Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Red X in front of C: Drive

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Red X in front of C: Drive

Unread postby mickd3 » February 18th, 2008, 12:22 pm

I had an error message:
Your System Could Become Unstable
A Potential Problem Has Been Detected And Windows Has been Shut Down
Buggy Application To Prevent Damage To Your Computer
WXYZ.Sys - Address F73120AE Base at C00000
DateStamp 36b072A3
Kernal Debugger Using Com2 (Port 0x28f, Baud rate 192000)
and
A Red X In Front of the C: Drive

after running the spyware and virus scans the error message has gone away but the
Red X is still there.
Is the virus still present on my system?
Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:37 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\DeskSweeper\DeskSweeper.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.isp.com/members/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {232D2677-68EE-4FA1-B988-279EBC8969ED} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\mljkkli.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tqcwotww.dll (file missing)
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O2 - BHO: {4ff78a36-1200-e85b-6664-6d2f0eb20efd} - {dfe02be0-f2d6-4666-b58e-002163a87ff4} - C:\WINDOWS\system32\ewenlmub.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: (no name) - {F20CEF7E-299E-43E2-ABC8-215DA75EC9FB} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {F2B7677C-EC71-4A42-B51E-9ECBF79EFFC3} - C:\WINDOWS\system32\mllmk.dll (file missing)
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\DOCUME~1\Owner\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [40408b53] rundll32.exe "C:\WINDOWS\system32\nadiawah.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Desktop Cycler Changer] C:\Program Files\Desktop Cycler\Changer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: HP Organize.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'Default user')
O4 - .DEFAULT User Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'Default user')
O4 - Startup: DeskSweeper.lnk = C:\Program Files\DeskSweeper\DeskSweeper.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Web Chrono Desktop.lnk = ?
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add to AD Black List - C:\MICHAE~1\other\browsers\AVANTB~1\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\MICHAE~1\other\browsers\AVANTB~1\AddAllToADBlackList.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\MICHAE~1\other\browsers\AVANTB~1\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\MICHAE~1\other\browsers\AVANTB~1\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\MICHAE~1\other\browsers\AVANTB~1\OpenInNewBrowser.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Search - C:\MICHAE~1\other\browsers\AVANTB~1\Search.htm
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\wx.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\wx.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3249008340
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/in ... ction3.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: jkkhecd - jkkhecd.dll (file missing)
O20 - Winlogon Notify: mljkkli - mljkkli.dll (file missing)
O20 - Winlogon Notify: tqcwotww - tqcwotww.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 16397 bytes
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm
Advertisement
Register to Remove

Re: Red X in front of C: Drive

Unread postby Katana » February 22nd, 2008, 9:03 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

----------------------------------------------------------------------------------------

If you still require help please post a fresh HJT log


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 22nd, 2008, 2:33 pm

Here's the list of installed programs. Thanks for taking a look at this!

3D Spooky Halloween Screensaver 1.0
3DSS - Free Cyber Fire v1.0 (remove only)
3Planesoft Screensaver Manager 1.1
7art Abstract Patterns ScreenSaver
Abacast Client
AbiWord 2.4.5 (remove only)
AbiWord's Tools Plugins (remove only)
Abstract Dance Screensaver v1.0
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Agere Systems PCI Soft Modem
Alarm Clock 1.00
Album Art Screensaver
Allahv3
Amazing Flowers 2
Amazon MP3 Downloader 1.0.0+6
Anvil Studio
ANWR Screen Saver
AoADVDCreator
AP Tuner 3.06
Apple Mobile Device Support
Apple Software Update
ART08_2005_donrelyea ScreenSaver
ASIS Backup 2.4
a-squared Free 3.1
Assorted Screensaver version 2.2
Asteroid_Base_Music ScreenSaver
Audacity 1.2.4
AudioStreamer
Autumn in the Glen Screen Saver
Autumn Trails Screen Saver
Avant Browser (remove only)
AVG 7.5
AVS Disc Creator version 2.1
Awakening Screensaver
Azureus
BearShare
BitDefender 8 Standard
BitTorrent 5.0.9
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blaze Media Pro
Blue Abstract
Bounce Symphony from Hewlett-Packard Desktops (remove only)
browsers
Burn My Files
BurnOn CD&DVD, Version 3.1.0 ( Build 2007-4-2, Win32, )
BZFlag 2.0.10 (remove only)
BZFlag 2.0.8 (remove only)
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Chivas Screensaver
ChristmasEveningSS
Cities
Clipboard Help+Spell 1.11.01
Clock Screen Saver
CloneDVD Trial 3.0.2.5
Clouds
Codec Pack - All In 1 6.0.2.7
CoffeeCup Free FTP
Collector's Gateway -(Yu gi OH) 1.2.0
Color Spiral Screensaver
Comodo Backup
Comparisonics Audio Player
Complete CD & DVD Writer
concept/design Hit-Recorder 2
CounterSpy
Crystal Maze from Hewlett-Packard Desktops (remove only)
Dark Blue
Dawn of War - Dark Crusade
dBpowerAMP
Deep Jungle Screen Saver
Deluxe Menu
DiscJuggler
Dragon-Fly Screensaver
DVD Flick
DXM 1200 Screen Saver
Ease Audio Converter 4.70
Easy Internet Sign-up
Easy Radio 1.3
ElectricSheep 2.6.6
eMusic Remote 1.0.0.2
Enigma Browser (remove only)
EPSON EPIC C84
EPSON Printer Software
e-Sword
Express Burn
Express Rip
Eye of the Storm Screen Saver version 2.3
FeedReader
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
Flock 0.7
Flower Effects
flowers ScreenSaver
flowers_stars_music ScreenSaver
foobar2000 v0.9.4.5
Foxit Reader
Free Abstractions Screensaver 1.0
Free Clock Installer
FREE Hi-Q Recorder 1.92
Free Mp3 Wma Converter V 1.6.3
Free Xmas Screensaver 1.0
FreeNature.net 01092004
FrostWire 4.13.1.6 BETA
Game Maker 6.1
Game Maker 7.0
GCH Guitar academy
Geiss2 for Winamp 2x (remove only)
GetASFStream
GetRight
Gothic Afternoon
GotRadio Player
GrabIt 1.6.2 Beta (build 940)
Gradient Screensaver version 2.1
Graphics Depot Wallpaper - 800 x 600 Earth
Greetings Workshop
Guitar-Online Tools - Tuner, version 2.0
Halloween 99 Desktop Theme 2.0
Hamachi 0.9.9.9
Happy Holidays
Happy Holidays 2001 Screen Saver
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hometown MorningTheme
Horsing Around Demo
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Image for Windows 1.70
Images of the Blue Mountains - Australia
Impressionist Paintings Screen Saver
Infra Recorder
Inno Logo Personal 1.1
IntelliMover Data Transfer Demo
InternetPlayer
InterVideo WinDVD Player
Ireland Screen Saver
IrfanView (remove only)
IRT 2.0
iTunes
iViVo IVIVO media player 1.6.0a
IZArc 3.81
J2SE Runtime Environment 5.0 Update 11
Jane's Screensaver
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_03
Java Web Start
Java(TM) SE Runtime Environment 6 Update 1
John's Background Switcher 3.3
Juice 2.2
Kagaya Screen Saver
KBD
Keeper Of The Sea Saver
Lantern 3D Screensaver 1.0
Leafy GreenWinamp Skin
LeechGet 2006 Version 2.0
Legend Of Zelda Theme v2.0
LightningStormTheme
LimeWire 4.12.11
LiveUpdate 2.6 (Symantec Corporation)
LOTR Return of the King V1 Screen Saver
Lyra Personal Audio Player (RD1021/1071/1075)
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic Mandala Screen Saver
MapleTheme
Marine Invert Screen Saver
Maya Paint Effects Screen Saver
Medieval CUE Splitter
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Works 7.0
mIRC
Monkey's Audio
Moolah! The 3D Money Screen Saver v3.0 Trial Version
Mozilla Firefox (2.0.0.12)
Mozilla Sunbird (0.3.1)
Mozilla Thunderbird (2.0.0.9)
MPlayer
MS Access 97 SP2
MSN Messenger 7.5
MSN Toolbar
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Museum of Newart
Musicmatch® Jukebox
Musicnotes Player V1.22.3
nano_screensaver
NetChess
Netscape (7.2)
Night Vision Riflescopes
Nimiq
Nintendo Wi-Fi USB Connector Registration Tool
NoteTab Light (Remove only)
Online Radio Tuner Standard Edition
OpenOffice.org 2.0
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
PE Explorer 1.97
Pegtop Smoodoo
PerfectDisk
Phoenix Converter
Phota Screensaver 3.7
Photosmart 140,240,7200,7600,7700,7900 Series
PixelToolbox 1.1
Pixia
Plato Audio Recorder
Player
Polar Bowler from Hewlett-Packard Desktops (remove only)
POP Peeper
Preview AdService
PS2
Psychedelix
Python 2.2 combined Win32 extensions
Python 2.2.1
Quebec Theme
Quicken 2004
QuickPeek v1.00
QuickTime
Quintessential CD
Quintessential Player
radiojazz Toolbar
Radiotracker 3.0.0.34
Random Number Generator Pro
RealPlayer
RecordNow!
Relaxing Blue Screensaver
Resource Hunter 1.32
Restless Spirit
Reuters Desktop Ticker v 2.00
RollerCoaster Tycoon Deluxe
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Safe-Share
Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die!
Saturn 3D Space Tour screensaver v1.0
Scott's Nixie Tube Clock v 1.1
ScreenSaver Druid
Search Settings
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shoker
SimCity 3000
SimCity 3000 Unlimited
Slyder from Hewlett-Packard Desktops (remove only)
Small World 2000 Screen Saver
Small World 2001 Screen Saver
Small World 2002 Screen Saver
Small World 2003 Screen Saver
Small World 2004 Screen Saver
Small World 2005 Screen Saver
Small World 2006 Screen Saver
snowing
Songbird 0.1 (Win32)
Sonic Update Manager
SoundTaxi 1.2.0
SplashTheme
Spybot - Search & Destroy
Star Defender
Stardust Screen Saver Control 2003 (3.0.0.66)
StationRipper 2.80b
Stellarium 0.9.0
StepMania (remove only)
Stoney Creek MillTheme
Streamripper Plugin 1.61.26 (Remove only)
StuffIt Expander
StumbleUpon IE Toolbar
Switch
SyncBack
System Requirements Lab
The Darklings Pet Theme
The Drawing Board v2 Beta
The Weather Channel
Theme Manager
Themerboy Allah
Themerboy Blood
Thendows
ThomasKinkadeTheme
Tibet Travel Screensaver
Toolkit View(HP)
Tradewinds from Hewlett-Packard Desktops (remove only)
turkeys
Tweak UI
Ulead PhotoImpact 4.0
Unix Utilities for Yahoo! Widgets
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Updates from HP
URL Snooper v2.14.02
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.6a
vipers screen saver
Visual Overseer
Vopt 8.18
WavePad Uninstall
Web Chrono Desktop
Web Studio 4.0
WellGet
WildTangent GameChannel (remove only)
Winamp
Winamp Remote
Winamp Toolbar
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Recorder
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1
WinRAR archiver
WM Recorder + RM Recorder 10.21
WM Recorder 11.0
Wolf Screen Saver
Word Symphony from Hewlett-Packard Desktops (remove only)
Xfire (remove only)
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar
Yahoo! Widgets
Yugioh Virtual Desktop
Yu-Gi-Oh! ONLINE
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 22nd, 2008, 4:24 pm

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 22nd, 2008, 6:46 pm

Should I install the Windows XP Recovery Console right now or wait till later?
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 22nd, 2008, 7:02 pm

mickd3 wrote:Should I install the Windows XP Recovery Console right now or wait till later?


It is safer to install it now :)
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 22nd, 2008, 8:31 pm

Here are the combofix and hijackthis logs:

ComboFix
ComboFix 08-02-23 - Owner 2008-02-23 16:48:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.66 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aewlkqwm.ini
C:\WINDOWS\system32\akxqfopj.dllbox
C:\WINDOWS\system32\atlvbhfe.ini
C:\WINDOWS\system32\ayhxyytw.ini
C:\WINDOWS\system32\blrtvxwg.ini
C:\WINDOWS\system32\bltdpdiv.ini
C:\WINDOWS\system32\bncfconm.ini
C:\WINDOWS\system32\bqlivexy.ini
C:\WINDOWS\system32\brktbahu.ini
C:\WINDOWS\system32\bvwqrqfm.ini
C:\WINDOWS\system32\cayubcrn.ini
C:\WINDOWS\system32\corehqdw.ini
C:\WINDOWS\system32\corkweko.ini
C:\WINDOWS\system32\cvbrxpec.ini
C:\WINDOWS\system32\dbloxyyw.ini
C:\WINDOWS\system32\dbqmxcvj.ini
C:\WINDOWS\system32\ddwgiqlw.ini
C:\WINDOWS\system32\dfaugwca.ini
C:\WINDOWS\system32\dnkvxmoi.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drubjaat.ini
C:\WINDOWS\system32\dsfhusiu.ini
C:\WINDOWS\system32\dstcmwyj.ini
C:\WINDOWS\system32\ecdmmdyx.ini
C:\WINDOWS\system32\epobsiwp.ini
C:\WINDOWS\system32\etuccjqw.ini
C:\WINDOWS\system32\ewvgfdhv.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\fbcknysx.dllbox
C:\WINDOWS\system32\fcqnenhb.ini
C:\WINDOWS\system32\fpkfnkvr.ini
C:\WINDOWS\system32\fuvhuouc.ini
C:\WINDOWS\system32\fwewllcw.ini
C:\WINDOWS\system32\gddflbso.ini
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\gjllm.ini2
C:\WINDOWS\system32\gjllm.tmp
C:\WINDOWS\system32\glsebwyp.dllbox
C:\WINDOWS\system32\gojikowd.ini
C:\WINDOWS\system32\govqshwj.ini
C:\WINDOWS\system32\gqbnhogm.ini
C:\WINDOWS\system32\gtxgilyy.ini
C:\WINDOWS\system32\gvwrgblx.ini
C:\WINDOWS\system32\hawaidan.ini
C:\WINDOWS\system32\hjydhmvp.ini
C:\WINDOWS\system32\hmfnskcq.ini
C:\WINDOWS\system32\hoswpqql.ini
C:\WINDOWS\system32\hrgtqrvs.ini
C:\WINDOWS\system32\hxrgkomp.ini
C:\WINDOWS\system32\iayacoil.ini
C:\WINDOWS\system32\imdosnpk.ini
C:\WINDOWS\system32\imyheeps.ini
C:\WINDOWS\system32\jawioeiv.ini
C:\WINDOWS\system32\jcddyysa.ini
C:\WINDOWS\system32\jeqqaxll.ini
C:\WINDOWS\system32\jgbrrfxi.ini
C:\WINDOWS\system32\jgdnyrvo.ini
C:\WINDOWS\system32\jsalynio.ini
C:\WINDOWS\system32\jsvpbmus.ini
C:\WINDOWS\system32\jxjluibs.ini
C:\WINDOWS\system32\kdqqgtos.ini
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\krqpgvjh.ini
C:\WINDOWS\system32\lalctsyy.ini
C:\WINDOWS\system32\ldowyobr.ini
C:\WINDOWS\system32\lilffcun.ini
C:\WINDOWS\system32\lklxcjqf.ini
C:\WINDOWS\system32\lncpnmvx.ini
C:\WINDOWS\system32\lnfbalvv.ini
C:\WINDOWS\system32\lqciigvf.ini
C:\WINDOWS\system32\lrbjfvdo.ini
C:\WINDOWS\system32\ltrfopbx.ini
C:\WINDOWS\system32\luiwthrm.ini
C:\WINDOWS\system32\luwedbbu.ini
C:\WINDOWS\system32\mayiihkc.ini
C:\WINDOWS\system32\mjaorpum.ini
C:\WINDOWS\system32\nfefvrtn.ini
C:\WINDOWS\system32\njlmllbu.ini
C:\WINDOWS\system32\nnflyjnu.ini
C:\WINDOWS\system32\npbobdne.ini
C:\WINDOWS\system32\oiuhfdeg.ini
C:\WINDOWS\system32\omgtejkc.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\poxuumaq.ini
C:\WINDOWS\system32\pqlcmuvb.ini
C:\WINDOWS\system32\pqwxiety.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\pxiwuwix.ini
C:\WINDOWS\system32\pymjsxug.ini
C:\WINDOWS\system32\qbkbatwu.ini
C:\WINDOWS\system32\qcgxfwxj.ini
C:\WINDOWS\system32\qcujkoxb.ini
C:\WINDOWS\system32\qhlvegol.ini
C:\WINDOWS\system32\qhuqnjpp.ini
C:\WINDOWS\system32\qmrjdofo.ini
C:\WINDOWS\system32\rcunakev.ini
C:\WINDOWS\system32\rcvhyohs.ini
C:\WINDOWS\system32\roltpfrr.ini
C:\WINDOWS\system32\rqgsybya.ini
C:\WINDOWS\system32\rrartmkc.ini
C:\WINDOWS\system32\rtaerujq.ini
C:\WINDOWS\system32\rtmfbxvm.ini
C:\WINDOWS\system32\ruqxanrw.ini
C:\WINDOWS\system32\rysvuwhc.ini
C:\WINDOWS\system32\slueuwqk.ini
C:\WINDOWS\system32\sucspsjg.ini
C:\WINDOWS\system32\thjfmdgr.ini
C:\WINDOWS\system32\tqcwotww.dllbox
C:\WINDOWS\system32\trgmdsow.ini
C:\WINDOWS\system32\tukygbhy.ini
C:\WINDOWS\system32\twcmumhy.ini
C:\WINDOWS\system32\twoqynnd.ini
C:\WINDOWS\system32\uahsxbhe.ini
C:\WINDOWS\system32\umsjenyf.ini
C:\WINDOWS\system32\uvhnmyfr.ini
C:\WINDOWS\system32\vbiwtuit.ini
C:\WINDOWS\system32\vjcchdmv.ini
C:\WINDOWS\system32\vvndxdkh.ini
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wfrqzufd.dllbox
C:\WINDOWS\system32\wfsgvfrr.ini
C:\WINDOWS\system32\wggswjjh.ini
C:\WINDOWS\system32\whddreen.ini
C:\WINDOWS\system32\wjyueudt.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wphgknma.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-21 17:29 . 2008-02-21 17:29 <DIR> d-------- C:\Program Files\Winamp Remote
2008-02-21 17:29 . 2008-02-21 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-02-18 08:55 . 2008-02-18 08:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 05:19 . 2008-02-16 05:24 568 --a------ C:\WINDOWS\wininit.ini
2008-02-15 23:26 . 2008-02-19 10:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-15 23:25 . 2008-02-15 23:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-15 23:24 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 23:24 . 2008-02-19 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-15 23:19 . 2008-02-17 16:47 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-15 19:20 . 2008-02-23 17:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-15 19:20 . 2008-02-15 19:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 20:59 . 2008-02-17 01:01 <DIR> d-------- C:\VundoFix Backups
2008-02-14 17:16 . 2008-02-14 20:58 1,242,540 --ahs---- C:\WINDOWS\system32\wxyeebgx.ini
2008-02-14 15:56 . 2008-02-14 16:42 1,242,300 --ahs---- C:\WINDOWS\system32\ygncvhxn.ini
2008-02-14 14:35 . 2008-02-15 22:18 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-14 14:35 . 2008-02-15 22:18 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-02-13 06:59 . 2008-02-13 06:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SlipStream
2008-02-13 06:02 . 2008-02-14 14:40 1,180,456 --ahs---- C:\WINDOWS\system32\wuyufkmh.ini
2008-02-12 10:29 . 2008-02-12 13:32 1,223,562 --ahs---- C:\WINDOWS\system32\xnpdjiqk.ini
2008-02-08 23:25 . 2008-02-08 23:26 <DIR> d-------- C:\Program Files\FreeMPC
2008-02-06 12:45 . 2008-02-06 16:51 1,201,688 --ahs---- C:\WINDOWS\system32\yemevsim.ini
2008-02-04 08:16 . 2008-02-04 11:08 1,192,838 --ahs---- C:\WINDOWS\system32\wwcybcbo.ini
2008-02-03 09:49 . 2008-02-03 09:49 1,188,672 --ahs---- C:\WINDOWS\system32\xgqtilbg.ini
2008-02-01 18:47 . 2008-02-02 00:38 414 --ahs---- C:\WINDOWS\system32\phnnvfei.ini
2008-02-01 14:41 . 2008-02-01 18:45 1,188,492 --ahs---- C:\WINDOWS\system32\xemrkwxr.ini
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-30 22:02 . 2008-01-30 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-29 18:29 . 2008-01-29 18:29 1,167,005 --ahs---- C:\WINDOWS\system32\wxifbmoh.ini
2008-01-29 09:27 . 2008-01-29 10:18 1,167,417 --ahs---- C:\WINDOWS\system32\yxljynjb.ini
2008-01-28 11:00 . 2008-01-28 11:00 1,155,539 --ahs---- C:\WINDOWS\system32\xkxanqqo.ini
2008-01-26 21:20 . 2008-01-26 21:20 <DIR> d-------- C:\WINDOWS\system32\7173777A7E777E8
2008-01-26 16:10 . 2008-01-26 15:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\T?sks
2008-01-26 16:05 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-01-26 16:05 . 2007-07-11 09:42 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-01-26 16:04 . 2008-01-26 16:04 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-01-26 16:03 . 2008-01-26 15:47 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-01-26 16:02 . 2008-01-26 16:02 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-01-26 16:00 . 2004-03-31 23:58 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-26 15:58 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft
2008-01-26 15:58 . 2008-01-26 15:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\M?crosoft.NET
2008-01-26 15:57 . 2008-01-26 15:57 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2008-01-26 15:57 . 2008-01-26 16:04 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-01-26 15:57 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-01-26 15:55 . 2007-12-04 20:58 <DIR> d---s---- C:\WINDOWS\Tasks
2008-01-26 15:55 . 2008-01-26 15:55 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-01-26 15:55 . 2008-01-26 15:50 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2008-01-26 15:55 . 2007-04-21 20:56 <DIR> d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-01-26 15:55 . 2008-01-26 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\çasks
2008-01-26 15:54 . 2008-01-26 15:49 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-01-26 15:54 . 2004-03-31 23:58 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-26 15:54 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\àdobe
2008-01-26 15:54 . 2008-01-26 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\çasks
2008-01-26 15:54 . 2007-04-21 20:56 <DIR> d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-01-26 15:53 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\çasks
2008-01-26 15:53 . 2008-02-15 23:22 <DIR> d-------- C:\WINDOWS\system
2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\àppPatch
2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\Common Files\?ymbols
2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\Common Files\?ssembly
2008-01-26 15:53 . 2008-01-26 15:49 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\?racle
2008-01-26 15:53 . 2008-01-26 15:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\àppPatch
2008-01-26 15:53 . 2008-01-26 15:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\s?mbols
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\system32\?ssembly
2008-01-26 15:52 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\system32\s?curity
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\WINDOWS\S?mantec
2008-01-26 15:52 . 2008-01-21 19:20 <DIR> dr--s---- C:\WINDOWS\Fonts
2008-01-26 15:52 . 2007-12-04 20:58 <DIR> d---s---- C:\WINDOWS\Tasks
2008-01-26 15:52 . 2007-03-23 21:07 <DIR> d-------- C:\WINDOWS\AppPatch
2008-01-26 15:52 . 2005-02-06 16:26 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\Program Files\?icrosoft.NET
2008-01-26 15:52 . 2008-01-26 15:52 <DIR> d-------- C:\Program Files\?ecurity
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\çasks
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\system32\àdobe
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\system32\s?curity
2008-01-26 15:51 . 2008-01-26 15:46 <DIR> d-------- C:\WINDOWS\system32\àppPatch
2008-01-26 15:51 . 2008-01-26 15:46 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2008-01-26 15:51 . 2007-07-11 09:42 <DIR> dr--s---- C:\WINDOWS\assembly
2008-01-26 15:51 . 2008-02-23 17:06 <DIR> d-------- C:\WINDOWS\system32
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\s?mbols
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-01-26 15:51 . 2008-01-26 15:50 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2008-01-26 15:51 . 2008-01-26 15:48 <DIR> d-------- C:\Program Files\a?sembly
2008-01-26 15:51 . 2008-01-26 15:51 <DIR> d-------- C:\Program Files\M?crosoft
2008-01-26 15:51 . 2007-04-21 20:56 <DIR> d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-01-26 15:50 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\àppPatch
2008-01-26 15:50 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\àdobe
2008-01-26 15:50 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\system32\T?sks
2008-01-26 15:50 . 2008-01-26 15:50 <DIR> d-------- C:\WINDOWS\system32\?racle
2008-01-26 15:50 . 2008-01-26 15:46 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2008-01-26 15:50 . 2004-03-31 23:58 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-26 15:50 . 2007-03-23 21:07 <DIR> d-------- C:\WINDOWS\AppPatch
2008-01-26 15:50 . 2008-01-26 15:49 <DIR> d-------- C:\WINDOWS\?icrosoft
2008-01-26 15:50 . 2008-02-15 23:22 <DIR> d-------- C:\WINDOWS\system
2008-01-26 15:50 . 2007-07-11 09:42 <DIR> d-------- C:\WINDOWS\Microsoft.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 00:08 --------- d-----w C:\Program Files\Greetings Workshop
2008-02-22 13:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-02-22 00:37 --------- d-----w C:\Program Files\Winamp
2008-02-20 19:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-18 15:40 --------- d-----w C:\Program Files\themexp
2008-02-18 15:40 --------- d-----w C:\Program Files\Safe-Share
2008-02-18 15:40 --------- d-----r C:\Program Files\Programs
2008-02-16 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 05:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 23:47 --------- d-----w C:\Documents and Settings\Michael\Application Data\StumbleUpon
2008-02-14 21:35 --------- d-----w C:\Program Files\Common Files\wiuq
2008-02-12 18:31 --------- d-----w C:\Program Files\GetRight
2008-02-10 03:29 --------- d-----w C:\Program Files\QuickTime
2008-01-31 05:02 --------- d-----w C:\Program Files\Lavasoft
2008-01-31 05:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 05:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-01-26 23:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\??sks
2008-01-26 22:58 --------- d-----w C:\Program Files\??crosoft
2008-01-26 22:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\??crosoft.NET
2008-01-26 22:57 10 ----a-w C:\Program Files\.autoreg
2008-01-26 22:57 --------- d-----w C:\Program Files\Common Files\??pPatch
2008-01-26 22:57 --------- d-----w C:\Program Files\??crosoft.NET
2008-01-26 22:55 --------- d-----w C:\Program Files\Common Files\?icrosoft
2008-01-26 22:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\?icrosoft
2008-01-26 22:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\?asks
2008-01-26 22:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\?asks
2008-01-26 22:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\??crosoft
2008-01-26 22:53 --------- d-----w C:\Program Files\Common Files\?ymbols
2008-01-26 22:53 --------- d-----w C:\Program Files\Common Files\?ssembly
2008-01-26 22:53 --------- d-----w C:\Program Files\Common Files\?ppPatch
2008-01-26 22:53 --------- d-----w C:\Program Files\?racle
2008-01-26 22:53 --------- d-----w C:\Program Files\?ppPatch
2008-01-26 22:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\?ppPatch
2008-01-26 22:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\??mbols
2008-01-26 22:52 --------- d-----w C:\Program Files\Common Files\?dobe
2008-01-26 22:52 --------- d-----w C:\Program Files\?icrosoft.NET
2008-01-26 22:52 --------- d-----w C:\Program Files\?ecurity
2008-01-26 22:51 --------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2008-01-26 22:51 --------- d-----w C:\Program Files\Common Files\?asks
2008-01-26 22:51 --------- d-----w C:\Program Files\Common Files\??mantec
2008-01-26 22:51 --------- d-----w C:\Program Files\??sembly
2008-01-26 22:51 --------- d-----w C:\Program Files\??crosoft
2008-01-26 22:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\?icrosoft
2008-01-26 22:50 --------- d-----w C:\Program Files\Common Files\?ystem
2008-01-26 22:50 --------- d-----w C:\Program Files\Common Files\?icrosoft
2008-01-26 22:50 --------- d-----w C:\Program Files\Common Files\??stem32
2008-01-26 22:50 --------- d-----w C:\Program Files\Common Files\??sembly
2008-01-26 22:50 --------- d-----w C:\Program Files\?ystem32
2008-01-26 22:50 --------- d-----w C:\Program Files\??stem
2008-01-26 22:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\?icrosoft.NET
2008-01-26 22:48 --------- d-----w C:\Program Files\Common Files\?ymantec
2008-01-26 22:47 --------- d-----w C:\Program Files\Common Files\?ystem32
2008-01-26 22:46 --------- d-----w C:\Program Files\??sks
2008-01-26 22:46 --------- d-----w C:\Program Files\??pPatch
2008-01-26 22:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\??sks
2008-01-26 22:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\??pPatch
2008-01-26 22:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\??crosoft
2008-01-21 06:05 --------- d-----w C:\Program Files\easetech
2008-01-21 05:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\foobar2000
2008-01-21 05:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-16 02:21 --------- d-----w C:\Program Files\iTunes
2008-01-16 02:21 --------- d-----w C:\Program Files\iPod
2008-01-15 20:58 --------- d-----w C:\Program Files\Album Player Locator
2008-01-11 04:13 --------- d-----w C:\Program Files\eMule
2008-01-05 20:32 --------- d-----w C:\Program Files\Burrrn
2008-01-05 00:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-01-03 20:09 --------- d-----w C:\Program Files\Monkey's Audio
2008-01-02 10:14 --------- d-----w C:\Documents and Settings\Michael\Application Data\Search Settings
2007-12-28 20:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Search Settings
2007-12-28 20:29 --------- d-----w C:\Program Files\Dealio
2007-12-28 20:28 --------- d-----w C:\Program Files\Search Settings
2007-12-28 20:27 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-12-28 20:26 --------- d-----w C:\Program Files\Free Audio Pack
2007-12-28 20:03 --------- d-----w C:\Program Files\Medieval Software
2007-12-25 00:47 --------- d-----w C:\Program Files\SoundTaxi
2007-09-23 02:25 31 ----a-w C:\Documents and Settings\Michael\getfile.dat
2007-09-22 18:21 31 ----a-w C:\Documents and Settings\Owner\getfile.dat
2007-08-07 14:54 31 ----a-w C:\Documents and Settings\Maggie\getfile.dat
2007-07-16 20:14 94,208 ----a-w C:\Program Files\markup.ovl
2007-07-16 20:14 86,016 ----a-w C:\Program Files\topic.top
2007-07-16 20:14 1,351,680 ----a-w C:\Program Files\study.not
2007-07-06 05:26 81,920 ----a-w C:\Program Files\Bookmarks.lst
2007-04-03 10:12 16,240,640 ------w C:\Program Files\tsk.cmt
2007-03-24 07:55 6,639 ----a-w C:\Documents and Settings\Owner\Application Data\unins000.dat
2007-03-24 07:54 682,266 ----a-w C:\Documents and Settings\Owner\Application Data\unins000.exe
2007-01-01 15:09 4,956,160 ----a-w C:\Program Files\e-Sword.exe
2006-12-30 20:59 204,800 ----a-w C:\Program Files\robertson.har
2006-12-27 03:09 65,863 ----a-w C:\Program Files\Readme.pdf
2006-12-21 20:01 19,096 ----a-w C:\Program Files\License.pdf
2006-11-14 15:49 14,680,064 ----a-w C:\Program Files\kjv+.bbl
2006-08-13 08:56 88 ----a-w C:\Program Files\Twilight Zone.theme
2006-08-10 06:31 8,067 ----a-w C:\Documents and Settings\Owner\newpics.zip
2005-09-20 20:27 84 ----a-w C:\Documents and Settings\Owner\config.dat
2005-08-18 14:58 6,334,464 ------w C:\Program Files\asv.bbl
2005-02-08 17:19 237,568 ----a-w C:\Program Files\RichEdit.ocx
2004-12-20 15:25 14,602,240 ------w C:\Program Files\History of the Christian Church.top
2004-08-11 03:16 3,016,704 ------w C:\Program Files\abs.map
2004-07-07 21:57 8,591 ----a-w C:\Program Files\e-Sword.tip
2003-10-16 22:29 6,830,080 ------w C:\Program Files\mediterranean.map
2003-10-01 03:30 823,296 ------w C:\Program Files\classic.map
2007-08-12 01:47 6,421 --sha-w C:\WINDOWS\system32\cccdd.bak1
2007-08-13 17:10 1,713,671 --sha-w C:\WINDOWS\system32\cccdd.bak2
2007-08-13 17:13 1,713,862 --sha-w C:\WINDOWS\system32\cccdd.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 13:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfe02be0-f2d6-4666-b58e-002163a87ff4}]
C:\WINDOWS\system32\ewenlmub.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F20CEF7E-299E-43E2-ABC8-215DA75EC9FB}]
C:\WINDOWS\system32\mlljg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2B7677C-EC71-4A42-B51E-9ECBF79EFFC3}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{11359F4A-B191-42D7-905A-594F8CF0387B}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{5093EB4C-3E93-40AB-9266-B607BA87BDC8}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{CBF6F119-EA59-4612-96C3-EFD538C88C0A}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 13:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [ ]
"Skado"="" []
"Desktop Cycler Changer"="C:\Program Files\Desktop Cycler\Changer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-02-08 00:18 1429504]
"BackgroundSwitcher"="C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2008-01-22 05:11 907152]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 13:02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sunasDtServ"="C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe" [2005-03-18 14:04 843776]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 11:58 1069920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"40408b53"="C:\WINDOWS\system32\nadiawah.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-16 11:34 579072]
"sunasServ"="C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe" [2005-03-18 12:40 430080]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 15:54 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-15 23:25 219136]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 14:15:28 36864]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 14:15:28 36864]

C:\Program Files\Programs\Startup\
DeskSweeper.lnk - C:\Program Files\DeskSweeper\DeskSweeper.exe [1999-03-09 236032]
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1996-06-25 40448]
Web Chrono Desktop.lnk - C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{D8D0D7C9-C4CA-4BE1-9CEC-384DCBB238DD}\WebChronoDesktop.exe [2005-10-23 10:21:40 3638]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-11-27 13:44:55 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhecd]
jkkhecd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkkli]
mljkkli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tqcwotww]
tqcwotww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2005-07-02 13:36 421888 C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
--a------ 2005-07-01 20:58 8192 C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
--a------ 2005-07-02 13:35 33280 C:\Program Files\Softwin\BitDefender8\\bdswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2004-12-10 19:44 11776 C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasDTServ]
--a------ 2005-03-18 14:04 843776 C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasServ]
--a------ 2005-03-18 12:40 430080 C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USSShReg]
--a------ 1997-11-23 20:16 20992 C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-01-16 04:33 49152 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampControlbandUpdate]
C:\Program Files\WinampControlBand\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"iPod Service"=3 (0x3)
"bdss"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Abacast\\Abaclient.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\WINDOWS\\system32\\ElectricSheep.scr"=
"C:\\Documents and Settings\\Michael\\My Documents\\My Documents\\michael's stuff\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\My Documents\\michael's stuff\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzfs.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\WINDOWS\system32\bsvruujl.exe"= C:\WINDOWS\system32\bsv
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZflag\\BZFlag2.0.10\\bzflag.exe"=
"F:\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57225:TCP"= 57225:TCP:Pando P2P TCP Listening Port
"57225:UDP"= 57225:UDP:Pando P2P UDP Listening Port
"9020:TCP"= 9020:TCP:BZFLAG

R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys [2005-08-09 19:31]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-08-11 16:56]
S1 rxp;rxp;C:\WINDOWS\system32\drivers\rxp.sys []
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daf6ba03-6a1b-11db-a929-00112f057540}]
\Shell\AutoRun\command - F:\SYS\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 02:01:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-17 16:59:02 C:\WINDOWS\Tasks\iRadio task 7.job"
- C:\PROGRA~1\3aLab\iRadio\iRadio.exe
"2008-02-22 16:00:00 C:\WINDOWS\Tasks\Kitchen.job"
- C:\WINDOWS\Kitchen.scr
"2008-02-22 22:12:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 17:09:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\sockspy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-02-23 17:21:26 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-02-24 00:21:21
.
2008-02-14 22:06:28 --- E O F ---


HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:32 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\kmd.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\DeskSweeper\DeskSweeper.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.isp.com/members/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O2 - BHO: {4ff78a36-1200-e85b-6664-6d2f0eb20efd} - {dfe02be0-f2d6-4666-b58e-002163a87ff4} - C:\WINDOWS\system32\ewenlmub.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: (no name) - {F20CEF7E-299E-43E2-ABC8-215DA75EC9FB} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {F2B7677C-EC71-4A42-B51E-9ECBF79EFFC3} - C:\WINDOWS\system32\mllmk.dll (file missing)
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: radiojazz Toolbar - {cbf6f119-ea59-4612-96c3-efd538c88c0a} - C:\Program Files\radiojazz\tbrad0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [40408b53] rundll32.exe "C:\WINDOWS\system32\nadiawah.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Desktop Cycler Changer] C:\Program Files\Desktop Cycler\Changer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: HP Organize.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'Default user')
O4 - .DEFAULT User Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe (User 'Default user')
O4 - Startup: DeskSweeper.lnk = C:\Program Files\DeskSweeper\DeskSweeper.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Web Chrono Desktop.lnk = ?
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add to AD Black List - C:\MICHAE~1\other\browsers\AVANTB~1\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\MICHAE~1\other\browsers\AVANTB~1\AddAllToADBlackList.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\MICHAE~1\other\browsers\AVANTB~1\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\MICHAE~1\other\browsers\AVANTB~1\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\MICHAE~1\other\browsers\AVANTB~1\OpenInNewBrowser.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Search - C:\MICHAE~1\other\browsers\AVANTB~1\Search.htm
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\wx.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\wx.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3249008340
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/in ... ction3.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/t ... lexico.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: jkkhecd - jkkhecd.dll (file missing)
O20 - Winlogon Notify: mljkkli - mljkkli.dll (file missing)
O20 - Winlogon Notify: tqcwotww - tqcwotww.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 16084 bytes
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 23rd, 2008, 5:00 am

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Search Settings
    (plus any of those screen savers and games that you don't need)
Now close the Control Panel.




OTMoveIt
Please download OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\WINDOWS\system32\cccdd.bak1
    C:\WINDOWS\system32\cccdd.bak2
    C:\WINDOWS\system32\cccdd.ini2
    C:\WINDOWS\system32\wuyufkmh.ini
    C:\WINDOWS\system32\xnpdjiqk.ini
    C:\WINDOWS\system32\wxyeebgx.ini
    C:\WINDOWS\system32\ygncvhxn.ini
    C:\WINDOWS\system32\yemevsim.ini
    C:\WINDOWS\system32\wwcybcbo.ini
    C:\WINDOWS\system32\xgqtilbg.ini
    C:\WINDOWS\system32\phnnvfei.ini
    C:\WINDOWS\system32\xemrkwxr.ini
    C:\WINDOWS\system32\wxifbmoh.ini
    C:\WINDOWS\system32\yxljynjb.ini
    C:\WINDOWS\system32\xkxanqqo.ini
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    Purity
    

  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O2 - BHO: (no name) - {232D2677-68EE-4FA1-B988-279EBC8969ED} - (no file)
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll (file missing)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\mljkkli.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tqcwotww.dll (file missing)
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL (file missing)
O2 - BHO: {4ff78a36-1200-e85b-6664-6d2f0eb20efd} - {dfe02be0-f2d6-4666-b58e-002163a87ff4} - C:\WINDOWS\system32\ewenlmub.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: (no name) - {F20CEF7E-299E-43E2-ABC8-215DA75EC9FB} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {F2B7677C-EC71-4A42-B51E-9ECBF79EFFC3} - C:\WINDOWS\system32\mllmk.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] C:\DOCUME~1\Owner\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [40408b53] rundll32.exe "C:\WINDOWS\system32\nadiawah.dll",b
O4 - Startup: Web Chrono Desktop.lnk = ?
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (file missing)

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\wx.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\wx.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab

O20 - Winlogon Notify: jkkhecd - jkkhecd.dll (file missing)
O20 - Winlogon Notify: mljkkli - mljkkli.dll (file missing)
O20 - Winlogon Notify: tqcwotww - tqcwotww.dll (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


Do you have the Kaspersky log ?






Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java and Adobe components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u4 from http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Update Adobe Acrobat Reader
  • Please go to this link Adobe Acrobat Reader Download Link
  • Cllick Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Adobe Reader 7.0.8
  • J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Web Start
    Java(TM) SE Runtime Environment 6 Update 1
Now close the Control Panel.

Reboot your machine.


IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus
BitTorrent
LimeWire
BearShare
Pando Networks
eMule
FrostWire
Safe-Share


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 24th, 2008, 3:04 am

Here's the Kaspersky log. I'm starting on the rest of the instructions now.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 24, 2008 12:00:15 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/02/2008
Kaspersky Anti-Virus database records: 577049
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 222159
Number of viruses found: 57
Number of infected objects: 555
Number of suspicious objects: 0
Duration of the scan process: 04:23:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\OrbNetworks\Logs\CabDirectory.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\OrbNetworks\Logs\OrbErrors.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\OrbNetworks\Logs\OrbTrayIcon.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Config\desktop2.idf Object is locked skipped
C:\Documents and Settings\All Users\Documents\Fonts\SwUniNew.tff Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8LWFWBC7\ad70a8[1].js Infected: Trojan-Downloader.JS.Agent.nt skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CLG1ET81\a577a1[1].js Infected: Trojan-Downloader.JS.Agent.nt skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CLG1ET81\open[1].htm Infected: Trojan.JS.NoClose.c skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U9QZW7WH\a671ac72[1].js Infected: Trojan-Downloader.JS.Agent.nt skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\.jpi_cache\jar\1.0\jvmsecman.jar-6b26dca8-7d578fb9.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Michael\.jpi_cache\jar\1.0\jvmsecman.jar-6b26dca8-7d578fb9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-7fd394f8.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-7fd394f8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Search Settings\kb125\temp\ws-13932.log Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\sxeeiwlf.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF41EB.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4295.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC675.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Downloads\Application\antivirus\WebfettiSetup2.2.60.11-2.ZKfox000.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Documents and Settings\Owner\My Documents\My Downloads\Application\antivirus\WebfettiSetup2.2.60.11-2.ZKfox000.exe CAB: infected - 1 skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Limewire Downloads\Eighties classic (china).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\60AD513D-E2E6-4326-B13F-2E80A5\2ACAC89B-16ED-4899-8A92-65A534 Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERInst.exe.vir Infected: Trojan.Win32.Agent.ffe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ineWc01\ineWc011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cby skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP762\A0207547.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP762\A0207579.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP762\A0207602.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP763\A0208602.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP763\A0208603.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP763\A0208618.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP763\A0209063.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP763\A0209064.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP763\A0209065.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209088.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209089.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209091.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209092.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209093.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209095.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209098.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209099.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209106.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209107.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209109.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209111.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209117.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209120.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209148.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209150.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209153.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209154.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209162.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209163.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209182.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209183.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209184.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209189.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP764\A0209190.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209232.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209234.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209700.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209701.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209702.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209704.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209706.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209707.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209708.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209720.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209721.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP765\A0209726.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP766\A0210155.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP767\A0210182.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP768\A0211182.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP769\A0211224.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP770\A0211336.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP770\A0211339.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP770\A0211340.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP770\A0211359.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP770\A0211376.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP771\A0211463.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP771\A0211498.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP773\A0211528.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP774\A0211586.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP774\A0211621.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP775\A0211657.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP775\A0211670.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP776\A0212670.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP776\A0212671.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP776\A0212685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP777\A0212768.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP778\A0212814.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP779\A0213814.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP779\A0213825.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP779\A0213840.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP780\A0213904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP780\A0213947.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP781\A0214028.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP781\A0215028.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP781\A0215089.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215174.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215223.exe Infected: Trojan-Downloader.Win32.VB.cby skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215224.exe Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215226.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215226.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215242.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215249.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215282.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215339.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215355.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215366.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP782\A0215381.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP784\A0215488.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP784\A0215489.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP784\A0215490.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP784\A0215505.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP784\A0215529.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP784\A0215530.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP784\A0215541.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP784\A0215565.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP785\A0215667.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP785\A0215668.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP787\A0215982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP787\A0215984.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP788\A0216023.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP788\A0216065.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP788\A0216066.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP788\A0216097.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP788\A0216098.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP790\A0216199.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP790\A0216250.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP790\A0216258.exe Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP790\A0216259.exe Infected: Trojan.Win32.Agent.ffe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP790\A0216275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP790\A0217275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217287.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217309.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217311.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217312.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217333.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217335.exe Infected: Trojan-Downloader.Win32.Adload.sa skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217337.exe Infected: Trojan.Win32.Agent.fow skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217353.exe Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217360.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217536.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0217542.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP791\A0218536.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218550.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218551.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218872.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218873.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218877.exe Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218878.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218973.exe Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218974.exe Infected: Trojan.Win32.Agent.ffe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0218997.exe Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0219009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP792\A0219015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0219414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0220414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221433.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221434.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221435.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221436.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221437.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221438.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221439.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221441.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221442.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221443.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221444.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221445.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221446.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221447.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221448.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221449.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221450.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221451.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221452.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221453.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221454.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221455.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0221456.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0222482.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0222483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0222491.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP793\A0222492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0223492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0224492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225499.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225500.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225501.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225502.exe Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225503.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225504.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225505.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225506.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225509.exe Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225510.exe Infected: Trojan-Downloader.Win32.Adload.rk skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225511.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225512.exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225513.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225515.exe Infected: not-a-virus:AdWare.Win32.Agent.tj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225516.exe Infected: not-a-virus:AdWare.Win32.Agent.aaq skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225517.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225519.exe Infected: not-a-virus:AdWare.Win32.Sahat.l skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225520.exe Infected: not-a-virus:AdWare.Win32.Sahat.l skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225521.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225525.exe Infected: Trojan-Downloader.Win32.Agent.hvj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225526.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225526.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225526.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225526.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP794\A0225527.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP795\A0225535.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP795\A0225536.exe Infected: Trojan-Downloader.Win32.Agent.hcn skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP795\A0225537.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP795\A0225538.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP795\A0225547.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225554.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225557.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225654.exe Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225655.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225655.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225660.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225661.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225662.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225663.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225664.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225665.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225666.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225667.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225668.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225669.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225670.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225671.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225672.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225673.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225674.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225675.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225676.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225677.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225678.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225679.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225680.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225681.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225682.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225683.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225684.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225685.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225686.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225687.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225688.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225689.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225690.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225691.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225692.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225693.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225694.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225695.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225696.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225697.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225698.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225699.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225700.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225701.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225702.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225703.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225704.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225705.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225706.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225707.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225708.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225709.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225710.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225711.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225712.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225713.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225714.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225715.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225716.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225717.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225718.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225719.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225720.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225721.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225722.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225723.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225724.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225725.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225726.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225727.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225728.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225729.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225730.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225731.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225732.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225733.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225734.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225735.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225736.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225737.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225738.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225739.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225740.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225741.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225742.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225743.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225744.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225745.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225746.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225747.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225748.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225749.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225750.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225751.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225752.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225753.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225754.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225755.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225756.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225757.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225758.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225759.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225760.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225761.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225762.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225763.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225764.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225765.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225766.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225767.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225768.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225769.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225770.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225805.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225809.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225811.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225812.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225889.exe Infected: Trojan.Win32.StartPage.ame skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225891.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225903.exe Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225904.exe Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225905.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225906.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225907.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225908.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225909.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225910.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225911.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225912.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225913.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225914.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225915.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225916.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225917.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225918.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225919.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225920.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225921.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225922.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225923.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225924.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225925.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225926.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225927.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225928.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225929.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225930.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225931.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225932.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225933.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225934.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225935.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225936.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225937.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225938.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225940.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225941.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225942.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225943.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225944.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225945.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225946.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225947.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225948.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225949.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225950.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225951.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225952.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225953.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225954.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225955.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225956.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225957.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225958.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225959.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225960.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225961.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225962.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225963.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225964.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225965.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225966.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225967.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225968.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225969.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225970.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225971.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225972.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225973.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225974.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225975.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225976.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225977.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225978.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225979.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225980.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225981.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225983.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225984.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225985.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225986.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225987.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225988.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225989.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225990.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225991.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225992.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225993.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225994.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225996.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225997.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225998.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0225999.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226000.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226001.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226005.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226011.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226012.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226014.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226017.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226018.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226023.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226025.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226026.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226027.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226028.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226029.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226030.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226031.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226032.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226033.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226034.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226035.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226036.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226039.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226040.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226041.dll Infected: Trojan-Dropper.Win32.Small.so skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226042.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226043.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226044.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226045.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226046.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226047.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226048.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226049.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226050.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226051.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226052.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226053.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226054.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226055.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226056.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226057.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226058.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226059.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226060.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226061.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226062.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226063.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226064.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226065.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226066.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226068.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226069.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226070.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226071.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226072.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226073.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226074.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226075.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226076.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226077.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226078.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226079.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226081.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226082.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226083.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226084.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226085.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226086.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226087.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226088.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226089.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226090.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226091.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226092.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226093.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226094.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226095.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226096.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226097.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226098.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP796\A0226099.exe Infected: Trojan-Downloader.Win32.VB.cby skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226139.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.ActivShopper.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226139.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.ActivShopper.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226139.exe/stream Infected: not-a-virus:AdWare.Win32.ActivShopper.a skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226139.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226141.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226153.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226153.exe mIRC: infected - 1 skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226154.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP797\A0226220.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP801\A0227832.exe Infected: Trojan.Win32.Agent.ffe skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP801\A0227833.exe Infected: Trojan-Downloader.Win32.VB.cby skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP801\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\mbkwnst.exe/data0002/data0002 Infected: not-a-virus:AdWare.Win32.MBKWBar.a skipped
C:\WINDOWS\mbkwnst.exe/data0002 Infected: not-a-virus:AdWare.Win32.MBKWBar.a skipped
C:\WINDOWS\mbkwnst.exe NSIS: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{36ADF127-4E69-4C31-9F9A-8268683C802D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\2scenicwu.exe/VVSNI_SCNC010501Inst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\WINDOWS\system32\2scenicwu.exe InstallCreator: infected - 1 skipped
C:\WINDOWS\system32\2scenicwu.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\3scenices.exe/iedriver.exe Infected: Trojan-Clicker.Win32.Iedriver.a skipped
C:\WINDOWS\system32\3scenices.exe InstallCreator: infected - 1 skipped
C:\WINDOWS\system32\3scenices.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8LWFWBC7\ad70a8[1].js Infected: Trojan-Downloader.JS.Agent.nt skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CLG1ET81\a577a1[1].js Infected: Trojan-Downloader.JS.Agent.nt skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CLG1ET81\open[1].htm Infected: Trojan.JS.NoClose.c skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U9QZW7WH\a671ac72[1].js Infected: Trojan-Downloader.JS.Agent.nt skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP801\change.log Object is locked skipped

Scan process completed.
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby mickd3 » February 24th, 2008, 4:46 am

Results of OTMoveit2:
C:\WINDOWS\system32\cccdd.bak1 moved successfully.
C:\WINDOWS\system32\cccdd.bak2 moved successfully.
C:\WINDOWS\system32\cccdd.ini2 moved successfully.
C:\WINDOWS\system32\wuyufkmh.ini moved successfully.
C:\WINDOWS\system32\xnpdjiqk.ini moved successfully.
C:\WINDOWS\system32\wxyeebgx.ini moved successfully.
C:\WINDOWS\system32\ygncvhxn.ini moved successfully.
C:\WINDOWS\system32\yemevsim.ini moved successfully.
C:\WINDOWS\system32\wwcybcbo.ini moved successfully.
C:\WINDOWS\system32\xgqtilbg.ini moved successfully.
C:\WINDOWS\system32\phnnvfei.ini moved successfully.
C:\WINDOWS\system32\xemrkwxr.ini moved successfully.
C:\WINDOWS\system32\wxifbmoh.ini moved successfully.
C:\WINDOWS\system32\yxljynjb.ini moved successfully.
C:\WINDOWS\system32\xkxanqqo.ini moved successfully.
[Custom Input]
< Purity >
C:\WINDOWS\Αdobe moved successfully.
C:\WINDOWS\Аdobe moved successfully.
C:\WINDOWS\АppPatch moved successfully.
C:\WINDOWS\АрpPatch moved successfully.
C:\WINDOWS\ΑppPatch moved successfully.
C:\WINDOWS\ΑрpPatch moved successfully.
C:\WINDOWS\AрpPatch moved successfully.
C:\WINDOWS\aѕsembly moved successfully.
C:\WINDOWS\аѕsembly moved successfully.
C:\WINDOWS\Fοnts moved successfully.
C:\WINDOWS\Fоnts moved successfully.
C:\WINDOWS\Mіcrosoft.NET moved successfully.
C:\WINDOWS\Μicrosoft.NET moved successfully.
C:\WINDOWS\Μіcrosoft.NET moved successfully.
C:\WINDOWS\Мicrosoft.NET moved successfully.
C:\WINDOWS\Міcrosoft.NET moved successfully.
C:\WINDOWS\Mіcrosoft moved successfully.
C:\WINDOWS\Μicrosoft moved successfully.
C:\WINDOWS\Μіcrosoft moved successfully.
C:\WINDOWS\Мicrosoft moved successfully.
C:\WINDOWS\Міcrosoft moved successfully.
C:\WINDOWS\Οracle moved successfully.
C:\WINDOWS\Оracle moved successfully.
C:\WINDOWS\sеcurity moved successfully.
C:\WINDOWS\ѕecurity moved successfully.
C:\WINDOWS\ѕеcurity moved successfully.
C:\WINDOWS\Sуmantec moved successfully.
C:\WINDOWS\Ѕymantec moved successfully.
C:\WINDOWS\Ѕуmantec moved successfully.
C:\WINDOWS\ѕymbols moved successfully.
C:\WINDOWS\sуmbols moved successfully.
C:\WINDOWS\ѕуmbols moved successfully.
C:\WINDOWS\ѕуstem moved successfully.
C:\WINDOWS\sуstem moved successfully.
C:\WINDOWS\ѕystem moved successfully.
C:\WINDOWS\ѕystem32 moved successfully.
C:\WINDOWS\sуstem32 moved successfully.
C:\WINDOWS\ѕуstem32 moved successfully.
C:\WINDOWS\Tаsks moved successfully.
C:\WINDOWS\Τasks moved successfully.
C:\WINDOWS\Τаsks moved successfully.
C:\WINDOWS\Тasks moved successfully.
C:\WINDOWS\Таsks moved successfully.
C:\WINDOWS\WіnSxS moved successfully.
C:\WINDOWS\system32\Αdobe moved successfully.
C:\WINDOWS\system32\Аdobe moved successfully.
C:\WINDOWS\system32\АppPatch moved successfully.
C:\WINDOWS\system32\АрpPatch moved successfully.
C:\WINDOWS\system32\ΑppPatch moved successfully.
C:\WINDOWS\system32\ΑрpPatch moved successfully.
C:\WINDOWS\system32\AрpPatch moved successfully.
C:\WINDOWS\system32\aѕsembly moved successfully.
C:\WINDOWS\system32\аѕsembly moved successfully.
C:\WINDOWS\system32\Fοnts moved successfully.
C:\WINDOWS\system32\Fоnts moved successfully.
C:\WINDOWS\system32\Mіcrosoft.NET moved successfully.
C:\WINDOWS\system32\Μicrosoft.NET moved successfully.
C:\WINDOWS\system32\Μіcrosoft.NET moved successfully.
C:\WINDOWS\system32\Мicrosoft.NET moved successfully.
C:\WINDOWS\system32\Міcrosoft.NET moved successfully.
C:\WINDOWS\system32\Mіcrosoft moved successfully.
C:\WINDOWS\system32\Μicrosoft moved successfully.
C:\WINDOWS\system32\Μіcrosoft moved successfully.
C:\WINDOWS\system32\Мicrosoft moved successfully.
C:\WINDOWS\system32\Міcrosoft moved successfully.
C:\WINDOWS\system32\Οracle moved successfully.
C:\WINDOWS\system32\Оracle moved successfully.
C:\WINDOWS\system32\sеcurity moved successfully.
C:\WINDOWS\system32\ѕecurity moved successfully.
C:\WINDOWS\system32\ѕеcurity moved successfully.
C:\WINDOWS\system32\Sуmantec moved successfully.
C:\WINDOWS\system32\Ѕymantec moved successfully.
C:\WINDOWS\system32\Ѕуmantec moved successfully.
C:\WINDOWS\system32\ѕymbols moved successfully.
C:\WINDOWS\system32\sуmbols moved successfully.
C:\WINDOWS\system32\ѕуmbols moved successfully.
C:\WINDOWS\system32\ѕуstem moved successfully.
C:\WINDOWS\system32\sуstem moved successfully.
C:\WINDOWS\system32\ѕystem moved successfully.
C:\WINDOWS\system32\ѕystem32 moved successfully.
C:\WINDOWS\system32\sуstem32 moved successfully.
C:\WINDOWS\system32\ѕуstem32 moved successfully.
C:\WINDOWS\system32\Tаsks moved successfully.
C:\WINDOWS\system32\Τasks moved successfully.
C:\WINDOWS\system32\Τаsks moved successfully.
C:\WINDOWS\system32\Тasks moved successfully.
C:\WINDOWS\system32\Таsks moved successfully.
C:\WINDOWS\system32\WіnSxS moved successfully.
C:\Program Files\Αdobe moved successfully.
C:\Program Files\Аdobe moved successfully.
C:\Program Files\АppPatch moved successfully.
C:\Program Files\АрpPatch moved successfully.
C:\Program Files\ΑppPatch moved successfully.
C:\Program Files\ΑрpPatch moved successfully.
C:\Program Files\AрpPatch moved successfully.
C:\Program Files\aѕsembly moved successfully.
C:\Program Files\аѕsembly moved successfully.
C:\Program Files\Fοnts moved successfully.
C:\Program Files\Fоnts moved successfully.
C:\Program Files\Mіcrosoft.NET moved successfully.
C:\Program Files\Μicrosoft.NET moved successfully.
C:\Program Files\Μіcrosoft.NET moved successfully.
C:\Program Files\Мicrosoft.NET moved successfully.
C:\Program Files\Міcrosoft.NET moved successfully.
C:\Program Files\Mіcrosoft moved successfully.
C:\Program Files\Μicrosoft moved successfully.
C:\Program Files\Μіcrosoft moved successfully.
C:\Program Files\Мicrosoft moved successfully.
C:\Program Files\Міcrosoft moved successfully.
C:\Program Files\Οracle moved successfully.
C:\Program Files\Оracle moved successfully.
C:\Program Files\sеcurity moved successfully.
C:\Program Files\ѕecurity moved successfully.
C:\Program Files\ѕеcurity moved successfully.
C:\Program Files\Sуmantec moved successfully.
C:\Program Files\Ѕymantec moved successfully.
C:\Program Files\Ѕуmantec moved successfully.
C:\Program Files\ѕymbols moved successfully.
C:\Program Files\sуmbols moved successfully.
C:\Program Files\ѕуmbols moved successfully.
C:\Program Files\ѕуstem moved successfully.
C:\Program Files\sуstem moved successfully.
C:\Program Files\ѕystem moved successfully.
C:\Program Files\ѕystem32 moved successfully.
C:\Program Files\sуstem32 moved successfully.
C:\Program Files\ѕуstem32 moved successfully.
C:\Program Files\Tаsks moved successfully.
C:\Program Files\Τasks moved successfully.
C:\Program Files\Τаsks moved successfully.
C:\Program Files\Тasks moved successfully.
C:\Program Files\Таsks moved successfully.
C:\Program Files\WіnSxS moved successfully.
C:\Program Files\Common Files\Αdobe moved successfully.
C:\Program Files\Common Files\Аdobe moved successfully.
C:\Program Files\Common Files\АppPatch moved successfully.
C:\Program Files\Common Files\АрpPatch moved successfully.
C:\Program Files\Common Files\ΑppPatch moved successfully.
C:\Program Files\Common Files\ΑрpPatch moved successfully.
C:\Program Files\Common Files\AрpPatch moved successfully.
C:\Program Files\Common Files\aѕsembly moved successfully.
C:\Program Files\Common Files\аѕsembly moved successfully.
C:\Program Files\Common Files\Fοnts moved successfully.
C:\Program Files\Common Files\Fоnts moved successfully.
C:\Program Files\Common Files\Mіcrosoft.NET moved successfully.
C:\Program Files\Common Files\Μicrosoft.NET moved successfully.
C:\Program Files\Common Files\Μіcrosoft.NET moved successfully.
C:\Program Files\Common Files\Мicrosoft.NET moved successfully.
C:\Program Files\Common Files\Міcrosoft.NET moved successfully.
C:\Program Files\Common Files\Mіcrosoft moved successfully.
C:\Program Files\Common Files\Μicrosoft moved successfully.
C:\Program Files\Common Files\Μіcrosoft moved successfully.
C:\Program Files\Common Files\Мicrosoft moved successfully.
C:\Program Files\Common Files\Міcrosoft moved successfully.
C:\Program Files\Common Files\Οracle moved successfully.
C:\Program Files\Common Files\Оracle moved successfully.
C:\Program Files\Common Files\sеcurity moved successfully.
C:\Program Files\Common Files\ѕecurity moved successfully.
C:\Program Files\Common Files\ѕеcurity moved successfully.
C:\Program Files\Common Files\Sуmantec moved successfully.
C:\Program Files\Common Files\Ѕymantec moved successfully.
C:\Program Files\Common Files\Ѕуmantec moved successfully.
C:\Program Files\Common Files\ѕymbols moved successfully.
C:\Program Files\Common Files\sуmbols moved successfully.
C:\Program Files\Common Files\ѕуmbols moved successfully.
C:\Program Files\Common Files\ѕуstem moved successfully.
C:\Program Files\Common Files\sуstem moved successfully.
C:\Program Files\Common Files\ѕystem moved successfully.
C:\Program Files\Common Files\ѕystem32 moved successfully.
C:\Program Files\Common Files\sуstem32 moved successfully.
C:\Program Files\Common Files\ѕуstem32 moved successfully.
C:\Program Files\Common Files\Tаsks moved successfully.
C:\Program Files\Common Files\Τasks moved successfully.
C:\Program Files\Common Files\Τаsks moved successfully.
C:\Program Files\Common Files\Тasks moved successfully.
C:\Program Files\Common Files\Таsks moved successfully.
C:\Program Files\Common Files\WіnSxS moved successfully.
C:\Documents and Settings\Owner\My Documents\Αdobe moved successfully.
C:\Documents and Settings\Owner\My Documents\Аdobe moved successfully.
C:\Documents and Settings\Owner\My Documents\АppPatch moved successfully.
C:\Documents and Settings\Owner\My Documents\АрpPatch moved successfully.
C:\Documents and Settings\Owner\My Documents\ΑppPatch moved successfully.
C:\Documents and Settings\Owner\My Documents\ΑрpPatch moved successfully.
C:\Documents and Settings\Owner\My Documents\AрpPatch moved successfully.
C:\Documents and Settings\Owner\My Documents\aѕsembly moved successfully.
C:\Documents and Settings\Owner\My Documents\аѕsembly moved successfully.
C:\Documents and Settings\Owner\My Documents\Fοnts moved successfully.
C:\Documents and Settings\Owner\My Documents\Fоnts moved successfully.
C:\Documents and Settings\Owner\My Documents\Mіcrosoft.NET moved successfully.
C:\Documents and Settings\Owner\My Documents\Μicrosoft.NET moved successfully.
C:\Documents and Settings\Owner\My Documents\Μіcrosoft.NET moved successfully.
C:\Documents and Settings\Owner\My Documents\Мicrosoft.NET moved successfully.
C:\Documents and Settings\Owner\My Documents\Міcrosoft.NET moved successfully.
C:\Documents and Settings\Owner\My Documents\Mіcrosoft moved successfully.
C:\Documents and Settings\Owner\My Documents\Μicrosoft moved successfully.
C:\Documents and Settings\Owner\My Documents\Μіcrosoft moved successfully.
C:\Documents and Settings\Owner\My Documents\Мicrosoft moved successfully.
C:\Documents and Settings\Owner\My Documents\Міcrosoft moved successfully.
C:\Documents and Settings\Owner\My Documents\Οracle moved successfully.
C:\Documents and Settings\Owner\My Documents\Оracle moved successfully.
C:\Documents and Settings\Owner\My Documents\sеcurity moved successfully.
C:\Documents and Settings\Owner\My Documents\ѕecurity moved successfully.
C:\Documents and Settings\Owner\My Documents\ѕеcurity moved successfully.
C:\Documents and Settings\Owner\My Documents\Sуmantec moved successfully.
C:\Documents and Settings\Owner\My Documents\Ѕymantec moved successfully.
C:\Documents and Settings\Owner\My Documents\Ѕуmantec moved successfully.
C:\Documents and Settings\Owner\My Documents\ѕymbols moved successfully.
C:\Documents and Settings\Owner\My Documents\sуmbols moved successfully.
C:\Documents and Settings\Owner\My Documents\ѕуmbols moved successfully.
C:\Documents and Settings\Owner\My Documents\ѕуstem moved successfully.
C:\Documents and Settings\Owner\My Documents\sуstem moved successfully.
C:\Documents and Settings\Owner\My Documents\ѕystem moved successfully.
C:\Documents and Settings\Owner\My Documents\ѕystem32 moved successfully.
C:\Documents and Settings\Owner\My Documents\sуstem32 moved successfully.
C:\Documents and Settings\Owner\My Documents\ѕуstem32 moved successfully.
C:\Documents and Settings\Owner\My Documents\Tаsks moved successfully.
C:\Documents and Settings\Owner\My Documents\Τasks moved successfully.
C:\Documents and Settings\Owner\My Documents\Τаsks moved successfully.
C:\Documents and Settings\Owner\My Documents\Тasks moved successfully.
C:\Documents and Settings\Owner\My Documents\Таsks moved successfully.
C:\Documents and Settings\Owner\My Documents\WіnSxS moved successfully.
C:\Documents and Settings\Owner\Application Data\Αdobe moved successfully.
C:\Documents and Settings\Owner\Application Data\Аdobe moved successfully.
C:\Documents and Settings\Owner\Application Data\АppPatch moved successfully.
C:\Documents and Settings\Owner\Application Data\АрpPatch moved successfully.
C:\Documents and Settings\Owner\Application Data\ΑppPatch moved successfully.
C:\Documents and Settings\Owner\Application Data\ΑрpPatch moved successfully.
C:\Documents and Settings\Owner\Application Data\AрpPatch moved successfully.
C:\Documents and Settings\Owner\Application Data\aѕsembly moved successfully.
C:\Documents and Settings\Owner\Application Data\аѕsembly moved successfully.
C:\Documents and Settings\Owner\Application Data\Fοnts moved successfully.
C:\Documents and Settings\Owner\Application Data\Fоnts moved successfully.
C:\Documents and Settings\Owner\Application Data\Mіcrosoft.NET moved successfully.
C:\Documents and Settings\Owner\Application Data\Μicrosoft.NET moved successfully.
C:\Documents and Settings\Owner\Application Data\Μіcrosoft.NET moved successfully.
C:\Documents and Settings\Owner\Application Data\Мicrosoft.NET moved successfully.
C:\Documents and Settings\Owner\Application Data\Міcrosoft.NET moved successfully.
C:\Documents and Settings\Owner\Application Data\Mіcrosoft moved successfully.
C:\Documents and Settings\Owner\Application Data\Μicrosoft moved successfully.
C:\Documents and Settings\Owner\Application Data\Μіcrosoft moved successfully.
C:\Documents and Settings\Owner\Application Data\Мicrosoft moved successfully.
C:\Documents and Settings\Owner\Application Data\Міcrosoft moved successfully.
C:\Documents and Settings\Owner\Application Data\Οracle moved successfully.
C:\Documents and Settings\Owner\Application Data\Оracle moved successfully.
C:\Documents and Settings\Owner\Application Data\sеcurity moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕecurity moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕеcurity moved successfully.
C:\Documents and Settings\Owner\Application Data\Sуmantec moved successfully.
C:\Documents and Settings\Owner\Application Data\Ѕymantec moved successfully.
C:\Documents and Settings\Owner\Application Data\Ѕуmantec moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕymbols moved successfully.
C:\Documents and Settings\Owner\Application Data\sуmbols moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕуmbols moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕуstem moved successfully.
C:\Documents and Settings\Owner\Application Data\sуstem moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕystem moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕystem32 moved successfully.
C:\Documents and Settings\Owner\Application Data\sуstem32 moved successfully.
C:\Documents and Settings\Owner\Application Data\ѕуstem32 moved successfully.
C:\Documents and Settings\Owner\Application Data\Tаsks moved successfully.
C:\Documents and Settings\Owner\Application Data\Τasks moved successfully.
C:\Documents and Settings\Owner\Application Data\Τаsks moved successfully.
C:\Documents and Settings\Owner\Application Data\Тasks moved successfully.
C:\Documents and Settings\Owner\Application Data\Таsks moved successfully.
C:\Documents and Settings\Owner\Application Data\WіnSxS moved successfully.

OTMoveIt2 v1.0.20 log created on 02242008_014312
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby mickd3 » February 24th, 2008, 5:55 am

fixed with HJT.

Java site won't let me download the java update. I tried with both firefox and internet explorer.
Says it won't allow the download.

Updated Adobe.

As far as I can tell the P2P programs are removed.
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 24th, 2008, 10:45 am

We will sort out Java shortly


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window

C:\Program Files\.autoreg

Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\WINDOWS\system32\ElectricSheep.scr

If Virustotal is too busy please try Jotti

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    DirLook::
    C:\Program Files\Common Files\wiuq
    File::
    C:\Documents and Settings\Michael\.jpi_cache\jar\1.0\jvmsecman.jar-6b26dca8-7d578fb9.zip
    C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-7fd394f8.zip
    C:\Documents and Settings\Owner\My Documents\My Downloads\Application\antivirus\WebfettiSetup2.2.60.11-2.ZKfox000.exe
    C:\Limewire Downloads\Eighties classic (china).wma
    C:\WINDOWS\mbkwnst.exe
    C:\WINDOWS\system32\2scenicwu.exe
    C:\WINDOWS\system32\3scenices.exe
    Folder::
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8LWFWBC7
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CLG1ET81
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U9QZW7WH
    C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\60AD513D-E2E6-4326-B13F-2E80A5
    C:\Documents and Settings\Michael\Application Data\Search Settings
    C:\Documents and Settings\Owner\Application Data\Search Settings
    C:\Program Files\Dealio
    C:\Program Files\Search Settings
    Driver::
    rxp
    APLMp50
    Registry::
    
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfe02be0-f2d6-4666-b58e-002163a87ff4}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F20CEF7E-299E-43E2-ABC8-215DA75EC9FB}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2B7677C-EC71-4A42-B51E-9ECBF79EFFC3}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skado"=-
    "Orb"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SearchSettings"=-
    "iTunesHelper"=-
    "40408b53"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhecd]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkkli]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tqcwotww]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampControlbandUpdate]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=-
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=-
    "C:\\Program Files\\BearShare\\BearShare.exe"=-
    "C:\WINDOWS\system32\bsvruujl.exe"=-
    "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=-
    "C:\\Program Files\\eMule\\emule.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
if exist C:\kresults.txt del /q C:\kresults.txt
FOR %%G IN (
C:\backupnotify.exe
C:\Changer.exe
) DO (
dir /a /s %%G >> C:\kresults.txt
)
start notepad C:\kresults.txt
del /q look.bat
exit


Double click on look.bat

Notepad will open, please copy/paste the results here


How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 24th, 2008, 5:31 pm

VirusTotal results C:\Program Files\.autoreg
MD5: a63c90cc3684ad8b0a2176a6a8fe9005
Date: 02.22.2008 18:12:35 (CET) [>2D]
Results: 0/32
Permalink: analisis/4a5683202b96ede21090c3b3d5e07c2a

Antivirus Version Last Update Result
AhnLab-V3 2008.2.22.0 2008.02.22 -
AntiVir 7.6.0.67 2008.02.22 -
Authentium 4.93.8 2008.02.22 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.22 -
BitDefender 7.2 2008.02.22 -
CAT-QuickHeal 9.50 2008.02.22 -
ClamAV 0.92.1 2008.02.22 -
DrWeb 4.44.0.09170 2008.02.22 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5555 2008.02.22 -
Ewido 4.0 2008.02.22 -
FileAdvisor 1 2008.02.22 -
Fortinet 3.14.0.0 2008.02.22 -
F-Prot 4.4.2.54 2008.02.22 -
F-Secure 6.70.13260.0 2008.02.22 -
Ikarus T3.1.1.20 2008.02.22 -
Kaspersky 7.0.0.125 2008.02.22 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.22 -
NOD32v2 2896 2008.02.22 -
Norman 5.80.02 2008.02.22 -
Panda 9.0.0.4 2008.02.21 -
Prevx1 V2 2008.02.22 -
Rising 20.32.42.00 2008.02.22 -
Sophos 4.26.0 2008.02.22 -
Sunbelt 3.0.890.0 2008.02.22 -
Symantec 10 2008.02.22 -
TheHacker 6.2.9.226 2008.02.22 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.22 -
Webwasher-Gateway 6.6.2 2008.02.22 -
Additional information
File size: 10 bytes
MD5: a63c90cc3684ad8b0a2176a6a8fe9005
SHA1: 9694c4ebd673a5e2fd26e4b2e64f92e914ebd95f
PEiD: -

VirusTotal results C:\WINDOWS\system32\ElectricSheep.scr
0 bytes size received / Se ha recibido un archivo vacio
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby mickd3 » February 24th, 2008, 6:20 pm

After rebooting, ComboFix stalled at Preparing Log Report.
Is there any way to make it prepare the report?
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 24th, 2008, 6:25 pm

Please double click ComboFix to run it again.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware