1\Paul\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] C:\DOCUME~1\Sophie\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys S3 gUSBSTOi;gUSBSTOi;\??\C:\DOCUME~1\Paul\LOCALS~1\Temp\gUSBSTOi.sys Contents of the 'Scheduled Tasks' folder 2007-08-24 19:58:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Paul.job - C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe 2007-08-25 23:00:01 C:\WINDOWS\Tasks\Symantec Drmc.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-26 15:02:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-26 15:07:49 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-26 15:07 --- E O F --- VundoFix V6.7.7 Checking Java version... Scan started at 10:08:51 17/12/2007 Listing files found while scanning.... C:\windows\SYSTEM32\__c001304F.dat C:\windows\SYSTEM32\__c001443A.dat C:\windows\SYSTEM32\__c001B5B4.dat C:\windows\SYSTEM32\__c001D838.dat C:\windows\SYSTEM32\__c002820D.dat C:\windows\SYSTEM32\__c0029A37.dat C:\windows\SYSTEM32\__c002A6D3.dat C:\windows\SYSTEM32\__c002C444.dat C:\windows\SYSTEM32\__c0030070.dat C:\windows\SYSTEM32\__c003500A.dat C:\windows\SYSTEM32\__c0042984.dat C:\windows\SYSTEM32\__c0047595.dat C:\windows\SYSTEM32\__c004F339.dat C:\windows\SYSTEM32\__c00530DF.dat C:\windows\SYSTEM32\__c0059152.dat C:\windows\SYSTEM32\__c005B55E.dat C:\windows\SYSTEM32\__c005D0A1.dat C:\windows\SYSTEM32\__c005D11.dat C:\windows\SYSTEM32\__c005D544.dat C:\windows\SYSTEM32\__c005FEAE.dat C:\windows\SYSTEM32\__c00671F7.dat C:\windows\SYSTEM32\__c006A54C.dat C:\windows\SYSTEM32\__c006CAA6.dat C:\windows\SYSTEM32\__c006DA8.dat C:\windows\SYSTEM32\__c0070A4.dat C:\windows\SYSTEM32\__c0070DD9.dat C:\windows\SYSTEM32\__c0079D35.dat C:\windows\SYSTEM32\__c007CAB9.dat C:\windows\SYSTEM32\__c00823E4.dat C:\windows\SYSTEM32\__c008D50D.dat C:\windows\SYSTEM32\__c0093DE9.dat C:\windows\SYSTEM32\__c0097FF1.dat C:\windows\SYSTEM32\__c00984A3.dat C:\windows\SYSTEM32\__c00A502C.dat C:\windows\SYSTEM32\__c00A64A4.dat C:\windows\SYSTEM32\__c00A7F8.dat C:\windows\SYSTEM32\__c00A8CE9.dat C:\windows\SYSTEM32\__c00AF38A.dat C:\windows\SYSTEM32\__c00B801C.dat C:\windows\SYSTEM32\__c00B802D.dat C:\windows\SYSTEM32\__c00BD74E.dat C:\windows\SYSTEM32\__c00C7A44.dat C:\windows\SYSTEM32\__c00CA30F.dat C:\windows\SYSTEM32\__c00CEA40.dat C:\windows\SYSTEM32\__c00CFC01.dat C:\windows\SYSTEM32\__c00D0229.dat C:\windows\SYSTEM32\__c00D1F91.dat C:\windows\SYSTEM32\__c00D36E9.dat C:\windows\SYSTEM32\__c00E072A.dat C:\windows\SYSTEM32\__c00E1CE.dat C:\windows\SYSTEM32\__c00EAB55.dat C:\windows\SYSTEM32\__c00F0934.dat C:\windows\SYSTEM32\__c00F2410.dat C:\windows\SYSTEM32\__c00FA774.dat C:\windows\SYSTEM32\__c00FBE19.dat C:\windows\SYSTEM32\abmuugay.dll C:\WINDOWS\SYSTEM32\aerfwala.dll C:\WINDOWS\SYSTEM32\aifmjdbv.dll C:\WINDOWS\SYSTEM32\akjgluer.dll C:\windows\SYSTEM32\aksmgnng.dll C:\WINDOWS\SYSTEM32\alawfrea.ini C:\WINDOWS\SYSTEM32\allavbiv.dll C:\WINDOWS\SYSTEM32\almfqcvy.dll C:\windows\SYSTEM32\apidebta.dll C:\WINDOWS\SYSTEM32\apvqtuyc.ini C:\windows\SYSTEM32\axbgmxux.dll C:\windows\SYSTEM32\aybswoti.dll C:\windows\SYSTEM32\aysdsadh.dll C:\windows\SYSTEM32\basnifkq.dll C:\windows\SYSTEM32\bbcswdnq.dll C:\WINDOWS\SYSTEM32\bgmoirsp.dll C:\windows\SYSTEM32\boylnibl.dll C:\windows\SYSTEM32\bsslgauw.dll C:\WINDOWS\SYSTEM32\bybwesdq.dll C:\windows\SYSTEM32\cbtytxsp.dll C:\windows\SYSTEM32\cigdvuef.dll C:\WINDOWS\SYSTEM32\cjerovcr.dll C:\windows\SYSTEM32\cmqlskdt.dll C:\windows\SYSTEM32\cnjmtxnp.dll C:\WINDOWS\SYSTEM32\crnohmkj.dll C:\windows\SYSTEM32\cvwsdtxv.dll C:\windows\SYSTEM32\cwlxgqbl.dll C:\windows\SYSTEM32\cxiqfvoh.dll C:\WINDOWS\SYSTEM32\cyutqvpa.dll C:\WINDOWS\SYSTEM32\damdrqol.dll C:\windows\SYSTEM32\debpgduq.dll C:\windows\SYSTEM32\dijbgrva.dll C:\windows\SYSTEM32\dikwxkes.dll C:\WINDOWS\SYSTEM32\dixeprcm.dll C:\windows\SYSTEM32\dntsbmdp.dll C:\WINDOWS\SYSTEM32\dnxpfxim.dll C:\windows\SYSTEM32\dprvjspn.dll C:\WINDOWS\SYSTEM32\dsridcue.dll C:\windows\SYSTEM32\dtvusvij.dll C:\windows\SYSTEM32\dwvtdjmh.dll C:\windows\SYSTEM32\dwwgeikh.dll C:\windows\SYSTEM32\dxiaggxk.dll C:\windows\SYSTEM32\dxjwekxk.dll C:\windows\SYSTEM32\dymhjuky.dll C:\WINDOWS\SYSTEM32\dyyvkoxy.dll C:\windows\SYSTEM32\eebtmkhc.dll C:\WINDOWS\SYSTEM32\efimjnms.dll C:\WINDOWS\SYSTEM32\egjhmpiw.dll C:\windows\SYSTEM32\egotqenr.dll C:\windows\SYSTEM32\egrxpflf.dll C:\windows\SYSTEM32\ejqxlldx.dll C:\windows\SYSTEM32\elaargvu.dll C:\windows\SYSTEM32\eliglafh.dll C:\windows\SYSTEM32\epqevqhs.dll C:\WINDOWS\SYSTEM32\ewewtyrs.dll C:\WINDOWS\SYSTEM32\fgvgbthg.dll C:\windows\SYSTEM32\fhqhtjlj.dll C:\WINDOWS\SYSTEM32\fitnkcmm.dll C:\WINDOWS\SYSTEM32\fophlgsq.dll C:\windows\SYSTEM32\goahhgfj.dll C:\WINDOWS\SYSTEM32\gsnhpldb.dll C:\windows\SYSTEM32\gvscjfhc.dll C:\windows\SYSTEM32\gyyhvole.dll C:\WINDOWS\SYSTEM32\hiqfuxxr.dll C:\WINDOWS\SYSTEM32\hochqkuo.dll C:\WINDOWS\SYSTEM32\hyldmlas.dll C:\windows\SYSTEM32\ieeqpqhd.dll C:\WINDOWS\SYSTEM32\iioudcim.dll C:\WINDOWS\SYSTEM32\ioakxlch.dll C:\WINDOWS\SYSTEM32\ipbsuhpt.dll C:\windows\SYSTEM32\iqesubbk.dll C:\windows\SYSTEM32\iuvlvutu.dll C:\WINDOWS\SYSTEM32\iwhapooy.dll C:\WINDOWS\system32\jbgldofw.dll C:\windows\SYSTEM32\jiuhdrgb.dll C:\windows\SYSTEM32\jjjnkmpf.dll C:\windows\SYSTEM32\jnjanffw.dll C:\WINDOWS\SYSTEM32\jojtuxqt.dll C:\windows\SYSTEM32\jpmoucld.dll C:\WINDOWS\SYSTEM32\jpwekfdu.dll C:\WINDOWS\SYSTEM32\jrmpdjvg.dll C:\windows\SYSTEM32\jumefypq.dll C:\WINDOWS\system32\jxnieumh.dll C:\windows\SYSTEM32\kkhmqxbi.dll C:\WINDOWS\SYSTEM32\kopklocv.dll C:\WINDOWS\SYSTEM32\kprmmqop.dll C:\windows\SYSTEM32\kxiyuyhv.dll C:\windows\SYSTEM32\kyyqhbnq.dll C:\WINDOWS\SYSTEM32\ldoykncl.dll C:\WINDOWS\SYSTEM32\leiwlrai.dll C:\WINDOWS\SYSTEM32\lojdxmje.dll C:\WINDOWS\SYSTEM32\lqqchxxm.dll C:\windows\SYSTEM32\luyymksh.dll C:\windows\SYSTEM32\lwehwkjt.dll C:\windows\SYSTEM32\lxigbsba.dll C:\WINDOWS\SYSTEM32\lynsiebq.dll C:\windows\SYSTEM32\ndproinv.dll C:\windows\SYSTEM32\nhhqcqam.dll C:\WINDOWS\SYSTEM32\nhltbyuf.dll C:\windows\SYSTEM32\nlahmdhd.dll C:\WINDOWS\SYSTEM32\nmujljyw.dll C:\windows\SYSTEM32\nnmnbbvi.dll C:\windows\SYSTEM32\ntknhyfx.dll C:\windows\SYSTEM32\nuhrpjrh.dll C:\windows\SYSTEM32\nvxarqmm.dll C:\WINDOWS\SYSTEM32\odwdyjqj.dll C:\windows\SYSTEM32\ogsjgivp.dll C:\windows\SYSTEM32\omumurbm.dll C:\windows\SYSTEM32\oqstv.bak1 C:\windows\SYSTEM32\oqstv.bak2 C:\windows\SYSTEM32\oqstv.ini C:\windows\SYSTEM32\oqstv.ini2 C:\windows\SYSTEM32\oqstv.tmp C:\windows\SYSTEM32\ostlecus.dll C:\WINDOWS\SYSTEM32\ovjlndtx.dll C:\windows\SYSTEM32\owxamslg.dll C:\WINDOWS\SYSTEM32\pgoecwik.dll C:\windows\SYSTEM32\pgvuwluc.dll C:\windows\SYSTEM32\pimcbuct.dll C:\windows\SYSTEM32\pjuphbad.dll C:\WINDOWS\SYSTEM32\plckjstr.dll C:\WINDOWS\SYSTEM32\pocaaumr.dll C:\windows\SYSTEM32\qdmhuxsi.dll C:\windows\SYSTEM32\qdvmbmit.dll C:\windows\SYSTEM32\qgeunjyw.dll C:\windows\SYSTEM32\qonmxerb.dll C:\WINDOWS\SYSTEM32\qphyvytp.dll C:\WINDOWS\SYSTEM32\qtdujxbj.dll C:\WINDOWS\SYSTEM32\qvaodaip.dll C:\windows\SYSTEM32\qvifqigu.dll C:\windows\SYSTEM32\qwejnokn.dll C:\windows\SYSTEM32\rgsyjuwk.dll C:\WINDOWS\SYSTEM32\rlbqdfhv.dll C:\windows\SYSTEM32\ropxyequ.dll C:\windows\SYSTEM32\rxwycwpu.dll C:\windows\SYSTEM32\sfhfjksn.dll C:\windows\SYSTEM32\sjeeyedv.dll C:\WINDOWS\SYSTEM32\smcnkbij.dll C:\WINDOWS\SYSTEM32\spnakfix.dll C:\windows\SYSTEM32\stecumbp.dll C:\windows\SYSTEM32\stxgxhhu.dll C:\windows\SYSTEM32\sxmnmtmi.dll C:\WINDOWS\SYSTEM32\syhldccp.dll C:\WINDOWS\SYSTEM32\tedytayr.dll C:\WINDOWS\SYSTEM32\timgsstx.dll C:\WINDOWS\SYSTEM32\tpgcsgei.dll C:\WINDOWS\SYSTEM32\tqbnlyfo.dll C:\WINDOWS\SYSTEM32\tshvxnkc.dll C:\windows\SYSTEM32\twecgppf.dll C:\windows\SYSTEM32\tyudqxsm.dll C:\WINDOWS\SYSTEM32\ubmjtkhw.dll C:\windows\SYSTEM32\ucgfgbrg.dll C:\windows\SYSTEM32\uggwplxs.dll C:\windows\SYSTEM32\uggyfvec.dll C:\windows\SYSTEM32\uivtrubb.dll C:\WINDOWS\SYSTEM32\uklpdejj.dll C:\windows\SYSTEM32\ulwmvbfu.dll C:\windows\SYSTEM32\unbalgan.dll C:\WINDOWS\SYSTEM32\uredsopr.dll C:\windows\SYSTEM32\vbbnprgk.dll C:\windows\SYSTEM32\vcaiaijf.dll C:\windows\SYSTEM32\vcepfxia.dll C:\windows\SYSTEM32\vdkjctxy.dll C:\WINDOWS\SYSTEM32\vqrhuerg.dll C:\windows\SYSTEM32\vrhelqcr.dll C:\WINDOWS\system32\vtsqo.dll C:\windows\SYSTEM32\wfdxrkiq.dll C:\windows\SYSTEM32\wqrbxpry.dll C:\windows\SYSTEM32\wrhcpwki.dll C:\WINDOWS\SYSTEM32\wrknqpfp.dll C:\windows\SYSTEM32\wtjwbbru.dll C:\WINDOWS\SYSTEM32\xastmlnf.dll C:\WINDOWS\SYSTEM32\xcrsuutw.dll C:\windows\SYSTEM32\xinfteag.dll C:\windows\SYSTEM32\xqxhabxc.dll C:\windows\SYSTEM32\yfghwfyo.dll C:\windows\SYSTEM32\ymjytfry.dll C:\windows\SYSTEM32\ynbtaixl.dll C:\windows\SYSTEM32\yshrdumo.dll Beginning removal... Attempting to delete C:\windows\SYSTEM32\__c001304F.dat C:\windows\SYSTEM32\__c001304F.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c001443A.dat C:\windows\SYSTEM32\__c001443A.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c001B5B4.dat C:\windows\SYSTEM32\__c001B5B4.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c001D838.dat C:\windows\SYSTEM32\__c001D838.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c002820D.dat C:\windows\SYSTEM32\__c002820D.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0029A37.dat C:\windows\SYSTEM32\__c0029A37.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c002A6D3.dat C:\windows\SYSTEM32\__c002A6D3.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c002C444.dat C:\windows\SYSTEM32\__c002C444.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0030070.dat C:\windows\SYSTEM32\__c0030070.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c003500A.dat C:\windows\SYSTEM32\__c003500A.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0042984.dat C:\windows\SYSTEM32\__c0042984.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0047595.dat C:\windows\SYSTEM32\__c0047595.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c004F339.dat C:\windows\SYSTEM32\__c004F339.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00530DF.dat C:\windows\SYSTEM32\__c00530DF.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0059152.dat C:\windows\SYSTEM32\__c0059152.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c005B55E.dat C:\windows\SYSTEM32\__c005B55E.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c005D0A1.dat C:\windows\SYSTEM32\__c005D0A1.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c005D11.dat C:\windows\SYSTEM32\__c005D11.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c005D544.dat C:\windows\SYSTEM32\__c005D544.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c005FEAE.dat C:\windows\SYSTEM32\__c005FEAE.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00671F7.dat C:\windows\SYSTEM32\__c00671F7.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c006A54C.dat C:\windows\SYSTEM32\__c006A54C.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c006CAA6.dat C:\windows\SYSTEM32\__c006CAA6.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c006DA8.dat C:\windows\SYSTEM32\__c006DA8.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0070A4.dat C:\windows\SYSTEM32\__c0070A4.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0070DD9.dat C:\windows\SYSTEM32\__c0070DD9.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0079D35.dat C:\windows\SYSTEM32\__c0079D35.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c007CAB9.dat C:\windows\SYSTEM32\__c007CAB9.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00823E4.dat C:\windows\SYSTEM32\__c00823E4.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c008D50D.dat C:\windows\SYSTEM32\__c008D50D.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0093DE9.dat C:\windows\SYSTEM32\__c0093DE9.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c0097FF1.dat C:\windows\SYSTEM32\__c0097FF1.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00984A3.dat C:\windows\SYSTEM32\__c00984A3.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00A502C.dat C:\windows\SYSTEM32\__c00A502C.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00A64A4.dat C:\windows\SYSTEM32\__c00A64A4.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00A7F8.dat C:\windows\SYSTEM32\__c00A7F8.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00A8CE9.dat C:\windows\SYSTEM32\__c00A8CE9.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00AF38A.dat C:\windows\SYSTEM32\__c00AF38A.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00B801C.dat C:\windows\SYSTEM32\__c00B801C.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00B802D.dat C:\windows\SYSTEM32\__c00B802D.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00BD74E.dat C:\windows\SYSTEM32\__c00BD74E.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00C7A44.dat C:\windows\SYSTEM32\__c00C7A44.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00CA30F.dat C:\windows\SYSTEM32\__c00CA30F.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00CEA40.dat C:\windows\SYSTEM32\__c00CEA40.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00CFC01.dat C:\windows\SYSTEM32\__c00CFC01.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00D0229.dat C:\windows\SYSTEM32\__c00D0229.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00D1F91.dat C:\windows\SYSTEM32\__c00D1F91.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00D36E9.dat C:\windows\SYSTEM32\__c00D36E9.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00E072A.dat C:\windows\SYSTEM32\__c00E072A.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00E1CE.dat C:\windows\SYSTEM32\__c00E1CE.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00EAB55.dat C:\windows\SYSTEM32\__c00EAB55.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00F0934.dat C:\windows\SYSTEM32\__c00F0934.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00F2410.dat C:\windows\SYSTEM32\__c00F2410.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00FA774.dat C:\windows\SYSTEM32\__c00FA774.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\__c00FBE19.dat C:\windows\SYSTEM32\__c00FBE19.dat Has been deleted! Attempting to delete C:\windows\SYSTEM32\abmuugay.dll C:\windows\SYSTEM32\abmuugay.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\aerfwala.dll C:\WINDOWS\SYSTEM32\aerfwala.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\aifmjdbv.dll C:\WINDOWS\SYSTEM32\aifmjdbv.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\akjgluer.dll C:\WINDOWS\SYSTEM32\akjgluer.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\aksmgnng.dll C:\windows\SYSTEM32\aksmgnng.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\alawfrea.ini C:\WINDOWS\SYSTEM32\alawfrea.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\allavbiv.dll C:\WINDOWS\SYSTEM32\allavbiv.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\almfqcvy.dll C:\WINDOWS\SYSTEM32\almfqcvy.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\apidebta.dll C:\windows\SYSTEM32\apidebta.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\apvqtuyc.ini C:\WINDOWS\SYSTEM32\apvqtuyc.ini Has been deleted! Attempting to delete C:\windows\SYSTEM32\axbgmxux.dll C:\windows\SYSTEM32\axbgmxux.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\aybswoti.dll C:\windows\SYSTEM32\aybswoti.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\aysdsadh.dll C:\windows\SYSTEM32\aysdsadh.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\basnifkq.dll C:\windows\SYSTEM32\basnifkq.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\bbcswdnq.dll C:\windows\SYSTEM32\bbcswdnq.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\bgmoirsp.dll C:\WINDOWS\SYSTEM32\bgmoirsp.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\boylnibl.dll C:\windows\SYSTEM32\boylnibl.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\bsslgauw.dll C:\windows\SYSTEM32\bsslgauw.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\bybwesdq.dll C:\WINDOWS\SYSTEM32\bybwesdq.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\cbtytxsp.dll C:\windows\SYSTEM32\cbtytxsp.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\cigdvuef.dll C:\windows\SYSTEM32\cigdvuef.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\cjerovcr.dll C:\WINDOWS\SYSTEM32\cjerovcr.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\cmqlskdt.dll C:\windows\SYSTEM32\cmqlskdt.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\cnjmtxnp.dll C:\windows\SYSTEM32\cnjmtxnp.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\crnohmkj.dll C:\WINDOWS\SYSTEM32\crnohmkj.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\cvwsdtxv.dll C:\windows\SYSTEM32\cvwsdtxv.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\cwlxgqbl.dll C:\windows\SYSTEM32\cwlxgqbl.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\cxiqfvoh.dll C:\windows\SYSTEM32\cxiqfvoh.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\cyutqvpa.dll C:\WINDOWS\SYSTEM32\cyutqvpa.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\damdrqol.dll C:\WINDOWS\SYSTEM32\damdrqol.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\debpgduq.dll C:\windows\SYSTEM32\debpgduq.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dijbgrva.dll C:\windows\SYSTEM32\dijbgrva.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dikwxkes.dll C:\windows\SYSTEM32\dikwxkes.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\dixeprcm.dll C:\WINDOWS\SYSTEM32\dixeprcm.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dntsbmdp.dll C:\windows\SYSTEM32\dntsbmdp.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\dnxpfxim.dll C:\WINDOWS\SYSTEM32\dnxpfxim.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dprvjspn.dll C:\windows\SYSTEM32\dprvjspn.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\dsridcue.dll C:\WINDOWS\SYSTEM32\dsridcue.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dtvusvij.dll C:\windows\SYSTEM32\dtvusvij.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dwvtdjmh.dll C:\windows\SYSTEM32\dwvtdjmh.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dwwgeikh.dll C:\windows\SYSTEM32\dwwgeikh.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dxiaggxk.dll C:\windows\SYSTEM32\dxiaggxk.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dxjwekxk.dll C:\windows\SYSTEM32\dxjwekxk.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\dymhjuky.dll C:\windows\SYSTEM32\dymhjuky.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\dyyvkoxy.dll C:\WINDOWS\SYSTEM32\dyyvkoxy.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\eebtmkhc.dll C:\windows\SYSTEM32\eebtmkhc.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\efimjnms.dll C:\WINDOWS\SYSTEM32\efimjnms.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\egjhmpiw.dll C:\WINDOWS\SYSTEM32\egjhmpiw.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\egotqenr.dll C:\windows\SYSTEM32\egotqenr.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\egrxpflf.dll C:\windows\SYSTEM32\egrxpflf.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ejqxlldx.dll C:\windows\SYSTEM32\ejqxlldx.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\elaargvu.dll C:\windows\SYSTEM32\elaargvu.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\eliglafh.dll C:\windows\SYSTEM32\eliglafh.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\epqevqhs.dll C:\windows\SYSTEM32\epqevqhs.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ewewtyrs.dll C:\WINDOWS\SYSTEM32\ewewtyrs.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\fgvgbthg.dll C:\WINDOWS\SYSTEM32\fgvgbthg.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\fhqhtjlj.dll C:\windows\SYSTEM32\fhqhtjlj.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\fitnkcmm.dll C:\WINDOWS\SYSTEM32\fitnkcmm.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\fophlgsq.dll C:\WINDOWS\SYSTEM32\fophlgsq.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\goahhgfj.dll C:\windows\SYSTEM32\goahhgfj.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\gsnhpldb.dll C:\WINDOWS\SYSTEM32\gsnhpldb.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\gvscjfhc.dll C:\windows\SYSTEM32\gvscjfhc.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\gyyhvole.dll C:\windows\SYSTEM32\gyyhvole.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\hiqfuxxr.dll C:\WINDOWS\SYSTEM32\hiqfuxxr.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\hochqkuo.dll C:\WINDOWS\SYSTEM32\hochqkuo.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\hyldmlas.dll C:\WINDOWS\SYSTEM32\hyldmlas.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ieeqpqhd.dll C:\windows\SYSTEM32\ieeqpqhd.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\iioudcim.dll C:\WINDOWS\SYSTEM32\iioudcim.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ioakxlch.dll C:\WINDOWS\SYSTEM32\ioakxlch.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ipbsuhpt.dll C:\WINDOWS\SYSTEM32\ipbsuhpt.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\iqesubbk.dll C:\windows\SYSTEM32\iqesubbk.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\iuvlvutu.dll C:\windows\SYSTEM32\iuvlvutu.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\iwhapooy.dll C:\WINDOWS\SYSTEM32\iwhapooy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jbgldofw.dll C:\WINDOWS\system32\jbgldofw.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\jiuhdrgb.dll C:\windows\SYSTEM32\jiuhdrgb.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\jjjnkmpf.dll C:\windows\SYSTEM32\jjjnkmpf.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\jnjanffw.dll C:\windows\SYSTEM32\jnjanffw.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\jojtuxqt.dll C:\WINDOWS\SYSTEM32\jojtuxqt.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\jpmoucld.dll C:\windows\SYSTEM32\jpmoucld.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\jpwekfdu.dll C:\WINDOWS\SYSTEM32\jpwekfdu.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\jrmpdjvg.dll C:\WINDOWS\SYSTEM32\jrmpdjvg.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\jumefypq.dll C:\windows\SYSTEM32\jumefypq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jxnieumh.dll C:\WINDOWS\system32\jxnieumh.dll Could not be deleted. Attempting to delete C:\windows\SYSTEM32\kkhmqxbi.dll C:\windows\SYSTEM32\kkhmqxbi.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\kopklocv.dll C:\WINDOWS\SYSTEM32\kopklocv.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\kprmmqop.dll C:\WINDOWS\SYSTEM32\kprmmqop.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\kxiyuyhv.dll C:\windows\SYSTEM32\kxiyuyhv.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\kyyqhbnq.dll C:\windows\SYSTEM32\kyyqhbnq.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ldoykncl.dll C:\WINDOWS\SYSTEM32\ldoykncl.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\leiwlrai.dll C:\WINDOWS\SYSTEM32\leiwlrai.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\lojdxmje.dll C:\WINDOWS\SYSTEM32\lojdxmje.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\lqqchxxm.dll C:\WINDOWS\SYSTEM32\lqqchxxm.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\luyymksh.dll C:\windows\SYSTEM32\luyymksh.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\lwehwkjt.dll C:\windows\SYSTEM32\lwehwkjt.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\lxigbsba.dll C:\windows\SYSTEM32\lxigbsba.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\lynsiebq.dll C:\WINDOWS\SYSTEM32\lynsiebq.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ndproinv.dll C:\windows\SYSTEM32\ndproinv.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\nhhqcqam.dll C:\windows\SYSTEM32\nhhqcqam.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\nhltbyuf.dll C:\WINDOWS\SYSTEM32\nhltbyuf.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\nlahmdhd.dll C:\windows\SYSTEM32\nlahmdhd.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\nmujljyw.dll C:\WINDOWS\SYSTEM32\nmujljyw.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\nnmnbbvi.dll C:\windows\SYSTEM32\nnmnbbvi.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ntknhyfx.dll C:\windows\SYSTEM32\ntknhyfx.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\nuhrpjrh.dll C:\windows\SYSTEM32\nuhrpjrh.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\nvxarqmm.dll C:\windows\SYSTEM32\nvxarqmm.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\odwdyjqj.dll C:\WINDOWS\SYSTEM32\odwdyjqj.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ogsjgivp.dll C:\windows\SYSTEM32\ogsjgivp.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\omumurbm.dll C:\windows\SYSTEM32\omumurbm.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\oqstv.bak1 C:\windows\SYSTEM32\oqstv.bak1 Has been deleted! Attempting to delete C:\windows\SYSTEM32\oqstv.bak2 C:\windows\SYSTEM32\oqstv.bak2 Has been deleted! Attempting to delete C:\windows\SYSTEM32\oqstv.ini C:\windows\SYSTEM32\oqstv.ini Has been deleted! Attempting to delete C:\windows\SYSTEM32\oqstv.ini2 C:\windows\SYSTEM32\oqstv.ini2 Has been deleted! Attempting to delete C:\windows\SYSTEM32\oqstv.tmp C:\windows\SYSTEM32\oqstv.tmp Has been deleted! Attempting to delete C:\windows\SYSTEM32\ostlecus.dll C:\windows\SYSTEM32\ostlecus.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ovjlndtx.dll C:\WINDOWS\SYSTEM32\ovjlndtx.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\owxamslg.dll C:\windows\SYSTEM32\owxamslg.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\pgoecwik.dll C:\WINDOWS\SYSTEM32\pgoecwik.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\pgvuwluc.dll C:\windows\SYSTEM32\pgvuwluc.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\pimcbuct.dll C:\windows\SYSTEM32\pimcbuct.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\pjuphbad.dll C:\windows\SYSTEM32\pjuphbad.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\plckjstr.dll C:\WINDOWS\SYSTEM32\plckjstr.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\pocaaumr.dll C:\WINDOWS\SYSTEM32\pocaaumr.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\qdmhuxsi.dll C:\windows\SYSTEM32\qdmhuxsi.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\qdvmbmit.dll C:\windows\SYSTEM32\qdvmbmit.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\qgeunjyw.dll C:\windows\SYSTEM32\qgeunjyw.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\qonmxerb.dll C:\windows\SYSTEM32\qonmxerb.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\qphyvytp.dll C:\WINDOWS\SYSTEM32\qphyvytp.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\qtdujxbj.dll C:\WINDOWS\SYSTEM32\qtdujxbj.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\qvaodaip.dll C:\WINDOWS\SYSTEM32\qvaodaip.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\qvifqigu.dll C:\windows\SYSTEM32\qvifqigu.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\qwejnokn.dll C:\windows\SYSTEM32\qwejnokn.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\rgsyjuwk.dll C:\windows\SYSTEM32\rgsyjuwk.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\rlbqdfhv.dll C:\WINDOWS\SYSTEM32\rlbqdfhv.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ropxyequ.dll C:\windows\SYSTEM32\ropxyequ.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\rxwycwpu.dll C:\windows\SYSTEM32\rxwycwpu.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\sfhfjksn.dll C:\windows\SYSTEM32\sfhfjksn.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\sjeeyedv.dll C:\windows\SYSTEM32\sjeeyedv.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\smcnkbij.dll C:\WINDOWS\SYSTEM32\smcnkbij.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\spnakfix.dll C:\WINDOWS\SYSTEM32\spnakfix.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\stecumbp.dll C:\windows\SYSTEM32\stecumbp.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\stxgxhhu.dll C:\windows\SYSTEM32\stxgxhhu.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\sxmnmtmi.dll C:\windows\SYSTEM32\sxmnmtmi.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\syhldccp.dll C:\WINDOWS\SYSTEM32\syhldccp.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\tedytayr.dll C:\WINDOWS\SYSTEM32\tedytayr.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\timgsstx.dll C:\WINDOWS\SYSTEM32\timgsstx.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\tpgcsgei.dll C:\WINDOWS\SYSTEM32\tpgcsgei.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\tqbnlyfo.dll C:\WINDOWS\SYSTEM32\tqbnlyfo.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\tshvxnkc.dll C:\WINDOWS\SYSTEM32\tshvxnkc.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\twecgppf.dll C:\windows\SYSTEM32\twecgppf.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\tyudqxsm.dll C:\windows\SYSTEM32\tyudqxsm.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ubmjtkhw.dll C:\WINDOWS\SYSTEM32\ubmjtkhw.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ucgfgbrg.dll C:\windows\SYSTEM32\ucgfgbrg.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\uggwplxs.dll C:\windows\SYSTEM32\uggwplxs.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\uggyfvec.dll C:\windows\SYSTEM32\uggyfvec.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\uivtrubb.dll C:\windows\SYSTEM32\uivtrubb.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\uklpdejj.dll C:\WINDOWS\SYSTEM32\uklpdejj.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ulwmvbfu.dll C:\windows\SYSTEM32\ulwmvbfu.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\unbalgan.dll C:\windows\SYSTEM32\unbalgan.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\uredsopr.dll C:\WINDOWS\SYSTEM32\uredsopr.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\vbbnprgk.dll C:\windows\SYSTEM32\vbbnprgk.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\vcaiaijf.dll C:\windows\SYSTEM32\vcaiaijf.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\vcepfxia.dll C:\windows\SYSTEM32\vcepfxia.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\vdkjctxy.dll C:\windows\SYSTEM32\vdkjctxy.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\vqrhuerg.dll C:\WINDOWS\SYSTEM32\vqrhuerg.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\vrhelqcr.dll C:\windows\SYSTEM32\vrhelqcr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\vtsqo.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\wfdxrkiq.dll C:\windows\SYSTEM32\wfdxrkiq.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\wqrbxpry.dll C:\windows\SYSTEM32\wqrbxpry.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\wrhcpwki.dll C:\windows\SYSTEM32\wrhcpwki.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\wrknqpfp.dll C:\WINDOWS\SYSTEM32\wrknqpfp.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\wtjwbbru.dll C:\windows\SYSTEM32\wtjwbbru.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\xastmlnf.dll C:\WINDOWS\SYSTEM32\xastmlnf.dll Could not be deleted. Attempting to delete C:\WINDOWS\SYSTEM32\xcrsuutw.dll C:\WINDOWS\SYSTEM32\xcrsuutw.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\xinfteag.dll C:\windows\SYSTEM32\xinfteag.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\xqxhabxc.dll C:\windows\SYSTEM32\xqxhabxc.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\yfghwfyo.dll C:\windows\SYSTEM32\yfghwfyo.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ymjytfry.dll C:\windows\SYSTEM32\ymjytfry.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\ynbtaixl.dll C:\windows\SYSTEM32\ynbtaixl.dll Has been deleted! Attempting to delete C:\windows\SYSTEM32\yshrdumo.dll C:\windows\SYSTEM32\yshrdumo.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Scan started at 11:32:24 17/12/2007 Listing files found while scanning.... C:\WINDOWS\SYSTEM32\hmueinxj.ini C:\WINDOWS\SYSTEM32\jxnieumh.dll Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\hmueinxj.ini C:\WINDOWS\SYSTEM32\hmueinxj.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\jxnieumh.dll C:\WINDOWS\SYSTEM32\jxnieumh.dll Has been deleted! Performing Repairs to the registry. Done!
  6. Please can you help? Ad-Aware picks up Virtumonde and seems to ge rid of it but a few hours later and another scan shows it again. I'm sure there are other nasties lurking on my pc, as it freezes regularly or is very slow and other browsers and warnings are constantly popping up. I have cleaned it up a bit and defragged. I would really love to format and start again but I'm not sure I can get it back to how it is. I would be grateful for you advice and assistance. I have run Ad-Aware and not sure which log file you require. The one that has the info "Ad-Aware 20071216 14-39-12.log.xml" wont upload. Many thanks Paul Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:43:20, on 16/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Password Manager\AcctMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Program Files\Hijackthis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\ipbsuhpt.dll",sitypnow O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147116639140 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer = 212.139.132.4 212.139.132.21 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004A2EA.dat O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 15527 bytes AdAware_event.log Ad_Aware_update.log update.log
  7. Hi, Well I've done all that and all seems to be running ok. No IEs have been opening as yet. The only thing was with the Java. I was unsure on where to install it from and in the end I ended up installing JRE 6 Update 2 before I deleted the other version I had. Will this be a problem. Thank you so much for you help. Paul
  8. Hi, Ive done that. Only thing was that a dialogue box came up on reboot as follows"nircmd.cfexe unable to locate component. The application failed to start because connapi.dll was not found. Re-installing the application may fix the problem". Hope I've done it right this time. Thanks for your help. Paul ComboFix 07-08-26.3 - "Paul" 2007-08-26 14:49:06.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.171 [GMT 1:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\Cache0880D1.bin C:\Program Files\MyWebSearch\bar\Cache0883A0.bin C:\Program Files\MyWebSearch\bar\Cache0884E8.bin C:\Program Files\MyWebSearch\bar\Cache088601.bin C:\Program Files\MyWebSearch\bar\Cache08873A.bin C:\Program Files\MyWebSearch\bar\Cache3E3EC3C.bin C:\Program Files\MyWebSearch\bar\Cache3E3EFA7.bin C:\Program Files\MyWebSearch\bar\Cache3E3F12E.bin C:\Program Files\MyWebSearch\bar\Cache\1121FF00.bin C:\Program Files\MyWebSearch\bar\Cache\112200E5.bin C:\Program Files\MyWebSearch\bar\Cache\1125C02F.bin C:\Program Files\MyWebSearch\bar\Cache\1125C242.bin C:\Program Files\MyWebSearch\bar\Cache\11290E21.bin C:\Program Files\MyWebSearch\bar\Cache\11419406.bin C:\Program Files\MyWebSearch\bar\Cache\17819F98.bin C:\Program Files\MyWebSearch\bar\Cache\1DCD52EF.bin C:\Program Files\MyWebSearch\bar\Cache\2890649A C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search C:\Program Files\MyWebSearch\bar\MSNBackgrounds\1B4F1D67.jpeg C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak C:\Program Files\MyWebSearch\bar\Settings\settings.htm C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL C:\WINDOWS\system32\datghpto.dll C:\WINDOWS\system32\dlxkamwk.dll C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\fdxpojdb.dll C:\WINDOWS\system32\hdikmnar.dll C:\WINDOWS\system32\injbwcbj.dll C:\WINDOWS\system32\iyxiqkvs.dll C:\WINDOWS\SYSTEM32\jmllm.bak1 C:\WINDOWS\SYSTEM32\jmllm.bak2 C:\WINDOWS\SYSTEM32\jmllm.ini C:\WINDOWS\SYSTEM32\jmllm.ini2 C:\WINDOWS\SYSTEM32\jmllm.tmp C:\WINDOWS\system32\mllmj.dll C:\WINDOWS\system32\mrkxgsvf.dll C:\WINDOWS\system32\pgyancjg.dll C:\WINDOWS\system32\piqteadb\svchost.exe C:\WINDOWS\system32\pqkbfyuj.dll C:\WINDOWS\system32\qhuqvxca.dll C:\WINDOWS\system32\qlogolnu.dll C:\WINDOWS\system32\ssqnnlk.dll C:\WINDOWS\system32\svajhlts.dll C:\WINDOWS\system32\system C:\WINDOWS\system32\system\msxml4.dll C:\WINDOWS\system32\system\msxml4r.dll C:\WINDOWS\system32\uegxrihr.dll C:\WINDOWS\system32\uejgdmnl.dll C:\WINDOWS\system32\vamxfahc.dll C:\WINDOWS\system32\vckyxllf.dll C:\WINDOWS\system32\vojsdcda.dll C:\WINDOWS\system32\vugcrnlp.dll C:\WINDOWS\system32\xofbaddy.dll C:\WINDOWS\system32\yhobkpxw.dll ((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 ))))))))))))))))))))))))))))))) 2007-08-26 14:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-16 07:23 189,952 --a------ C:\DOCUME~1\Paul\jip.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-26 15:04 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-22 10:28 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 09:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 08:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2005-10-21 16:03 774144 --a------ C:\Program Files\RngInterstitial.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-12-03 22:01] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 12:12] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-27 21:02] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05] "AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 12:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-16 00:18] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 03:02] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 00:07] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 13:25] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-17 16:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Windows Recylinder Check"=uajnogrwyd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] C:\DOCUME~1\Adrian\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] C:\DOCUME~1\Paul\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] C:\DOCUME~1\Sophie\STARTM~1\Programs\Startup\ DESKTOP.INI [2002-09-03 10:00:00] R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys S3 gUSBSTOi;gUSBSTOi;\??\C:\DOCUME~1\Paul\LOCALS~1\Temp\gUSBSTOi.sys Contents of the 'Scheduled Tasks' folder 2007-08-24 19:58:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Paul.job - C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe 2007-08-25 23:00:01 C:\WINDOWS\Tasks\Symantec Drmc.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-26 15:02:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-26 15:07:49 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-26 15:07 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:26:17, on 26/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Password Manager\AcctMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AOL 8.0\aoltray.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\RunServices: [Windows Recylinder Check] uajnogrwyd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147116639140 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer = 62.241.163.200 62.241.162.201 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12538 bytes
  9. Please can you help. I am continually getting new IE windows poping up with all sorts of things including WinAntivirus Pro. The pc also appears to be running slow. When I try to do an Adaware scan it picks up a critical object and the windows bottom bar goes white then goes to a blue screen with fatal system error. I am able to reboot but have to go through the login a couple of times before all is fairly normal. Kind regards Paul hijackthis.log
  10. Thank you very much for all your help you are a gem. I will certainly take your advice.
  11. Thanks. All that seemed to go well. Are we nearly there? Logfile of HijackThis v1.99.1 Scan saved at 18:11:54, on 07/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Password Manager\AcctMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AOL 8.0\aoltray.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer = 62.241.163.200 62.241.162.201 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  12. Hi Calamity Jane. Thank you for all your help and the info. My son picked up the virus from a site called Nearlygood which has a lot of media stuff but he says that he can't remember downloading any Codec. I have my worries about these sites. Well good luck with the reports speak later.
  13. Thanks again. Sorry for starting a new thread - I wasn't sure where you wanted it. Here we go then: 360Share(remove only) Ad-Aware SE Personal Adobe Acrobat 4.0 AOL UK BCM V.92 56K Modem Broadcom Management Programs CC_ccProxyExt ccCommon ccPxyCore DAO Dell Media Experience Dell Picture Studio - Dell Image Expert Dell Solution Center DiamondCS APM Dope Wars 2.2 for Windows Dr SpeedTouch DVDSentry ewido anti-malware Google Earth Google Toolbar for Internet Explorer Hijackthis 1.99.1 HijackThis 1.99.1 hp deskjet 5550 series hp deskjet 5550 series (Remove only) hp print screen utility Intel® Extreme Graphics Driver iPod for Windows 2005-06-26 iPod for Windows 2005-09-23 iTunes Java 2 Runtime Environment, SE v1.4.2 LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Macromedia Flash Player 8 Macromedia Shockwave Player Media-Codec 4.0 Microsoft Data Access Components KB870669 Microsoft Flight Simulator for Windows 95 Microsoft Office XP Professional with FrontPage Microsoft Works 7.0 Modem Helper MSN Messenger 7.5 MSN Toolbar MSRedist MSRedist Norton AntiSpam Norton AntiSpam Norton AntiVirus 2005 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2005 (Symantec Corporation) Norton Password Manager Norton Password Manager (Symantec Corporation) Norton WMI Update Norton WMI Update Norton WMI Update NPM_DRM_COLLECTION Pacific Poker Paint Shop Pro 7 Panda ActiveScan Power Scan PowerDVD QuickTime RealPlayer Basic RollerCoaster Tycoon® 3 Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Sonic DLA Sonic RecordNow! Sonic Update Manager SPBBC SpeedTouch USB Software SuperLetter Quick Letter Writer BFPO Symantec Script Blocking Installer SymNet The Sims 2 Tiscali 10.0 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinZip Yahoo! Companion "Silent Runners.vbs", revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Sonic RecordNow!" = (empty string) "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "STManager" = ""C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b" ["THOMSON"] "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS] "RollerCoasterTycoon2.exe" = "C:\DOWNLO~1\ROLLER~1.EXE /r" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."] "DVDSentry" = "C:\WINDOWS\System32\DSentry.exe" ["Dell - Advanced Desktop Engineering"] "RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."] "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"] "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"] "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "Wssmg" = "C:\Program Files\Tlmnmu\Qyhm.exe" [file not found] "Media Access" = "C:\Program Files\Media Access\MediaAccK.exe" [file not found] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "AcctMgr" = "C:\Program Files\Norton Password Manager\AcctMgr.exe /startup" ["Symantec Corporation"] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "SpywareBot" = "C:\Program Files\SpywareBot\SpywareBot.exe -boot" ["SpywareBot Company"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" ["Sonic Solutions"] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{FBE1DB69-5026-42cf-BE97-D52DDB70DB87}" = "AOL" -> {HKLM...CLSID} = "AOL" \InProcServer32\(Default) = "C:\Program Files\Common Files\aolshare\shell\uk\shellext.dll" ["America Online, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {HKLM...CLSID} = "Ctest Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS] Startup items in "Paul" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\Paul\Start Menu\Programs\Startup "Check For Dope Wars Updates" -> shortcut to: "C:\Program Files\Dopewars\WiseUpdt.exe /C" ["Wise Solutions"] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "AOL 8.0 Tray Icon" -> shortcut to: "C:\Program Files\AOL 8.0\aoltray.exe -check" ["America Online, Inc."] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "MyWebSearch Email Plugin" -> shortcut to: "C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE" [file not found] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer - Paul" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "&Yahoo! Companion" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "MSN" \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll" [file not found] "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" -> {HKLM...CLSID} = "Norton Internet Security" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" [file not found] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Companion" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0" -> {HKLM...CLSID} = "MSN" \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll" [file not found] "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" -> {HKLM...CLSID} = "Norton Internet Security" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" [file not found] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [file not found] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"] iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"] WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt05\Driver = "hpzlnt05.dll" ["HP"] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 55 seconds, including 18 seconds for message boxes)
  14. Thanks very much for your help. It's getting there. My browser appears to be ok at the moment and the virus alert has now gone. Things went much as you said but the ActiveScan has picked up more things. Thanks again. The 4 reports you requested: SmitFraudFix v2.40 Scan done at 12:19:54.75, 07/05/2006 Run from C:\Documents and Settings\Paul\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp????.tmp Deleted C:\WINDOWS\system32\ld????.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» End --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 12:17:07, 07/05/2006 + Report-Checksum: CB08D55 + Scan result: HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Adware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Adware.WinAd : Cleaned with backup HKLM\SOFTWARE\iGlobalMedia -> Adware.AceClubCasino : Cleaned with backup HKLM\SOFTWARE\iGlobalMedia\Installer -> Adware.AceClubCasino : Cleaned with backup HKLM\SOFTWARE\iGlobalMedia\starluckcasino -> Adware.AceClubCasino : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup [728] C:\WINDOWS\system32\reglogs.dll -> Not-A-Virus.Hoax.Win32.Renos.cz : Cleaned with backup C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-7af54974.class -> Trojan.ClassLoader.Dummy.c : Cleaned with backup C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6d12d13a-477b291e.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-487b52a0-52de0d58.zip/BlackBox.class -> Dropper.Beyond.g : Cleaned with backup C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-487b52a0-52de0d58.zip/Beyond.class -> Dropper.Beyond.g : Cleaned with backup C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-22c6c7bd-568ca4ec.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-7ef11768.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\Sophie\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Sophie\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\Sophie\Cookies\[email protected][1].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\Sophie\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Sophie\Local Settings\Temp\clientax.dll -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Sophie\My Documents\School\Year 7\Humanities\zangoinstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup C:\Documents and Settings\Sophie\My Documents\School\Year 7\Humanities\zangoinstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup C:\Downloads\RollerCoasterTycoon\RollerCoasterTycoon2-dm[1].exe -> Adware.Trymedia : Cleaned with backup C:\Downloads\supergrannyam-dm[1].exe -> Adware.Trymedia : Cleaned with backup C:\Program Files\ClockSync -> Adware.WhenU : Cleaned with backup C:\Program Files\Tlmnmu\Qyhm.exe -> Trojan.Small.cy : Cleaned with backup C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.Sahat : Cleaned with backup C:\WINDOWS\SYSTEM32\reglogs.dll -> Not-A-Virus.Hoax.Win32.Renos.cz : Cleaned with backup ::Report End Incident Status Location Potentially unwanted tool:application/mywebsearch Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk Potentially unwanted tool:application/mywebsearch Not disinfected c:\documents and settings\all users\start menu\programs\startup\MyWebSearch Email Plugin.lnk Adware:adware/ncase Not disinfected c:\temp\salmau.dat Adware:adware/cws Not disinfected C:\Documents and Settings\Paul\Favorites\living\Dating.lnk Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.8.inf Adware:adware/emediacodec Not disinfected c:\documents and settings\all users\desktop\Online Security Guide.url Adware:adware/exact.bargainbuddy Not disinfected c:\windows\msxct1.ini Adware:adware/sahagent Not disinfected c:\windows\system32\SahImages Adware:adware/wupd Not disinfected Windows Registry Adware:adware/powerscan Not disinfected Windows Registry Adware:adware/dopewars Not disinfected Windows Registry Adware:adware/dyfuca Not disinfected Windows Registry Adware:adware/ist.istbar Not disinfected Windows Registry Adware:adware/ist.sidefind Not disinfected Windows Registry Virus:VBS/Inor.gen Disinfected C:\clip1.avi.hta Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Adrian\Cookies\[email protected][2].txt Spyware:Cookie/Spyfalcon Not disinfected C:\Documents and Settings\Paul\Cookies\[email protected][1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Paul\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Paul\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe] Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\[email protected][1].txt Logfile of HijackThis v1.99.1 Scan saved at 12:55:59, on 07/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Password Manager\AcctMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AOL 8.0\aoltray.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0 R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Wssmg] C:\Program Files\Tlmnmu\Qyhm.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [RollerCoasterTycoon2.exe] C:\DOWNLO~1\ROLLER~1.EXE /r O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm274YYUS O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...e/bridge-c9.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer = 62.241.163.200 62.241.162.201 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  15. Please can you help I am getting the following symptoms: 1. A warning appears in a dialogue box of Microsoft Internet Explorer showing warning: [email protected] is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer. 2. There is also a virus alert running on my bottom right toolbar saying your computer is infected. 3. My browser is hijacked to “about:blankâ€? but tries to get to http:/www.404dns.com/… If offline. My log file is: Logfile of HijackThis v1.99.1 Scan saved at 21:21:14, on 06/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dcomcfg.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Tlmnmu\Qyhm.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Password Manager\AcctMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AOL 8.0\aoltray.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0 R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpA071.tmp O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (file missing) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Wssmg] C:\Program Files\Tlmnmu\Qyhm.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [RollerCoasterTycoon2.exe] C:\DOWNLO~1\ROLLER~1.EXE /r O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm274YYUS O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...e/bridge-c9.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer = 62.241.163.200 62.241.162.201 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe