Sign in to follow this  
pahurley

Persistant Virtumonde

Recommended Posts

Please can you help? Ad-Aware picks up Virtumonde and seems to ge rid of it but a few hours later and another scan shows it again. I'm sure there are other nasties lurking on my pc, as it freezes regularly or is very slow and other browsers and warnings are constantly popping up. I have cleaned it up a bit and defragged. I would really love to format and start again but I'm not sure I can get it back to how it is. I would be grateful for you advice and assistance.

 

I have run Ad-Aware and not sure which log file you require. The one that has the info "Ad-Aware 20071216 14-39-12.log.xml" wont upload.

 

Many thanks

Paul

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:43:20, on 16/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

C:\Program Files\Hijackthis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\ipbsuhpt.dll",sitypnow

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147116639140

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer = 212.139.132.4 212.139.132.21

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004A2EA.dat

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 15527 bytes

AdAware_event.log

Ad_Aware_update.log

update.log

Share this post


Link to post
Share on other sites

Hello.pahurley & Welcome

 

Please download

VundoFix.exe

to your desktop.

 

Don't run it just Yet!

 

==============================

 

Download ComboFix from Here or Here to your Desktop.

 

Don't run it just Yet!

 

==============================

 

NOTE: This next step I'm going to have you do. Is to be done only after you download the tools, above not before.

 

NORTON ANTIVIRUS

Please navigate to the system tray on the bottom right hand corner and look for a sign.

 

* right-click it -> chose "Disable Auto-Protect."

* select a duration of 5 hours (this assures no interference with the cleanup of your pc)

* click "Ok."

* a popup will warn that protection will now be disabled and the sign will now look like this:

 

You succesfully disabled the Norton Antivirus Guard.

 

===============================

 

AVG ANTI-SPYWARE

 

* Launch AVG Anti-Spyware.

* From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.

* Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

 

NOTE: Again this is to be done only after downloading the tools, above not before.

 

===============================

 

Run

 

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,

click YES

Once you click yes, your desktop will go blank as it starts removing

Vundo.

When completed, it will prompt that it will reboot your computer,

click OK.

Please post the contents of C:\vundofix.txt

 

================================

 

After VundoFix is done run this tool.

 

[*]Double click combofix.exe and follow the prompts.

[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

 

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

=================================

 

Then come back here with the VundoFix log, and ComboFix log Don't forget to turn on your Anti-Virus scanner I may ask you to disable it again at some point.

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hi, sorry combofix.exe took 3 days!!! Process LVPrcsrv.exe was taking 99% of the cpu. I eventually stopped the process and it flew through the rest of combo fix.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:41, on 2007-12-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\taskmgr.exe

C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {C194241C-8BE2-43CF-9F5A-2436E866FD79} - C:\WINDOWS\system32\vtsqo.dll (file missing)

O2 - BHO: {f58f0f53-a4d4-945b-0124-c6836348d0ec} - {ce0d8436-386c-4210-b549-4d4a35f0f85f} - C:\WINDOWS\system32\bgmoirsp.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147116639140

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA8829A3-D5BF-4DC9-8C1E-2AF4674238AF}: NameServer = 212.139.132.20 212.139.132.5

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 16323 bytes

 

 

 

ComboFix 07-08-26.3 - "Paul" 2007-08-26 14:49:06.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.171 [GMT 1:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\Cache0880D1.bin

C:\Program Files\MyWebSearch\bar\Cache0883A0.bin

C:\Program Files\MyWebSearch\bar\Cache0884E8.bin

C:\Program Files\MyWebSearch\bar\Cache088601.bin

C:\Program Files\MyWebSearch\bar\Cache08873A.bin

C:\Program Files\MyWebSearch\bar\Cache3E3EC3C.bin

C:\Program Files\MyWebSearch\bar\Cache3E3EFA7.bin

C:\Program Files\MyWebSearch\bar\Cache3E3F12E.bin

C:\Program Files\MyWebSearch\bar\Cache\1121FF00.bin

C:\Program Files\MyWebSearch\bar\Cache\112200E5.bin

C:\Program Files\MyWebSearch\bar\Cache\1125C02F.bin

C:\Program Files\MyWebSearch\bar\Cache\1125C242.bin

C:\Program Files\MyWebSearch\bar\Cache\11290E21.bin

C:\Program Files\MyWebSearch\bar\Cache\11419406.bin

C:\Program Files\MyWebSearch\bar\Cache\17819F98.bin

C:\Program Files\MyWebSearch\bar\Cache\1DCD52EF.bin

C:\Program Files\MyWebSearch\bar\Cache\2890649A

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search

C:\Program Files\MyWebSearch\bar\MSNBackgrounds\1B4F1D67.jpeg

C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\bar\Settings\settings.dat

C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak

C:\Program Files\MyWebSearch\bar\Settings\settings.htm

C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

C:\WINDOWS\system32\datghpto.dll

C:\WINDOWS\system32\dlxkamwk.dll

C:\WINDOWS\system32\drivers\fad.sys

C:\WINDOWS\system32\fdxpojdb.dll

C:\WINDOWS\system32\hdikmnar.dll

C:\WINDOWS\system32\injbwcbj.dll

C:\WINDOWS\system32\iyxiqkvs.dll

C:\WINDOWS\SYSTEM32\jmllm.bak1

C:\WINDOWS\SYSTEM32\jmllm.bak2

C:\WINDOWS\SYSTEM32\jmllm.ini

C:\WINDOWS\SYSTEM32\jmllm.ini2

C:\WINDOWS\SYSTEM32\jmllm.tmp

C:\WINDOWS\system32\mllmj.dll

C:\WINDOWS\system32\mrkxgsvf.dll

C:\WINDOWS\system32\pgyancjg.dll

C:\WINDOWS\system32\piqteadb\svchost.exe

C:\WINDOWS\system32\pqkbfyuj.dll

C:\WINDOWS\system32\qhuqvxca.dll

C:\WINDOWS\system32\qlogolnu.dll

C:\WINDOWS\system32\ssqnnlk.dll

C:\WINDOWS\system32\svajhlts.dll

C:\WINDOWS\system32\system

C:\WINDOWS\system32\system\msxml4.dll

C:\WINDOWS\system32\system\msxml4r.dll

C:\WINDOWS\system32\uegxrihr.dll

C:\WINDOWS\system32\uejgdmnl.dll

C:\WINDOWS\system32\vamxfahc.dll

C:\WINDOWS\system32\vckyxllf.dll

C:\WINDOWS\system32\vojsdcda.dll

C:\WINDOWS\system32\vugcrnlp.dll

C:\WINDOWS\system32\xofbaddy.dll

C:\WINDOWS\system32\yhobkpxw.dll

 

 

((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))

 

 

2007-08-26 14:47 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-16 07:23 189,952 --a------ C:\DOCUME~1\Paul\jip.exe

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-26 15:04 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-08-22 10:28 --------- d-------- C:\Program Files\Common Files\Symantec Shared

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 15:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 15:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 09:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 08:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe

2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe

2005-10-21 16:03 774144 --a------ C:\Program Files\RngInterstitial.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47]

"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-12-03 22:01]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 12:12]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-27 21:02]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]

"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 12:41]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-16 00:18]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 03:02]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 00:07]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sonic RecordNow!"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

"STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 13:25]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-17 16:36]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Windows Recylinder Check"=uajnogrwyd.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\

DESKTOP.INI [2002-09-03 10:00:00]

 

C:\DOCUME~1\Adrian\STARTM~1\Programs\Startup\

DESKTOP.INI [2002-09-03 10:00:00]

 

C:\DOCUME~1\Paul\STARTM~1\Programs\Startup\

DESKTOP.INI [2002-09-03 10:00:00]

 

C:\DOCUME~1\Sophie\STARTM~1\Programs\Startup\

DESKTOP.INI [2002-09-03 10:00:00]

 

R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys

R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys

S3 gUSBSTOi;gUSBSTOi;\??\C:\DOCUME~1\Paul\LOCALS~1\Temp\gUSBSTOi.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-24 19:58:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Paul.job - C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe

2007-08-25 23:00:01 C:\WINDOWS\Tasks\Symantec Drmc.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-26 15:02:40

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-26 15:07:49 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-26 15:07

 

--- E O F ---

 

 

 

 

VundoFix V6.7.7

 

Checking Java version...

 

Scan started at 10:08:51 17/12/2007

 

Listing files found while scanning....

 

C:\windows\SYSTEM32\__c001304F.dat

C:\windows\SYSTEM32\__c001443A.dat

C:\windows\SYSTEM32\__c001B5B4.dat

C:\windows\SYSTEM32\__c001D838.dat

C:\windows\SYSTEM32\__c002820D.dat

C:\windows\SYSTEM32\__c0029A37.dat

C:\windows\SYSTEM32\__c002A6D3.dat

C:\windows\SYSTEM32\__c002C444.dat

C:\windows\SYSTEM32\__c0030070.dat

C:\windows\SYSTEM32\__c003500A.dat

C:\windows\SYSTEM32\__c0042984.dat

C:\windows\SYSTEM32\__c0047595.dat

C:\windows\SYSTEM32\__c004F339.dat

C:\windows\SYSTEM32\__c00530DF.dat

C:\windows\SYSTEM32\__c0059152.dat

C:\windows\SYSTEM32\__c005B55E.dat

C:\windows\SYSTEM32\__c005D0A1.dat

C:\windows\SYSTEM32\__c005D11.dat

C:\windows\SYSTEM32\__c005D544.dat

C:\windows\SYSTEM32\__c005FEAE.dat

C:\windows\SYSTEM32\__c00671F7.dat

C:\windows\SYSTEM32\__c006A54C.dat

C:\windows\SYSTEM32\__c006CAA6.dat

C:\windows\SYSTEM32\__c006DA8.dat

C:\windows\SYSTEM32\__c0070A4.dat

C:\windows\SYSTEM32\__c0070DD9.dat

C:\windows\SYSTEM32\__c0079D35.dat

C:\windows\SYSTEM32\__c007CAB9.dat

C:\windows\SYSTEM32\__c00823E4.dat

C:\windows\SYSTEM32\__c008D50D.dat

C:\windows\SYSTEM32\__c0093DE9.dat

C:\windows\SYSTEM32\__c0097FF1.dat

C:\windows\SYSTEM32\__c00984A3.dat

C:\windows\SYSTEM32\__c00A502C.dat

C:\windows\SYSTEM32\__c00A64A4.dat

C:\windows\SYSTEM32\__c00A7F8.dat

C:\windows\SYSTEM32\__c00A8CE9.dat

C:\windows\SYSTEM32\__c00AF38A.dat

C:\windows\SYSTEM32\__c00B801C.dat

C:\windows\SYSTEM32\__c00B802D.dat

C:\windows\SYSTEM32\__c00BD74E.dat

C:\windows\SYSTEM32\__c00C7A44.dat

C:\windows\SYSTEM32\__c00CA30F.dat

C:\windows\SYSTEM32\__c00CEA40.dat

C:\windows\SYSTEM32\__c00CFC01.dat

C:\windows\SYSTEM32\__c00D0229.dat

C:\windows\SYSTEM32\__c00D1F91.dat

C:\windows\SYSTEM32\__c00D36E9.dat

C:\windows\SYSTEM32\__c00E072A.dat

C:\windows\SYSTEM32\__c00E1CE.dat

C:\windows\SYSTEM32\__c00EAB55.dat

C:\windows\SYSTEM32\__c00F0934.dat

C:\windows\SYSTEM32\__c00F2410.dat

C:\windows\SYSTEM32\__c00FA774.dat

C:\windows\SYSTEM32\__c00FBE19.dat

C:\windows\SYSTEM32\abmuugay.dll

C:\WINDOWS\SYSTEM32\aerfwala.dll

C:\WINDOWS\SYSTEM32\aifmjdbv.dll

C:\WINDOWS\SYSTEM32\akjgluer.dll

C:\windows\SYSTEM32\aksmgnng.dll

C:\WINDOWS\SYSTEM32\alawfrea.ini

C:\WINDOWS\SYSTEM32\allavbiv.dll

C:\WINDOWS\SYSTEM32\almfqcvy.dll

C:\windows\SYSTEM32\apidebta.dll

C:\WINDOWS\SYSTEM32\apvqtuyc.ini

C:\windows\SYSTEM32\axbgmxux.dll

C:\windows\SYSTEM32\aybswoti.dll

C:\windows\SYSTEM32\aysdsadh.dll

C:\windows\SYSTEM32\basnifkq.dll

C:\windows\SYSTEM32\bbcswdnq.dll

C:\WINDOWS\SYSTEM32\bgmoirsp.dll

C:\windows\SYSTEM32\boylnibl.dll

C:\windows\SYSTEM32\bsslgauw.dll

C:\WINDOWS\SYSTEM32\bybwesdq.dll

C:\windows\SYSTEM32\cbtytxsp.dll

C:\windows\SYSTEM32\cigdvuef.dll

C:\WINDOWS\SYSTEM32\cjerovcr.dll

C:\windows\SYSTEM32\cmqlskdt.dll

C:\windows\SYSTEM32\cnjmtxnp.dll

C:\WINDOWS\SYSTEM32\crnohmkj.dll

C:\windows\SYSTEM32\cvwsdtxv.dll

C:\windows\SYSTEM32\cwlxgqbl.dll

C:\windows\SYSTEM32\cxiqfvoh.dll

C:\WINDOWS\SYSTEM32\cyutqvpa.dll

C:\WINDOWS\SYSTEM32\damdrqol.dll

C:\windows\SYSTEM32\debpgduq.dll

C:\windows\SYSTEM32\dijbgrva.dll

C:\windows\SYSTEM32\dikwxkes.dll

C:\WINDOWS\SYSTEM32\dixeprcm.dll

C:\windows\SYSTEM32\dntsbmdp.dll

C:\WINDOWS\SYSTEM32\dnxpfxim.dll

C:\windows\SYSTEM32\dprvjspn.dll

C:\WINDOWS\SYSTEM32\dsridcue.dll

C:\windows\SYSTEM32\dtvusvij.dll

C:\windows\SYSTEM32\dwvtdjmh.dll

C:\windows\SYSTEM32\dwwgeikh.dll

C:\windows\SYSTEM32\dxiaggxk.dll

C:\windows\SYSTEM32\dxjwekxk.dll

C:\windows\SYSTEM32\dymhjuky.dll

C:\WINDOWS\SYSTEM32\dyyvkoxy.dll

C:\windows\SYSTEM32\eebtmkhc.dll

C:\WINDOWS\SYSTEM32\efimjnms.dll

C:\WINDOWS\SYSTEM32\egjhmpiw.dll

C:\windows\SYSTEM32\egotqenr.dll

C:\windows\SYSTEM32\egrxpflf.dll

C:\windows\SYSTEM32\ejqxlldx.dll

C:\windows\SYSTEM32\elaargvu.dll

C:\windows\SYSTEM32\eliglafh.dll

C:\windows\SYSTEM32\epqevqhs.dll

C:\WINDOWS\SYSTEM32\ewewtyrs.dll

C:\WINDOWS\SYSTEM32\fgvgbthg.dll

C:\windows\SYSTEM32\fhqhtjlj.dll

C:\WINDOWS\SYSTEM32\fitnkcmm.dll

C:\WINDOWS\SYSTEM32\fophlgsq.dll

C:\windows\SYSTEM32\goahhgfj.dll

C:\WINDOWS\SYSTEM32\gsnhpldb.dll

C:\windows\SYSTEM32\gvscjfhc.dll

C:\windows\SYSTEM32\gyyhvole.dll

C:\WINDOWS\SYSTEM32\hiqfuxxr.dll

C:\WINDOWS\SYSTEM32\hochqkuo.dll

C:\WINDOWS\SYSTEM32\hyldmlas.dll

C:\windows\SYSTEM32\ieeqpqhd.dll

C:\WINDOWS\SYSTEM32\iioudcim.dll

C:\WINDOWS\SYSTEM32\ioakxlch.dll

C:\WINDOWS\SYSTEM32\ipbsuhpt.dll

C:\windows\SYSTEM32\iqesubbk.dll

C:\windows\SYSTEM32\iuvlvutu.dll

C:\WINDOWS\SYSTEM32\iwhapooy.dll

C:\WINDOWS\system32\jbgldofw.dll

C:\windows\SYSTEM32\jiuhdrgb.dll

C:\windows\SYSTEM32\jjjnkmpf.dll

C:\windows\SYSTEM32\jnjanffw.dll

C:\WINDOWS\SYSTEM32\jojtuxqt.dll

C:\windows\SYSTEM32\jpmoucld.dll

C:\WINDOWS\SYSTEM32\jpwekfdu.dll

C:\WINDOWS\SYSTEM32\jrmpdjvg.dll

C:\windows\SYSTEM32\jumefypq.dll

C:\WINDOWS\system32\jxnieumh.dll

C:\windows\SYSTEM32\kkhmqxbi.dll

C:\WINDOWS\SYSTEM32\kopklocv.dll

C:\WINDOWS\SYSTEM32\kprmmqop.dll

C:\windows\SYSTEM32\kxiyuyhv.dll

C:\windows\SYSTEM32\kyyqhbnq.dll

C:\WINDOWS\SYSTEM32\ldoykncl.dll

C:\WINDOWS\SYSTEM32\leiwlrai.dll

C:\WINDOWS\SYSTEM32\lojdxmje.dll

C:\WINDOWS\SYSTEM32\lqqchxxm.dll

C:\windows\SYSTEM32\luyymksh.dll

C:\windows\SYSTEM32\lwehwkjt.dll

C:\windows\SYSTEM32\lxigbsba.dll

C:\WINDOWS\SYSTEM32\lynsiebq.dll

C:\windows\SYSTEM32\ndproinv.dll

C:\windows\SYSTEM32\nhhqcqam.dll

C:\WINDOWS\SYSTEM32\nhltbyuf.dll

C:\windows\SYSTEM32\nlahmdhd.dll

C:\WINDOWS\SYSTEM32\nmujljyw.dll

C:\windows\SYSTEM32\nnmnbbvi.dll

C:\windows\SYSTEM32\ntknhyfx.dll

C:\windows\SYSTEM32\nuhrpjrh.dll

C:\windows\SYSTEM32\nvxarqmm.dll

C:\WINDOWS\SYSTEM32\odwdyjqj.dll

C:\windows\SYSTEM32\ogsjgivp.dll

C:\windows\SYSTEM32\omumurbm.dll

C:\windows\SYSTEM32\oqstv.bak1

C:\windows\SYSTEM32\oqstv.bak2

C:\windows\SYSTEM32\oqstv.ini

C:\windows\SYSTEM32\oqstv.ini2

C:\windows\SYSTEM32\oqstv.tmp

C:\windows\SYSTEM32\ostlecus.dll

C:\WINDOWS\SYSTEM32\ovjlndtx.dll

C:\windows\SYSTEM32\owxamslg.dll

C:\WINDOWS\SYSTEM32\pgoecwik.dll

C:\windows\SYSTEM32\pgvuwluc.dll

C:\windows\SYSTEM32\pimcbuct.dll

C:\windows\SYSTEM32\pjuphbad.dll

C:\WINDOWS\SYSTEM32\plckjstr.dll

C:\WINDOWS\SYSTEM32\pocaaumr.dll

C:\windows\SYSTEM32\qdmhuxsi.dll

C:\windows\SYSTEM32\qdvmbmit.dll

C:\windows\SYSTEM32\qgeunjyw.dll

C:\windows\SYSTEM32\qonmxerb.dll

C:\WINDOWS\SYSTEM32\qphyvytp.dll

C:\WINDOWS\SYSTEM32\qtdujxbj.dll

C:\WINDOWS\SYSTEM32\qvaodaip.dll

C:\windows\SYSTEM32\qvifqigu.dll

C:\windows\SYSTEM32\qwejnokn.dll

C:\windows\SYSTEM32\rgsyjuwk.dll

C:\WINDOWS\SYSTEM32\rlbqdfhv.dll

C:\windows\SYSTEM32\ropxyequ.dll

C:\windows\SYSTEM32\rxwycwpu.dll

C:\windows\SYSTEM32\sfhfjksn.dll

C:\windows\SYSTEM32\sjeeyedv.dll

C:\WINDOWS\SYSTEM32\smcnkbij.dll

C:\WINDOWS\SYSTEM32\spnakfix.dll

C:\windows\SYSTEM32\stecumbp.dll

C:\windows\SYSTEM32\stxgxhhu.dll

C:\windows\SYSTEM32\sxmnmtmi.dll

C:\WINDOWS\SYSTEM32\syhldccp.dll

C:\WINDOWS\SYSTEM32\tedytayr.dll

C:\WINDOWS\SYSTEM32\timgsstx.dll

C:\WINDOWS\SYSTEM32\tpgcsgei.dll

C:\WINDOWS\SYSTEM32\tqbnlyfo.dll

C:\WINDOWS\SYSTEM32\tshvxnkc.dll

C:\windows\SYSTEM32\twecgppf.dll

C:\windows\SYSTEM32\tyudqxsm.dll

C:\WINDOWS\SYSTEM32\ubmjtkhw.dll

C:\windows\SYSTEM32\ucgfgbrg.dll

C:\windows\SYSTEM32\uggwplxs.dll

C:\windows\SYSTEM32\uggyfvec.dll

C:\windows\SYSTEM32\uivtrubb.dll

C:\WINDOWS\SYSTEM32\uklpdejj.dll

C:\windows\SYSTEM32\ulwmvbfu.dll

C:\windows\SYSTEM32\unbalgan.dll

C:\WINDOWS\SYSTEM32\uredsopr.dll

C:\windows\SYSTEM32\vbbnprgk.dll

C:\windows\SYSTEM32\vcaiaijf.dll

C:\windows\SYSTEM32\vcepfxia.dll

C:\windows\SYSTEM32\vdkjctxy.dll

C:\WINDOWS\SYSTEM32\vqrhuerg.dll

C:\windows\SYSTEM32\vrhelqcr.dll

C:\WINDOWS\system32\vtsqo.dll

C:\windows\SYSTEM32\wfdxrkiq.dll

C:\windows\SYSTEM32\wqrbxpry.dll

C:\windows\SYSTEM32\wrhcpwki.dll

C:\WINDOWS\SYSTEM32\wrknqpfp.dll

C:\windows\SYSTEM32\wtjwbbru.dll

C:\WINDOWS\SYSTEM32\xastmlnf.dll

C:\WINDOWS\SYSTEM32\xcrsuutw.dll

C:\windows\SYSTEM32\xinfteag.dll

C:\windows\SYSTEM32\xqxhabxc.dll

C:\windows\SYSTEM32\yfghwfyo.dll

C:\windows\SYSTEM32\ymjytfry.dll

C:\windows\SYSTEM32\ynbtaixl.dll

C:\windows\SYSTEM32\yshrdumo.dll

 

Beginning removal...

 

Attempting to delete C:\windows\SYSTEM32\__c001304F.dat

C:\windows\SYSTEM32\__c001304F.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c001443A.dat

C:\windows\SYSTEM32\__c001443A.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c001B5B4.dat

C:\windows\SYSTEM32\__c001B5B4.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c001D838.dat

C:\windows\SYSTEM32\__c001D838.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c002820D.dat

C:\windows\SYSTEM32\__c002820D.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0029A37.dat

C:\windows\SYSTEM32\__c0029A37.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c002A6D3.dat

C:\windows\SYSTEM32\__c002A6D3.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c002C444.dat

C:\windows\SYSTEM32\__c002C444.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0030070.dat

C:\windows\SYSTEM32\__c0030070.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c003500A.dat

C:\windows\SYSTEM32\__c003500A.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0042984.dat

C:\windows\SYSTEM32\__c0042984.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0047595.dat

C:\windows\SYSTEM32\__c0047595.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c004F339.dat

C:\windows\SYSTEM32\__c004F339.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00530DF.dat

C:\windows\SYSTEM32\__c00530DF.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0059152.dat

C:\windows\SYSTEM32\__c0059152.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c005B55E.dat

C:\windows\SYSTEM32\__c005B55E.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c005D0A1.dat

C:\windows\SYSTEM32\__c005D0A1.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c005D11.dat

C:\windows\SYSTEM32\__c005D11.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c005D544.dat

C:\windows\SYSTEM32\__c005D544.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c005FEAE.dat

C:\windows\SYSTEM32\__c005FEAE.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00671F7.dat

C:\windows\SYSTEM32\__c00671F7.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c006A54C.dat

C:\windows\SYSTEM32\__c006A54C.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c006CAA6.dat

C:\windows\SYSTEM32\__c006CAA6.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c006DA8.dat

C:\windows\SYSTEM32\__c006DA8.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0070A4.dat

C:\windows\SYSTEM32\__c0070A4.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0070DD9.dat

C:\windows\SYSTEM32\__c0070DD9.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0079D35.dat

C:\windows\SYSTEM32\__c0079D35.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c007CAB9.dat

C:\windows\SYSTEM32\__c007CAB9.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00823E4.dat

C:\windows\SYSTEM32\__c00823E4.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c008D50D.dat

C:\windows\SYSTEM32\__c008D50D.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0093DE9.dat

C:\windows\SYSTEM32\__c0093DE9.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c0097FF1.dat

C:\windows\SYSTEM32\__c0097FF1.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00984A3.dat

C:\windows\SYSTEM32\__c00984A3.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00A502C.dat

C:\windows\SYSTEM32\__c00A502C.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00A64A4.dat

C:\windows\SYSTEM32\__c00A64A4.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00A7F8.dat

C:\windows\SYSTEM32\__c00A7F8.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00A8CE9.dat

C:\windows\SYSTEM32\__c00A8CE9.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00AF38A.dat

C:\windows\SYSTEM32\__c00AF38A.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00B801C.dat

C:\windows\SYSTEM32\__c00B801C.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00B802D.dat

C:\windows\SYSTEM32\__c00B802D.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00BD74E.dat

C:\windows\SYSTEM32\__c00BD74E.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00C7A44.dat

C:\windows\SYSTEM32\__c00C7A44.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00CA30F.dat

C:\windows\SYSTEM32\__c00CA30F.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00CEA40.dat

C:\windows\SYSTEM32\__c00CEA40.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00CFC01.dat

C:\windows\SYSTEM32\__c00CFC01.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00D0229.dat

C:\windows\SYSTEM32\__c00D0229.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00D1F91.dat

C:\windows\SYSTEM32\__c00D1F91.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00D36E9.dat

C:\windows\SYSTEM32\__c00D36E9.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00E072A.dat

C:\windows\SYSTEM32\__c00E072A.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00E1CE.dat

C:\windows\SYSTEM32\__c00E1CE.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00EAB55.dat

C:\windows\SYSTEM32\__c00EAB55.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00F0934.dat

C:\windows\SYSTEM32\__c00F0934.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00F2410.dat

C:\windows\SYSTEM32\__c00F2410.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00FA774.dat

C:\windows\SYSTEM32\__c00FA774.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\__c00FBE19.dat

C:\windows\SYSTEM32\__c00FBE19.dat Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\abmuugay.dll

C:\windows\SYSTEM32\abmuugay.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\aerfwala.dll

C:\WINDOWS\SYSTEM32\aerfwala.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\aifmjdbv.dll

C:\WINDOWS\SYSTEM32\aifmjdbv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\akjgluer.dll

C:\WINDOWS\SYSTEM32\akjgluer.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\aksmgnng.dll

C:\windows\SYSTEM32\aksmgnng.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\alawfrea.ini

C:\WINDOWS\SYSTEM32\alawfrea.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\allavbiv.dll

C:\WINDOWS\SYSTEM32\allavbiv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\almfqcvy.dll

C:\WINDOWS\SYSTEM32\almfqcvy.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\apidebta.dll

C:\windows\SYSTEM32\apidebta.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\apvqtuyc.ini

C:\WINDOWS\SYSTEM32\apvqtuyc.ini Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\axbgmxux.dll

C:\windows\SYSTEM32\axbgmxux.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\aybswoti.dll

C:\windows\SYSTEM32\aybswoti.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\aysdsadh.dll

C:\windows\SYSTEM32\aysdsadh.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\basnifkq.dll

C:\windows\SYSTEM32\basnifkq.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\bbcswdnq.dll

C:\windows\SYSTEM32\bbcswdnq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\bgmoirsp.dll

C:\WINDOWS\SYSTEM32\bgmoirsp.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\boylnibl.dll

C:\windows\SYSTEM32\boylnibl.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\bsslgauw.dll

C:\windows\SYSTEM32\bsslgauw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\bybwesdq.dll

C:\WINDOWS\SYSTEM32\bybwesdq.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\cbtytxsp.dll

C:\windows\SYSTEM32\cbtytxsp.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\cigdvuef.dll

C:\windows\SYSTEM32\cigdvuef.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\cjerovcr.dll

C:\WINDOWS\SYSTEM32\cjerovcr.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\cmqlskdt.dll

C:\windows\SYSTEM32\cmqlskdt.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\cnjmtxnp.dll

C:\windows\SYSTEM32\cnjmtxnp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\crnohmkj.dll

C:\WINDOWS\SYSTEM32\crnohmkj.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\cvwsdtxv.dll

C:\windows\SYSTEM32\cvwsdtxv.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\cwlxgqbl.dll

C:\windows\SYSTEM32\cwlxgqbl.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\cxiqfvoh.dll

C:\windows\SYSTEM32\cxiqfvoh.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\cyutqvpa.dll

C:\WINDOWS\SYSTEM32\cyutqvpa.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\damdrqol.dll

C:\WINDOWS\SYSTEM32\damdrqol.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\debpgduq.dll

C:\windows\SYSTEM32\debpgduq.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dijbgrva.dll

C:\windows\SYSTEM32\dijbgrva.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dikwxkes.dll

C:\windows\SYSTEM32\dikwxkes.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\dixeprcm.dll

C:\WINDOWS\SYSTEM32\dixeprcm.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dntsbmdp.dll

C:\windows\SYSTEM32\dntsbmdp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\dnxpfxim.dll

C:\WINDOWS\SYSTEM32\dnxpfxim.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dprvjspn.dll

C:\windows\SYSTEM32\dprvjspn.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\dsridcue.dll

C:\WINDOWS\SYSTEM32\dsridcue.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dtvusvij.dll

C:\windows\SYSTEM32\dtvusvij.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dwvtdjmh.dll

C:\windows\SYSTEM32\dwvtdjmh.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dwwgeikh.dll

C:\windows\SYSTEM32\dwwgeikh.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dxiaggxk.dll

C:\windows\SYSTEM32\dxiaggxk.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dxjwekxk.dll

C:\windows\SYSTEM32\dxjwekxk.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\dymhjuky.dll

C:\windows\SYSTEM32\dymhjuky.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\dyyvkoxy.dll

C:\WINDOWS\SYSTEM32\dyyvkoxy.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\eebtmkhc.dll

C:\windows\SYSTEM32\eebtmkhc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\efimjnms.dll

C:\WINDOWS\SYSTEM32\efimjnms.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\egjhmpiw.dll

C:\WINDOWS\SYSTEM32\egjhmpiw.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\egotqenr.dll

C:\windows\SYSTEM32\egotqenr.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\egrxpflf.dll

C:\windows\SYSTEM32\egrxpflf.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ejqxlldx.dll

C:\windows\SYSTEM32\ejqxlldx.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\elaargvu.dll

C:\windows\SYSTEM32\elaargvu.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\eliglafh.dll

C:\windows\SYSTEM32\eliglafh.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\epqevqhs.dll

C:\windows\SYSTEM32\epqevqhs.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ewewtyrs.dll

C:\WINDOWS\SYSTEM32\ewewtyrs.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\fgvgbthg.dll

C:\WINDOWS\SYSTEM32\fgvgbthg.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\fhqhtjlj.dll

C:\windows\SYSTEM32\fhqhtjlj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\fitnkcmm.dll

C:\WINDOWS\SYSTEM32\fitnkcmm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\fophlgsq.dll

C:\WINDOWS\SYSTEM32\fophlgsq.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\goahhgfj.dll

C:\windows\SYSTEM32\goahhgfj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\gsnhpldb.dll

C:\WINDOWS\SYSTEM32\gsnhpldb.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\gvscjfhc.dll

C:\windows\SYSTEM32\gvscjfhc.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\gyyhvole.dll

C:\windows\SYSTEM32\gyyhvole.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\hiqfuxxr.dll

C:\WINDOWS\SYSTEM32\hiqfuxxr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\hochqkuo.dll

C:\WINDOWS\SYSTEM32\hochqkuo.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\hyldmlas.dll

C:\WINDOWS\SYSTEM32\hyldmlas.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ieeqpqhd.dll

C:\windows\SYSTEM32\ieeqpqhd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\iioudcim.dll

C:\WINDOWS\SYSTEM32\iioudcim.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ioakxlch.dll

C:\WINDOWS\SYSTEM32\ioakxlch.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ipbsuhpt.dll

C:\WINDOWS\SYSTEM32\ipbsuhpt.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\iqesubbk.dll

C:\windows\SYSTEM32\iqesubbk.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\iuvlvutu.dll

C:\windows\SYSTEM32\iuvlvutu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\iwhapooy.dll

C:\WINDOWS\SYSTEM32\iwhapooy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jbgldofw.dll

C:\WINDOWS\system32\jbgldofw.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\jiuhdrgb.dll

C:\windows\SYSTEM32\jiuhdrgb.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\jjjnkmpf.dll

C:\windows\SYSTEM32\jjjnkmpf.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\jnjanffw.dll

C:\windows\SYSTEM32\jnjanffw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\jojtuxqt.dll

C:\WINDOWS\SYSTEM32\jojtuxqt.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\jpmoucld.dll

C:\windows\SYSTEM32\jpmoucld.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\jpwekfdu.dll

C:\WINDOWS\SYSTEM32\jpwekfdu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\jrmpdjvg.dll

C:\WINDOWS\SYSTEM32\jrmpdjvg.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\jumefypq.dll

C:\windows\SYSTEM32\jumefypq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jxnieumh.dll

C:\WINDOWS\system32\jxnieumh.dll Could not be deleted.

 

Attempting to delete C:\windows\SYSTEM32\kkhmqxbi.dll

C:\windows\SYSTEM32\kkhmqxbi.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\kopklocv.dll

C:\WINDOWS\SYSTEM32\kopklocv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\kprmmqop.dll

C:\WINDOWS\SYSTEM32\kprmmqop.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\kxiyuyhv.dll

C:\windows\SYSTEM32\kxiyuyhv.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\kyyqhbnq.dll

C:\windows\SYSTEM32\kyyqhbnq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ldoykncl.dll

C:\WINDOWS\SYSTEM32\ldoykncl.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\leiwlrai.dll

C:\WINDOWS\SYSTEM32\leiwlrai.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\lojdxmje.dll

C:\WINDOWS\SYSTEM32\lojdxmje.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\lqqchxxm.dll

C:\WINDOWS\SYSTEM32\lqqchxxm.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\luyymksh.dll

C:\windows\SYSTEM32\luyymksh.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\lwehwkjt.dll

C:\windows\SYSTEM32\lwehwkjt.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\lxigbsba.dll

C:\windows\SYSTEM32\lxigbsba.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\lynsiebq.dll

C:\WINDOWS\SYSTEM32\lynsiebq.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ndproinv.dll

C:\windows\SYSTEM32\ndproinv.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\nhhqcqam.dll

C:\windows\SYSTEM32\nhhqcqam.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\nhltbyuf.dll

C:\WINDOWS\SYSTEM32\nhltbyuf.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\nlahmdhd.dll

C:\windows\SYSTEM32\nlahmdhd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\nmujljyw.dll

C:\WINDOWS\SYSTEM32\nmujljyw.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\nnmnbbvi.dll

C:\windows\SYSTEM32\nnmnbbvi.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ntknhyfx.dll

C:\windows\SYSTEM32\ntknhyfx.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\nuhrpjrh.dll

C:\windows\SYSTEM32\nuhrpjrh.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\nvxarqmm.dll

C:\windows\SYSTEM32\nvxarqmm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\odwdyjqj.dll

C:\WINDOWS\SYSTEM32\odwdyjqj.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ogsjgivp.dll

C:\windows\SYSTEM32\ogsjgivp.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\omumurbm.dll

C:\windows\SYSTEM32\omumurbm.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\oqstv.bak1

C:\windows\SYSTEM32\oqstv.bak1 Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\oqstv.bak2

C:\windows\SYSTEM32\oqstv.bak2 Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\oqstv.ini

C:\windows\SYSTEM32\oqstv.ini Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\oqstv.ini2

C:\windows\SYSTEM32\oqstv.ini2 Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\oqstv.tmp

C:\windows\SYSTEM32\oqstv.tmp Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ostlecus.dll

C:\windows\SYSTEM32\ostlecus.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ovjlndtx.dll

C:\WINDOWS\SYSTEM32\ovjlndtx.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\owxamslg.dll

C:\windows\SYSTEM32\owxamslg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\pgoecwik.dll

C:\WINDOWS\SYSTEM32\pgoecwik.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\pgvuwluc.dll

C:\windows\SYSTEM32\pgvuwluc.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\pimcbuct.dll

C:\windows\SYSTEM32\pimcbuct.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\pjuphbad.dll

C:\windows\SYSTEM32\pjuphbad.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\plckjstr.dll

C:\WINDOWS\SYSTEM32\plckjstr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\pocaaumr.dll

C:\WINDOWS\SYSTEM32\pocaaumr.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\qdmhuxsi.dll

C:\windows\SYSTEM32\qdmhuxsi.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\qdvmbmit.dll

C:\windows\SYSTEM32\qdvmbmit.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\qgeunjyw.dll

C:\windows\SYSTEM32\qgeunjyw.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\qonmxerb.dll

C:\windows\SYSTEM32\qonmxerb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\qphyvytp.dll

C:\WINDOWS\SYSTEM32\qphyvytp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\qtdujxbj.dll

C:\WINDOWS\SYSTEM32\qtdujxbj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\qvaodaip.dll

C:\WINDOWS\SYSTEM32\qvaodaip.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\qvifqigu.dll

C:\windows\SYSTEM32\qvifqigu.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\qwejnokn.dll

C:\windows\SYSTEM32\qwejnokn.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\rgsyjuwk.dll

C:\windows\SYSTEM32\rgsyjuwk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\rlbqdfhv.dll

C:\WINDOWS\SYSTEM32\rlbqdfhv.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ropxyequ.dll

C:\windows\SYSTEM32\ropxyequ.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\rxwycwpu.dll

C:\windows\SYSTEM32\rxwycwpu.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\sfhfjksn.dll

C:\windows\SYSTEM32\sfhfjksn.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\sjeeyedv.dll

C:\windows\SYSTEM32\sjeeyedv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\smcnkbij.dll

C:\WINDOWS\SYSTEM32\smcnkbij.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\spnakfix.dll

C:\WINDOWS\SYSTEM32\spnakfix.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\stecumbp.dll

C:\windows\SYSTEM32\stecumbp.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\stxgxhhu.dll

C:\windows\SYSTEM32\stxgxhhu.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\sxmnmtmi.dll

C:\windows\SYSTEM32\sxmnmtmi.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\syhldccp.dll

C:\WINDOWS\SYSTEM32\syhldccp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\tedytayr.dll

C:\WINDOWS\SYSTEM32\tedytayr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\timgsstx.dll

C:\WINDOWS\SYSTEM32\timgsstx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\tpgcsgei.dll

C:\WINDOWS\SYSTEM32\tpgcsgei.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\tqbnlyfo.dll

C:\WINDOWS\SYSTEM32\tqbnlyfo.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\tshvxnkc.dll

C:\WINDOWS\SYSTEM32\tshvxnkc.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\twecgppf.dll

C:\windows\SYSTEM32\twecgppf.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\tyudqxsm.dll

C:\windows\SYSTEM32\tyudqxsm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ubmjtkhw.dll

C:\WINDOWS\SYSTEM32\ubmjtkhw.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ucgfgbrg.dll

C:\windows\SYSTEM32\ucgfgbrg.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\uggwplxs.dll

C:\windows\SYSTEM32\uggwplxs.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\uggyfvec.dll

C:\windows\SYSTEM32\uggyfvec.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\uivtrubb.dll

C:\windows\SYSTEM32\uivtrubb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\uklpdejj.dll

C:\WINDOWS\SYSTEM32\uklpdejj.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ulwmvbfu.dll

C:\windows\SYSTEM32\ulwmvbfu.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\unbalgan.dll

C:\windows\SYSTEM32\unbalgan.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\uredsopr.dll

C:\WINDOWS\SYSTEM32\uredsopr.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\vbbnprgk.dll

C:\windows\SYSTEM32\vbbnprgk.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\vcaiaijf.dll

C:\windows\SYSTEM32\vcaiaijf.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\vcepfxia.dll

C:\windows\SYSTEM32\vcepfxia.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\vdkjctxy.dll

C:\windows\SYSTEM32\vdkjctxy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\vqrhuerg.dll

C:\WINDOWS\SYSTEM32\vqrhuerg.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\vrhelqcr.dll

C:\windows\SYSTEM32\vrhelqcr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtsqo.dll

C:\WINDOWS\system32\vtsqo.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\wfdxrkiq.dll

C:\windows\SYSTEM32\wfdxrkiq.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\wqrbxpry.dll

C:\windows\SYSTEM32\wqrbxpry.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\wrhcpwki.dll

C:\windows\SYSTEM32\wrhcpwki.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\wrknqpfp.dll

C:\WINDOWS\SYSTEM32\wrknqpfp.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\wtjwbbru.dll

C:\windows\SYSTEM32\wtjwbbru.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\xastmlnf.dll

C:\WINDOWS\SYSTEM32\xastmlnf.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\SYSTEM32\xcrsuutw.dll

C:\WINDOWS\SYSTEM32\xcrsuutw.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\xinfteag.dll

C:\windows\SYSTEM32\xinfteag.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\xqxhabxc.dll

C:\windows\SYSTEM32\xqxhabxc.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\yfghwfyo.dll

C:\windows\SYSTEM32\yfghwfyo.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ymjytfry.dll

C:\windows\SYSTEM32\ymjytfry.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\ynbtaixl.dll

C:\windows\SYSTEM32\ynbtaixl.dll Has been deleted!

 

Attempting to delete C:\windows\SYSTEM32\yshrdumo.dll

C:\windows\SYSTEM32\yshrdumo.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.7.7

 

Checking Java version...

 

Scan started at 11:32:24 17/12/2007

 

Listing files found while scanning....

 

C:\WINDOWS\SYSTEM32\hmueinxj.ini

C:\WINDOWS\SYSTEM32\jxnieumh.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\SYSTEM32\hmueinxj.ini

C:\WINDOWS\SYSTEM32\hmueinxj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\jxnieumh.dll

C:\WINDOWS\SYSTEM32\jxnieumh.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

Share this post


Link to post
Share on other sites

Hey.pahurley

 

Now may I ask why your back with the same problem. I had a look around about a file in this log. When I happen to find this link here. http://www.lavasoftsupport.com/lofiversion...php/t12168.html Did you not follow the info posted there.

 

Anyways

 

Next

 

1. Close any open browsers.

 

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.

 

File::

C:\DOCUME~1\Paul\jip.exe

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Windows Recylinder Check"=-

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

 

When finished, it will produce a log for you at "C:\ComboFix.txt"

 

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

 

Then come back here with both the HijackThis log and ComboFix.txt

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hi,

sorry not sure how I managed to get virtumonde. I've followed the precautions and run norton (which i've lost confidence with) and constantly run AdAware and keep the windows firewall on. My teenage daughter is the main user so i'm not sure whether it's something she does. Could you please recommend some sofware. Any further advice would be very welcome. Thanks for all your help so far.

Paul

 

ComboFix 07-12-16.4 - Paul 2007-12-20 18:07:25.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT 0:00]

Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Paul\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\DOCUME~1\Paul\jip.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))

.

 

2007-12-17 10:08 . 2007-12-17 11:32 <DIR> d-------- C:\VundoFix Backups

2007-12-16 16:05 . 2007-12-16 16:05 970,674 ---hs---- C:\WINDOWS\SYSTEM32\fnlmtsax.ini

2007-12-16 10:10 . 2007-12-16 16:00 970,614 ---hs---- C:\WINDOWS\SYSTEM32\tphusbpi.ini

2007-12-16 10:01 . 2007-12-16 10:01 970,494 ---hs---- C:\WINDOWS\SYSTEM32\ohrppcjv.ini

2007-12-16 00:51 . 2007-12-16 00:51 294 ---hs---- C:\WINDOWS\SYSTEM32\jrxxgyiw.ini

2007-12-16 00:43 . 2007-12-16 09:59 414 ---hs---- C:\WINDOWS\SYSTEM32\vbteicli.ini

2007-12-15 23:16 . 2007-12-15 23:16 1,659,877 ---hs---- C:\WINDOWS\SYSTEM32\xtdnljvo.ini

2007-12-15 18:20 . 2007-12-15 23:14 1,659,817 ---hs---- C:\WINDOWS\SYSTEM32\tbbahpku.ini

2007-12-14 14:56 . 2007-12-15 09:37 941,710 ---hs---- C:\WINDOWS\SYSTEM32\ymdcoopt.ini

2007-12-13 22:45 . 2007-12-14 11:00 934,296 ---hs---- C:\WINDOWS\SYSTEM32\hgqmoejo.ini

2007-12-13 18:57 . 2007-12-13 22:39 812,706 ---hs---- C:\WINDOWS\SYSTEM32\gvjdpmrj.ini

2007-12-13 18:45 . 2007-12-13 18:46 830,639 ---hs---- C:\WINDOWS\SYSTEM32\sdteogtm.ini

2007-12-13 09:52 . 2007-12-13 18:44 830,579 ---hs---- C:\WINDOWS\SYSTEM32\gusikrct.ini

2007-12-13 09:43 . 2007-12-13 09:44 859,477 ---hs---- C:\WINDOWS\SYSTEM32\veduvobj.ini

2007-12-12 23:18 . 2007-12-13 09:38 933,424 ---hs---- C:\WINDOWS\SYSTEM32\ycsxpmrn.ini

2007-12-12 19:09 . 2007-12-12 19:09 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2007-12-12 18:46 . 2007-12-12 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

2007-12-12 18:45 . 2007-12-12 19:09 <DIR> d-------- C:\Program Files\Logitech

2007-12-12 18:45 . 2007-12-12 19:13 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2007-12-12 18:45 . 2007-12-12 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2007-12-12 18:33 . 2007-12-12 18:33 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ArcSoft

2007-12-12 09:52 . 2007-12-12 23:10 919,432 ---hs---- C:\WINDOWS\SYSTEM32\lndhuaum.ini

2007-12-12 03:06 . 2007-12-12 03:06 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI

2007-12-11 10:29 . 2007-12-12 09:43 855,757 ---hs---- C:\WINDOWS\SYSTEM32\mgrmdyig.ini

2007-12-10 22:23 . 2007-12-10 22:24 858,582 ---hs---- C:\WINDOWS\SYSTEM32\xskbhidg.ini

2007-12-10 22:08 . 2007-12-10 22:08 833,576 ---hs---- C:\WINDOWS\SYSTEM32\bmgvhqpv.ini

2007-12-07 11:22 . 2007-12-10 22:07 833,516 ---hs---- C:\WINDOWS\SYSTEM32\jhwfxjwh.ini

2007-12-07 11:19 . 2007-12-07 11:19 2,112 --a------ C:\WINDOWS\SYSTEM32\wcwejuye.exe

2007-12-06 11:22 . 2007-12-07 09:47 807,805 ---hs---- C:\WINDOWS\SYSTEM32\dyrqdavw.ini

2007-12-06 11:19 . 2007-12-06 11:19 2,112 --a------ C:\WINDOWS\SYSTEM32\kshvtyhs.exe

2007-12-06 10:55 . 2007-12-06 10:55 807,700 ---hs---- C:\WINDOWS\SYSTEM32\owqejgxx.ini

2007-12-06 10:10 . 2007-12-06 10:50 807,640 ---hs---- C:\WINDOWS\SYSTEM32\gvuahlkw.ini

2007-12-06 10:01 . 2007-12-06 10:01 2,112 --a------ C:\WINDOWS\SYSTEM32\fdoqbsbt.exe

2007-12-06 09:42 . 2007-12-06 09:58 807,658 ---hs---- C:\WINDOWS\SYSTEM32\rtsjkclp.ini

2007-12-06 09:39 . 2007-12-06 09:39 2,112 --a------ C:\WINDOWS\SYSTEM32\ghmfdoqp.exe

2007-12-05 09:51 . 2007-12-06 09:30 806,319 ---hs---- C:\WINDOWS\SYSTEM32\qxciiwhe.ini

2007-12-05 09:39 . 2007-12-05 09:39 2,112 --a------ C:\WINDOWS\SYSTEM32\xpyyqxyu.exe

2007-12-04 20:50 . 2007-12-04 20:50 794,040 ---hs---- C:\WINDOWS\SYSTEM32\piadoavq.ini

2007-12-04 20:35 . 2007-12-04 20:35 2,112 --a------ C:\WINDOWS\SYSTEM32\jgwroexq.exe

2007-12-03 20:33 . 2007-12-04 20:33 793,980 ---hs---- C:\WINDOWS\SYSTEM32\iqkeiqti.ini

2007-12-03 20:32 . 2007-12-03 20:32 2,112 --a------ C:\WINDOWS\SYSTEM32\gltfbuta.exe

2007-12-03 19:19 . 2007-12-03 19:19 2,112 --a------ C:\WINDOWS\SYSTEM32\spdaorrc.exe

2007-12-02 20:04 . 2007-12-03 19:29 793,793 ---hs---- C:\WINDOWS\SYSTEM32\xifkanps.ini

2007-12-02 19:19 . 2007-12-02 19:19 2,112 --a------ C:\WINDOWS\SYSTEM32\mvjrrcho.exe

2007-12-01 19:31 . 2007-12-02 19:32 793,724 ---hs---- C:\WINDOWS\SYSTEM32\cuvdnigr.ini

2007-12-01 19:25 . 2007-12-01 19:25 2,112 --a------ C:\WINDOWS\SYSTEM32\aatcgpit.exe

2007-11-30 19:32 . 2007-12-01 17:36 793,682 ---hs---- C:\WINDOWS\SYSTEM32\dorbript.ini

2007-11-30 19:22 . 2007-11-30 19:22 2,112 --a------ C:\WINDOWS\SYSTEM32\wtwunmsr.exe

2007-11-30 19:12 . 2007-11-30 19:12 2,112 --a------ C:\WINDOWS\SYSTEM32\ejwhdmki.exe

2007-11-30 18:58 . 2007-11-30 18:58 2,112 --a------ C:\WINDOWS\SYSTEM32\bnprjlnx.exe

2007-11-29 19:01 . 2007-11-29 19:01 2,112 --a------ C:\WINDOWS\SYSTEM32\keqphlqa.exe

2007-11-28 20:07 . 2007-11-29 18:55 789,470 ---hs---- C:\WINDOWS\SYSTEM32\wyjljumn.ini

2007-11-28 20:01 . 2007-11-28 20:01 2,112 --a------ C:\WINDOWS\SYSTEM32\xqevmjpp.exe

2007-11-28 17:38 . 2007-11-28 19:49 789,358 ---hs---- C:\WINDOWS\SYSTEM32\ofylnbqt.ini

2007-11-28 17:34 . 2007-11-28 17:34 2,112 --a------ C:\WINDOWS\SYSTEM32\qnaskwqe.exe

2007-11-28 13:42 . 2007-11-28 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-11-28 13:41 . 2007-11-28 13:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-11-28 13:39 . 2007-11-28 15:19 783,175 ---hs---- C:\WINDOWS\SYSTEM32\wipmhjge.ini

2007-11-28 13:30 . 2007-11-28 13:30 2,112 --a------ C:\WINDOWS\SYSTEM32\vehjdthr.exe

2007-11-28 11:52 . 2007-11-28 11:52 2,112 --a------ C:\WINDOWS\SYSTEM32\kuqmtwor.exe

2007-11-28 11:46 . 2007-11-28 11:46 783,859 ---hs---- C:\WINDOWS\SYSTEM32\agvhotjk.ini

2007-11-28 11:29 . 2007-11-28 11:44 783,799 ---hs---- C:\WINDOWS\SYSTEM32\llbgfouh.ini

2007-11-28 11:23 . 2007-11-28 11:23 2,112 --a------ C:\WINDOWS\SYSTEM32\urmhtpby.exe

2007-11-28 11:20 . 2007-11-28 11:21 783,679 ---hs---- C:\WINDOWS\SYSTEM32\volabheb.ini

2007-11-28 10:33 . 2007-11-28 11:15 782,235 ---hs---- C:\WINDOWS\SYSTEM32\ifemfoeu.ini

2007-11-28 10:30 . 2007-11-28 10:30 2,112 --a------ C:\WINDOWS\SYSTEM32\oujnwwue.exe

2007-11-27 20:41 . 2007-11-28 10:30 784,504 ---hs---- C:\WINDOWS\SYSTEM32\frjtupop.ini

2007-11-27 20:32 . 2007-11-27 20:32 2,112 --a------ C:\WINDOWS\SYSTEM32\cqahrcmw.exe

2007-11-26 20:35 . 2007-11-27 20:35 784,245 ---hs---- C:\WINDOWS\SYSTEM32\ufxsomsb.ini

2007-11-26 20:35 . 2007-11-26 20:35 2,112 --a------ C:\WINDOWS\SYSTEM32\iaigtoij.exe

2007-11-26 18:16 . 2007-11-26 18:16 780,275 ---hs---- C:\WINDOWS\SYSTEM32\rposderu.ini

2007-11-26 18:10 . 2007-11-26 18:10 2,112 --a------ C:\WINDOWS\SYSTEM32\fbjwutes.exe

2007-11-25 22:00 . 2007-11-25 22:00 294 ---hs---- C:\WINDOWS\SYSTEM32\mldqxvfr.ini

2007-11-25 21:51 . 2007-11-25 21:51 2,112 --a------ C:\WINDOWS\SYSTEM32\lmxrxccx.exe

2007-11-25 21:18 . 2007-11-25 21:19 775,832 ---hs---- C:\WINDOWS\SYSTEM32\gsrpotub.ini

2007-11-25 21:06 . 2007-11-25 21:06 2,112 --a------ C:\WINDOWS\SYSTEM32\sojumjlm.exe

2007-11-25 20:33 . 2007-11-25 20:53 775,919 ---hs---- C:\WINDOWS\SYSTEM32\opkgmxlt.ini

2007-11-25 20:20 . 2007-11-25 20:20 2,112 --a------ C:\WINDOWS\SYSTEM32\nwnqymsw.exe

2007-11-25 20:15 . 2007-11-25 20:15 775,832 ---hs---- C:\WINDOWS\SYSTEM32\bnsgoktc.ini

2007-11-25 18:10 . 2007-11-25 18:10 294 ---hs---- C:\WINDOWS\SYSTEM32\cpogcmnm.ini

2007-11-25 14:17 . 2007-11-25 17:58 775,928 ---hs---- C:\WINDOWS\SYSTEM32\mpufdrnq.ini

2007-11-25 14:08 . 2007-11-25 14:08 2,112 --a------ C:\WINDOWS\SYSTEM32\eckxhann.exe

2007-11-24 19:07 . 2007-11-25 14:05 776,004 ---hs---- C:\WINDOWS\SYSTEM32\koposjku.ini

2007-11-24 19:04 . 2007-11-24 19:04 2,112 --a------ C:\WINDOWS\SYSTEM32\yynkclpj.exe

2007-11-23 19:08 . 2007-11-24 15:56 775,868 ---hs---- C:\WINDOWS\SYSTEM32\frbqswlc.ini

2007-11-23 18:58 . 2007-11-23 18:58 2,112 --a------ C:\WINDOWS\SYSTEM32\sjoacxcm.exe

2007-11-23 17:34 . 2007-11-23 17:34 2,112 --a------ C:\WINDOWS\SYSTEM32\rwpovlik.exe

2007-11-23 15:48 . 2007-11-23 15:48 773,857 ---hs---- C:\WINDOWS\SYSTEM32\lqmsiufk.ini

2007-11-23 15:46 . 2007-11-23 15:46 2,112 --a------ C:\WINDOWS\SYSTEM32\ljfaxwyu.exe

2007-11-23 15:18 . 2007-11-23 15:18 773,009 ---hs---- C:\WINDOWS\SYSTEM32\tnsnxvlv.ini

2007-11-23 15:05 . 2007-11-23 15:05 2,112 --a------ C:\WINDOWS\SYSTEM32\hrwcqqgy.exe

2007-11-23 14:47 . 2007-11-23 14:47 773,009 ---hs---- C:\WINDOWS\SYSTEM32\gwlamfcy.ini

2007-11-22 21:36 . 2007-11-22 21:36 2,112 --a------ C:\WINDOWS\SYSTEM32\oirhjqcm.exe

2007-11-22 20:13 . 2007-11-22 20:13 738,217 ---hs---- C:\WINDOWS\SYSTEM32\qtqbsewh.ini

2007-11-22 20:07 . 2007-11-22 20:07 2,112 --a------ C:\WINDOWS\SYSTEM32\xjoryovd.exe

2007-11-21 20:07 . 2007-11-22 20:08 802,345 ---hs---- C:\WINDOWS\SYSTEM32\xqmayftb.ini

2007-11-21 20:05 . 2007-11-21 20:05 2,112 --a------ C:\WINDOWS\SYSTEM32\arpyunhr.exe

2007-11-21 19:25 . 2007-11-21 19:25 714,761 ---hs---- C:\WINDOWS\SYSTEM32\yrjrgtmw.ini

2007-11-21 19:07 . 2007-11-27 20:43 230,432 --a------ C:\PA207.DAT

2007-11-21 19:05 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-20 18:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-20 15:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-12 19:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-12 18:40 --------- d-----w C:\Program Files\Yahoo! Games

2007-12-12 09:50 --------- d-----w C:\Program Files\AOL 8.0

2007-12-11 17:08 --------- d-----w C:\Program Files\EA GAMES

2007-11-28 13:43 --------- d-----w C:\Program Files\Lavasoft

2007-11-28 13:43 --------- d-----w C:\Documents and Settings\Paul\Application Data\Lavasoft

2007-11-21 16:33 --------- d-----w C:\Program Files\Java

2007-11-15 10:43 43,520 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll

2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll

2007-10-29 15:01 --------- d-----w C:\Program Files\MetaTrader 4

2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll

2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll

2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll

2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll

2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll

2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll

2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll

2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll

2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll

2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll

2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll

2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll

2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll

2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll

2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll

2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll

2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll

2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll

2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll

2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll

2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll

2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll

2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll

2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll

2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll

2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe

2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe

2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe

2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll

2006-07-29 20:08 32,288 ----a-w C:\Documents and Settings\Paul\Application Data\GDIPFONTCACHEV1.DAT

2006-01-11 18:39 31,208 ----a-w C:\Documents and Settings\Sophie\Application Data\GDIPFONTCACHEV1.DAT

2005-10-21 15:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

 

((((((((((((((((((((((((((((( [email protected]_15.26.24.25 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-12-20 09:19:43 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT

+ 2007-12-20 18:04:29 53,436 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT

- 2007-12-20 09:19:43 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT

+ 2007-12-20 18:04:30 381,692 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C194241C-8BE2-43CF-9F5A-2436E866FD79}]

C:\WINDOWS\system32\vtsqo.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0d8436-386c-4210-b549-4d4a35f0f85f}]

C:\WINDOWS\system32\bgmoirsp.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sonic RecordNow!"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]

"STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 12:25]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-17 15:36]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2007-11-20 20:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47]

"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 10:27]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-12-03 21:01]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 11:12]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-27 20:02]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 10:05]

"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 11:41]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-15 23:18]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" []

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 23:07]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-26 15:42]

"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 19:09:23]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

 

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-14 22:10:04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Paul.job"

- C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exeh/task:

"2007-12-20 00:32:06 C:\WINDOWS\Tasks\Symantec Drmc.job"

- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-20 18:12:23

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-20 18:14:01

C:\ComboFix-quarantined-files.txt ... 2007-08-26 14:07

C:\ComboFix2.txt ... 2007-12-20 15:27

C:\ComboFix3.txt ... 2007-08-26 14:07

.

2007-12-12 03:06:58 --- E O F ---

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:16:24, on 20/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton Password Manager\AcctMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {C194241C-8BE2-43CF-9F5A-2436E866FD79} - C:\WINDOWS\system32\vtsqo.dll (file missing)

O2 - BHO: {f58f0f53-a4d4-945b-0124-c6836348d0ec} - {ce0d8436-386c-4210-b549-4d4a35f0f85f} - C:\WINDOWS\system32\bgmoirsp.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147116639140

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 15947 bytes

Share this post


Link to post
Share on other sites

Hi.Paul

 

Wow ok here is what I would like to do.

 

Please download HoxtXpert.

  1. Unzip HostsXpert.zip
  2. Double click on HostsXpert.exe
  3. Then click on "Restore Original Hosts" to restore your Hosts file to its default condition.
  4. Click on Make Hosts Read Only to secure it against further infection.
  5. Close program when complete.

==============================

 

Then run this online scan show me, results of scan.

 

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

 

==============================

 

Next download and install the ZoneAlarm free fire wall.

 

http://www.zonealarm.com/store/content/com...d=staticcomp_za

 

===============================

 

After you install ZoneAlarm, Do the following.

 

Windows XP SP2 firewall.

 

In Microsoft Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default.

To turn off is much simpler, just perform the following steps...

 

1. Click Start

2. Control Panel

3. Windows Firewall

4. Select "Off (not recommended)"

 

================================

 

Then come back here with the scan results I asked you to do.

 

Gogo :)

Share this post


Link to post
Share on other sites

Hi, everyone, I had Ad-Aware on my computer for ages, then it picked up this vertumond malware from who knows where, my AVG anti virus ran its course, said no threats detected, then i ran Ad Aware, up pops all this virtumonde malware, plus a message from avg saying threat detected with TrojanHorseGeneric9, now this is after I ran my anti virus and it said no threat detected.

I un installed that version SE and downloaded the new ad aware se 2007. Same thing happened.

I have had my computer down to the shop three times, each time they said we have got rid of trojan horse Generic 9 and the virtumonde, so i bring it home, plug it in, run ad aware again, wow, up pops the same thing, again and again. Back I go to the computer shop, tell him to fix, they try again then tell me it keeps coming up again, so i said please take everything off and re load, I'm getting sick of this, which they did. I have not downloaded Ad-Aware again, because I'm worried I will get the same infection again, this is costing me heaps of money to take down to the computer shop.

I have now taken out AVG and installed Avast in the hopes that maybe it will pick up what Ad aware used to.

I really would like to put it back on my computer but I don't want the infections again. ;)

Share this post


Link to post
Share on other sites

Hello.Sandybarone & Welcome

 

Maybe I'm going to be wrong here. But it sounds to me, like your saying that Ad-Aware gave you the Vundo infection. Well if this was so then just about everyone that has come here for help would of had Vundo don't you think this would be the case. All you have to do is go to the Lavasoft download site and I.

 

Ad-Aware is no ordinary anti-spyware, it is the original anti-spyware product, offered to consumers worldwide to protect their personal and home computers from malware attacks. And today, with over a quarter of a billion downloads, computer users put their trust in Ad-Aware more than any other anti-spyware software program.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hi

Sorry about the delay. Thanks for all your help so far. Things are looking good. Another 596 found!!! I can understand Sandybarone's frustrations when you think your doing the right thing and still these pesky viruses get through.

 

Scanning Report

Sunday, December 23, 2007 21:05:55 - 01:16:24

Computer name: TIGGER

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\

 

 

--------------------------------------------------------------------------------

 

Result: 596 malware found

Backdoor.Win32.MSNMaker.an (virus)

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE (Renamed & Submitted)

Email-Worm.Win32.Mydoom.l (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE2BD591A (Renamed & Submitted)

Exploit.HTML.Mht (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5BA77097.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6A630BAC.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\733C2F93.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74317C85.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\748A6A24.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74C45DE4.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74EF7FB5.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\758F0905.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\75C07ECF.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\76772E06.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\76BB1FBA.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\77066567.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\776526FF.HTM (Renamed)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\78192C3A.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\785075FD.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\78B50B8D.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\78E02D5E.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\791E4B1A.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\796C3AC4.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\79C8525F.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\79E22243.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7A02461F.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7A5135C8.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7A9C7B76.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7AEA6B1F.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7B2C32D8.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7B914868.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7C1A2BD1.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7C893F57.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7CCA070F.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7D1C20B5.HTM (Renamed & Submitted)

Exploit.VBS.Phel.a (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\553925F3.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\55CF314D.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\565B3EB3.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\56BD2A47.HTM (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5BC1407A.HTM (Renamed)

IM-Worm.Win32.Agent.p (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031382.EXE (Renamed & Submitted)

IM-Worm.Win32.Agent.z (virus)

C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\GEL.EXE (Renamed & Submitted)

C:\DOCUMENTS AND SETTINGS\PAUL\DESKTOP\OSA.EXE (Renamed & Submitted)

Possible Browser Hijack attempt (spyware)

System (Disinfected)

Trojan-Downloader.JS.Lamdez (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6B9D197D (Renamed & Submitted)

Trojan-Downloader.Win32.Adload.a (virus)

C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\QUARANTINE\2C345F8F.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.ConHook.hl (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031507.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031511.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031515.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031517.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031518.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031519.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031520.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031521.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031523.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031524.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031526.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031527.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031529.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031530.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031532.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031533.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031534.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031537.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031538.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031539.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031541.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031543.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031545.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031546.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031547.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031548.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031549.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031550.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031552.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031555.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031556.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031557.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031558.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031559.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031560.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031563.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031566.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031568.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031569.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031573.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031577.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031578.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031581.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031582.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031583.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031585.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031588.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031589.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031592.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031593.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031598.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031599.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031600.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031602.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031603.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031605.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031607.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031608.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031609.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031610.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031612.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031613.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031615.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031617.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031619.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031620.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031621.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031624.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031625.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031626.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031627.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031631.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031632.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031633.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031635.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031636.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031637.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031638.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031641.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031642.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031643.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031650.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031651.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031653.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031654.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031655.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031656.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031658.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031659.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031661.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031662.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031663.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031664.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031666.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031668.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031669.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031670.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031672.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031674.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031675.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031676.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031677.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031678.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031679.DLL (Renamed & Submitted)

Trojan-Downloader.Win32.Donn.aa (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\326B306F.EXE (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\454F15A5.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Harnig.gen (virus)

C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\QUARANTINEDF61F4E.EXE (Renamed)

Trojan-Downloader.Win32.IstBar.jx (virus)

C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\QUARANTINE\183C4EA8.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Small.kf (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6E437194 (Renamed & Submitted)

Trojan-Dropper.Win32.Delf.cp (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2B4B1578 (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\75AC10C4.EXE (Renamed & Submitted)

Trojan-Dropper.Win32.Small.gx (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINEF633CD9 (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5C946CDA (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5DA05FB3 (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74C44545 (Renamed & Submitted)

Trojan.Java.ClassLoader.d (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\36144F09 (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\74D81E26 (Renamed & Submitted)

Trojan.Java.ClassLoader.h (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINEF39194A (Renamed & Submitted)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2FD377C0 (Renamed & Submitted)

Trojan.Java.ClassLoader.i (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2CDE2AEC (Renamed & Submitted)

Trojan.Java.ClassLoader.k (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\363E7BC1 (Renamed & Submitted)

Trojan.Win32.BHO.om (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033731.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033732.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033733.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033734.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033735.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033736.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033737.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033738.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033739.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033740.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033741.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033742.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033743.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033744.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033745.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033746.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033747.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033748.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033749.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033750.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033751.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033752.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033753.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033754.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033755.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033756.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033757.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033758.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033759.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033760.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033761.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033762.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033763.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033764.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033765.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033766.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033767.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033768.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033769.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033770.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033771.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033772.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033773.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033774.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033775.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033776.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033777.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033778.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033779.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033780.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033781.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033782.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033783.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033784.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033785.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033786.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033787.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033788.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033789.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033790.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033791.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033792.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033793.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033794.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033795.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033796.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033797.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033798.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033799.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033800.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033801.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033802.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033803.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033804.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033805.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033806.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033807.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033808.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033809.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033810.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033811.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033812.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033813.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033814.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033815.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033816.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033817.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033818.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033819.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033820.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033821.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033822.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033823.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033824.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033825.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033826.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033827.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033828.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033829.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033830.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033831.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033832.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033833.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033834.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033835.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033836.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033837.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033838.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033839.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033840.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033841.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033842.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033843.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033844.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033845.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033846.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033847.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033848.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033849.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033850.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033851.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033852.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033853.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033854.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033855.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033856.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033857.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033858.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033859.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033860.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033861.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033862.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033863.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033864.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033865.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033866.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033867.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033868.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033869.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033870.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033871.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033872.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033873.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033874.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033875.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033876.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033877.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033878.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033879.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033880.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033881.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033882.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033883.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033884.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033885.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033886.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033887.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033888.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033889.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033890.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033891.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033892.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033893.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033894.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033895.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033896.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033897.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033898.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033899.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033900.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033901.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033902.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033903.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033904.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033905.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033906.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033907.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033908.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033909.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033910.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033911.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033912.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033913.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033914.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033915.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033916.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033917.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033918.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033919.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033920.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033921.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033922.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033923.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033924.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033925.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033926.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033927.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033928.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033929.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033930.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033931.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033932.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0033933.DLL (Renamed & Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031580.DLL (Renamed & Submitted)

Trojan.Win32.Harnig.a (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\298A3A88 (Renamed & Submitted)

Trojan.Win32.LowZones.dm (virus)

C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\QUARANTINE\4B8114AF.EXE (Renamed & Submitted)

Trojan.Win32.Qhost.wu (virus)

C:\WINDOWS\SYSTEM32\AATCGPIT.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\ARPYUNHR.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\BNPRJLNX.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\CQAHRCMW.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\CROYJOTH.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\ECKXHANN.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\EJWHDMKI.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\FBJWUTES.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\FDOQBSBT.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\GHMFDOQP.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\GLTFBUTA.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\HRWCQQGY.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\IAIGTOIJ.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\IIEKOYJQ.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\JGWROEXQ.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\KEQPHLQA.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\KPEEHUGX.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\KSHVTYHS.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\KUMIYLTQ.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\KUQMTWOR.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\LJFAXWYU.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\LMXRXCCX.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\LWDUQDKI.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\MVJRRCHO.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\NWNQYMSW.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\OIRHJQCM.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\OUJNWWUE.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\QNASKWQE.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\RWPOVLIK.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\SJOACXCM.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\SOJUMJLM.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\SPDAORRC.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\TTAUPIOR.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\TUVYMSCJ.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\URMHTPBY.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\VEHJDTHR.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\WCWEJUYE.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\WTWUNMSR.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\XJORYOVD.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\XPYYQXYU.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\XQEVMJPP.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\XTYWQBRF.EXE (Renamed & Submitted)

C:\WINDOWS\SYSTEM32\YYNKCLPJ.EXE (Renamed & Submitted)

Trojan.Win32.StartPage.aq (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\67A7411D (Renamed & Submitted)

Trojan.Win32.StartPage.ho (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1A6800B3 (Renamed & Submitted)

Vundo.gen38 (virus)

C:\WINDOWS\SYSTEM32\BBOFGJUL.INI (Submitted)

C:\WINDOWS\SYSTEM32\BMQMVKTL.INI (Submitted)

C:\WINDOWS\SYSTEM32\BRVFDTDT.INI

C:\WINDOWS\SYSTEM32\CUVDNIGR.INI (Submitted)

C:\WINDOWS\SYSTEM32\DESDIRQI.INI (Submitted)

C:\WINDOWS\SYSTEM32\DORBRIPT.INI (Submitted)

C:\WINDOWS\SYSTEM32\DQFRMGAX.INI (Submitted)

C:\WINDOWS\SYSTEM32\DSPXHAYF.INI (Submitted)

C:\WINDOWS\SYSTEM32\EXUDODAL.INI (Submitted)

C:\WINDOWS\SYSTEM32\FCPELWGT.INI (Submitted)

C:\WINDOWS\SYSTEM32\FMDOQAMY.INI (Submitted)

C:\WINDOWS\SYSTEM32\FRBQSWLC.INI (Submitted)

C:\WINDOWS\SYSTEM32\FUURANFX.INI (Submitted)

C:\WINDOWS\SYSTEM32\GNWPKTDY.INI (Submitted)

C:\WINDOWS\SYSTEM32\GVUAHLKW.INI (Submitted)

C:\WINDOWS\SYSTEM32\GWLAMFCY.INI (Submitted)

C:\WINDOWS\SYSTEM32\GXCOFAHP.INI

C:\WINDOWS\SYSTEM32\HXHXIRYI.INI (Submitted)

C:\WINDOWS\SYSTEM32\ICRJCAFE.INI (Submitted)

C:\WINDOWS\SYSTEM32\IKDRJIWE.INI (Submitted)

C:\WINDOWS\SYSTEM32\JBAWKUWM.INI (Submitted)

C:\WINDOWS\SYSTEM32\JFTFCMGG.INI (Submitted)

C:\WINDOWS\SYSTEM32\JJILWGIP.INI (Submitted)

C:\WINDOWS\SYSTEM32\JVAWEMJA.INI (Submitted)

C:\WINDOWS\SYSTEM32\JXBFSTCU.INI

C:\WINDOWS\SYSTEM32\KGUUABWB.INI (Submitted)

C:\WINDOWS\SYSTEM32\KJLRIKGH.INI (Submitted)

C:\WINDOWS\SYSTEM32\KURNVVKV.INI (Submitted)

C:\WINDOWS\SYSTEM32\LCVMCDJC.INI (Submitted)

C:\WINDOWS\SYSTEM32\LNDHUAUM.INI (Submitted)

C:\WINDOWS\SYSTEM32\LPJAANDU.INI (Submitted)

C:\WINDOWS\SYSTEM32\LQMSIUFK.INI (Submitted)

C:\WINDOWS\SYSTEM32\LUSPPAXE.INI (Submitted)

C:\WINDOWS\SYSTEM32\MPUFDRNQ.INI (Submitted)

C:\WINDOWS\SYSTEM32\NFTIRJOU.INI (Submitted)

C:\WINDOWS\SYSTEM32\OPKGMXLT.INI (Submitted)

C:\WINDOWS\SYSTEM32\OSFJUEHE.INI (Submitted)

C:\WINDOWS\SYSTEM32\OWQEJGXX.INI (Submitted)

C:\WINDOWS\SYSTEM32\PGUJRPYI.INI (Submitted)

C:\WINDOWS\SYSTEM32\QEIDRFHQ.INI (Submitted)

C:\WINDOWS\SYSTEM32\QOIKAXSI.INI (Submitted)

C:\WINDOWS\SYSTEM32\QSOXNKTG.INI (Submitted)

C:\WINDOWS\SYSTEM32\QYONDJTJ.INI (Submitted)

C:\WINDOWS\SYSTEM32\RLWWVWAR.INI (Submitted)

C:\WINDOWS\SYSTEM32\SSLONQBH.INI (Submitted)

C:\WINDOWS\SYSTEM32\STELMBGW.INI (Submitted)

C:\WINDOWS\SYSTEM32\TNSNXVLV.INI (Submitted)

C:\WINDOWS\SYSTEM32\VASHLJQI.INI (Submitted)

C:\WINDOWS\SYSTEM32\VFLYADLS.INI (Submitted)

C:\WINDOWS\SYSTEM32\VHHSSEEL.INI (Submitted)

C:\WINDOWS\SYSTEM32\VWQQNCWS.INI (Submitted)

C:\WINDOWS\SYSTEM32\YCPVTDPI.INI (Submitted)

C:\WINDOWS\SYSTEM32\YCSXPMRN.INI (Submitted)

C:\WINDOWS\SYSTEM32\YEHYFHVO.INI (Submitted)

C:\WINDOWS\SYSTEM32\YSQCYSAG.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031278.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031297.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP559\A0030763.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0030698.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP556\A0030695.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP555\A0030690.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP546\A0030379.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0030296.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0030254.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0028981.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP520\A0028822.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP519\A0028814.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0028601.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP489\A0026372.INI (Submitted)

Vundo.gen39 (virus)

C:\WINDOWS\SYSTEM32\CDXDKHHH.INI (Submitted)

C:\WINDOWS\SYSTEM32\DHWOSMQP.INI (Submitted)

C:\WINDOWS\SYSTEM32\DTFUWALC.INI (Submitted)

C:\WINDOWS\SYSTEM32\EIJVMQMX.INI (Submitted)

C:\WINDOWS\SYSTEM32\HGQMOEJO.INI (Submitted)

C:\WINDOWS\SYSTEM32\LBRLDWTC.INI (Submitted)

C:\WINDOWS\SYSTEM32\OFBMUAPB.INI (Submitted)

C:\WINDOWS\SYSTEM32\OISVLBDA.INI (Submitted)

C:\WINDOWS\SYSTEM32\TIYKSQSI.INI (Submitted)

C:\WINDOWS\SYSTEM32\WKGTPEUY.INI (Submitted)

C:\WINDOWS\SYSTEM32\WPTWQDWV.INI (Submitted)

C:\WINDOWS\SYSTEM32\XEGKCFNS.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031349.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031369.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0028637.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0028631.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP503\A0028622.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0028454.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP494\A0028359.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP492\A0027358.INI (Submitted)

Vundo.gen41 (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031667.DLL (Submitted)

Vundo.gen45 (virus)

C:\WINDOWS\SYSTEM32\CPHQKXSX.INI (Submitted)

C:\WINDOWS\SYSTEM32\HCSKLQML.INI (Submitted)

C:\WINDOWS\SYSTEM32\LJSJVRJA.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\A0028644.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\A0028641.INI (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP492\A0028342.INI (Submitted)

W32/Vundo.AG (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031565.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031611.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031657.DLL (Submitted)

W32/Vundo.dam (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031508.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031513.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031514.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031525.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031528.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031531.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031535.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031536.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031540.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031551.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031553.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031554.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031562.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031567.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031572.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031574.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031575.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031576.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031579.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031584.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031586.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031587.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031590.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031591.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031595.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031596.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031597.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031601.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031604.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031606.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031616.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031622.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031623.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031628.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031629.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031630.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031634.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031639.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031640.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031645.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031646.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031647.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031648.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031649.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031660.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031665.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031680.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0031689.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031433.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031434.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031435.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031463.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031485.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0031486.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031341.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0031342.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031222.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031290.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031311.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP566\A0031312.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0030871.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0030872.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0030873.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030778.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030779.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030780.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030781.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0030782.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0030717.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP557\A0030718.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030642.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030643.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030644.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030645.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030646.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0030647.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP549\A0030576.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0030527.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0030529.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0030530.DLL (Submitted)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0030531.DLL (Submitted)

 

--------------------------------------------------------------------------------

 

Statistics

Scanned:

Files: 58398

System: 5560

Not scanned: 8

Actions:

Disinfected: 1

Renamed: 415

Deleted: 0

None: 180

Submitted: 589

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{53151994-4BFB-4F91-8211-8BADA696D9D6}.BIN

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSYS.DLL

C:\DOCUMENTS AND SETTINGS\PAUL\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\OUTLOOK.PST

C:\DOCUMENTS AND SETTINGS\PAUL\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBDAM

 

--------------------------------------------------------------------------------

 

Options

Scanning engines:

F-Secure Libra: 2.4.2, 2007-12-20

F-Secure AVP: 7.0.171, 2007-12-23

F-Secure Orion: 1.2.37, 2007-12-21

F-Secure Blacklight: 1.0.64

F-Secure Draco: 1.0.35, 0600-150-72

F-Secure Pegasus: 1.19.0, 2007-11-18

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXSWF

Use Advanced heuristics

 

--------------------------------------------------------------------------------

 

Copyright © 1998-2006 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Share this post


Link to post
Share on other sites

Hi.pahurley

 

First till me, you installed the FireWall I asked you to. You need to get it installed the windows FireWall is just not doing it for you. Just look at this log-file. Now let's try and get some of this all cleaned up for you.

 

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\<--- Clean out this folder

 

NOTE: The other files are in your System Restore Folder it's safe to let them be for now.

 

====================================

 

 

Now download The Avenger

by Swandog46, and save it to your Desktop.

 

Extract avenger.exe from the Zip file and save it to your desktop

Run avenger.exe by double-clicking on it.

Check the 'Input script manually' box.

Click on the magnifying glass icon.

Copy everything in the Quote box below, and paste it in the box that opens:

 

Files to delete:

C:\WINDOWS\SYSTEM32\BBOFGJUL.INI

C:\WINDOWS\SYSTEM32\BMQMVKTL.INI

C:\WINDOWS\SYSTEM32\BRVFDTDT.INI

C:\WINDOWS\SYSTEM32\CUVDNIGR.INI

C:\WINDOWS\SYSTEM32\DESDIRQI.INI

C:\WINDOWS\SYSTEM32\DORBRIPT.INI

C:\WINDOWS\SYSTEM32\DQFRMGAX.INI

C:\WINDOWS\SYSTEM32\DSPXHAYF.INI

C:\WINDOWS\SYSTEM32\EXUDODAL.INI

C:\WINDOWS\SYSTEM32\FCPELWGT.INI

C:\WINDOWS\SYSTEM32\FMDOQAMY.INI

C:\WINDOWS\SYSTEM32\FRBQSWLC.INI

C:\WINDOWS\SYSTEM32\FUURANFX.INI

C:\WINDOWS\SYSTEM32\GNWPKTDY.INI

C:\WINDOWS\SYSTEM32\GVUAHLKW.INI

C:\WINDOWS\SYSTEM32\GWLAMFCY.INI

C:\WINDOWS\SYSTEM32\GXCOFAHP.INI

C:\WINDOWS\SYSTEM32\HXHXIRYI.INI

C:\WINDOWS\SYSTEM32\ICRJCAFE.INI

C:\WINDOWS\SYSTEM32\IKDRJIWE.INI

C:\WINDOWS\SYSTEM32\JBAWKUWM.INI

C:\WINDOWS\SYSTEM32\JFTFCMGG.INI

C:\WINDOWS\SYSTEM32\JJILWGIP.INI

C:\WINDOWS\SYSTEM32\JVAWEMJA.INI

C:\WINDOWS\SYSTEM32\JXBFSTCU.INI

C:\WINDOWS\SYSTEM32\KGUUABWB.INI

C:\WINDOWS\SYSTEM32\KJLRIKGH.INI

C:\WINDOWS\SYSTEM32\KURNVVKV.INI

C:\WINDOWS\SYSTEM32\LCVMCDJC.INI

C:\WINDOWS\SYSTEM32\LNDHUAUM.INI

C:\WINDOWS\SYSTEM32\LPJAANDU.INI

C:\WINDOWS\SYSTEM32\LQMSIUFK.INI

C:\WINDOWS\SYSTEM32\LUSPPAXE.INI

C:\WINDOWS\SYSTEM32\MPUFDRNQ.INI

C:\WINDOWS\SYSTEM32\NFTIRJOU.INI

C:\WINDOWS\SYSTEM32\OPKGMXLT.INI

C:\WINDOWS\SYSTEM32\OSFJUEHE.INI

C:\WINDOWS\SYSTEM32\OWQEJGXX.INI

C:\WINDOWS\SYSTEM32\PGUJRPYI.INI

C:\WINDOWS\SYSTEM32\QEIDRFHQ.INI

C:\WINDOWS\SYSTEM32\QOIKAXSI.INI

C:\WINDOWS\SYSTEM32\QSOXNKTG.INI

C:\WINDOWS\SYSTEM32\QYONDJTJ.INI

C:\WINDOWS\SYSTEM32\RLWWVWAR.INI

C:\WINDOWS\SYSTEM32\SSLONQBH.INI

C:\WINDOWS\SYSTEM32\STELMBGW.INI

C:\WINDOWS\SYSTEM32\TNSNXVLV.INI

C:\WINDOWS\SYSTEM32\VASHLJQI.INI

C:\WINDOWS\SYSTEM32\VFLYADLS.INI

C:\WINDOWS\SYSTEM32\VHHSSEEL.INI

C:\WINDOWS\SYSTEM32\VWQQNCWS.INI

C:\WINDOWS\SYSTEM32\YCPVTDPI.INI

C:\WINDOWS\SYSTEM32\YCSXPMRN.INI

C:\WINDOWS\SYSTEM32\YEHYFHVO.INI

C:\WINDOWS\SYSTEM32\YSQCYSAG.INI

C:\WINDOWS\SYSTEM32\CDXDKHHH.INI

C:\WINDOWS\SYSTEM32\DHWOSMQP.INI

C:\WINDOWS\SYSTEM32\DTFUWALC.INI

C:\WINDOWS\SYSTEM32\EIJVMQMX.INI

C:\WINDOWS\SYSTEM32\HGQMOEJO.INI

C:\WINDOWS\SYSTEM32\LBRLDWTC.INI

C:\WINDOWS\SYSTEM32\OFBMUAPB.INI

C:\WINDOWS\SYSTEM32\OISVLBDA.INI

C:\WINDOWS\SYSTEM32\TIYKSQSI.INI

C:\WINDOWS\SYSTEM32\WKGTPEUY.INI

C:\WINDOWS\SYSTEM32\WPTWQDWV.INI

C:\WINDOWS\SYSTEM32\XEGKCFNS.INI

C:\WINDOWS\SYSTEM32\CPHQKXSX.INI

C:\WINDOWS\SYSTEM32\HCSKLQML.INI

C:\WINDOWS\SYSTEM32\LJSJVRJA.INI

 

Now click the 'Done' button.

Click on the traffic light icon and OK the prompt.

You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.

A log file from Avenger will be produced at C:\avenger.txt

 

==========================

 

Please get this done for now. There will be more to get to.

 

Gogo :(

Share this post


Link to post
Share on other sites

Merry Christmas to you and all the team. You all do a fantastic job. yes i've installed the firewall and it seems to be running well.

I've done what you said so far. Thanks again.

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\mkkxalka

 

*******************

 

Script file located at: \??\C:\Program Files\gdwmaoby.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\SYSTEM32\BBOFGJUL.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\BMQMVKTL.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\BRVFDTDT.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\CUVDNIGR.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\DESDIRQI.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\DORBRIPT.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\DQFRMGAX.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\DSPXHAYF.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\EXUDODAL.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\FCPELWGT.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\FMDOQAMY.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\FRBQSWLC.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\FUURANFX.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\GNWPKTDY.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\GVUAHLKW.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\GWLAMFCY.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\GXCOFAHP.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\HXHXIRYI.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\ICRJCAFE.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\IKDRJIWE.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\JBAWKUWM.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\JFTFCMGG.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\JJILWGIP.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\JVAWEMJA.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\JXBFSTCU.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\KGUUABWB.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\KJLRIKGH.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\KURNVVKV.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\LCVMCDJC.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\LNDHUAUM.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\LPJAANDU.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\LQMSIUFK.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\LUSPPAXE.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\MPUFDRNQ.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\NFTIRJOU.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\OPKGMXLT.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\OSFJUEHE.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\OWQEJGXX.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\PGUJRPYI.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\QEIDRFHQ.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\QOIKAXSI.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\QSOXNKTG.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\QYONDJTJ.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\RLWWVWAR.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\SSLONQBH.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\STELMBGW.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\TNSNXVLV.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\VASHLJQI.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\VFLYADLS.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\VHHSSEEL.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\VWQQNCWS.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\YCPVTDPI.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\YCSXPMRN.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\YEHYFHVO.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\YSQCYSAG.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\CDXDKHHH.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\DHWOSMQP.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\DTFUWALC.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\EIJVMQMX.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\HGQMOEJO.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\LBRLDWTC.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\OFBMUAPB.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\OISVLBDA.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\TIYKSQSI.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\WKGTPEUY.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\WPTWQDWV.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\XEGKCFNS.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\CPHQKXSX.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\HCSKLQML.INI deleted successfully.

File C:\WINDOWS\SYSTEM32\LJSJVRJA.INI deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

Share this post


Link to post
Share on other sites

Hey.pahurley

 

I'm so sorry to everyone who has looked to me, for help with there logs, I've been at it for days, and the PC is just going nut's on me, this why I have not gotten back to you on this. I'm working on getting one of my brothers to let me, use one of there's but you know how that is going. It looks like I maybe getting the new laptop sooner then I was looking for.

 

Next

 

Did you get a chance to clean out this folder C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\<---Here if no may I ask that you get this done so I may try to get you clean on this one.

 

Gogo :angry:

Share this post


Link to post
Share on other sites
Sign in to follow this