Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

3v.m feed.com malware redirect issue

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

3v.m feed.com malware redirect issue

Unread postby raven007 » March 6th, 2008, 7:09 am

When I go onto the internet and use the yahoo search engine and click on the link I keep getting redirected by the http\3v.m feed.com malware. Thanks for the help!

I have posted the highjack log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:57 AM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - S-1-5-18 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O21 - SSODL: zip - {2ccef484-33ab-4d2d-bb96-4d222b18d8e6} - C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8988 bytes
raven007
Active Member
 
Posts: 7
Joined: March 6th, 2008, 7:04 am
Advertisement
Register to Remove

Re: 3v.m feed.com malware redirect issue

Unread postby chryssi2001 » March 6th, 2008, 2:09 pm

Hello raven007,

I will be assisting you with your malware issues.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
-------------------------------------------
Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: 3v.m feed.com malware redirect issue

Unread postby raven007 » March 6th, 2008, 8:36 pm

here is the the combofix log:

ComboFix 08-03-06.2 - master 2008-03-06 19:23:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1546 [GMT -5:00]
Running from: C:\donwloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-04 16:15 . 2008-03-04 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-01 20:00 . 2008-03-01 20:00 <DIR> d-------- C:\Program Files\Marvell
2008-03-01 17:43 . 2008-03-01 17:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 07:28 . 2008-03-06 19:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-01 07:28 . 2008-03-01 07:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 07:10 . 2008-03-01 07:10 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-01 07:09 . 2008-03-01 07:23 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-03-01 07:08 . 2008-03-01 07:18 <DIR> d-------- C:\Program Files\Symantec
2008-03-01 07:08 . 2008-03-01 07:18 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-01 07:08 . 2008-03-01 07:18 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-01 07:08 . 2008-03-01 07:18 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-01 07:08 . 2008-03-01 07:18 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-01 06:30 . 2008-03-01 07:11 <DIR> d-------- C:\Documents and Settings\master\Application Data\Symantec
2008-03-01 06:30 . 2008-03-06 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-01 06:29 . 2008-03-06 19:22 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-24 19:34 . 2008-02-24 19:34 <DIR> d-------- C:\Program Files\Microsoft Games
2008-02-22 16:42 . 2008-03-01 06:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-22 16:42 . 2008-03-01 06:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 16:16 . 2008-03-05 16:00 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-07 07:46 . 2008-02-07 07:46 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-02-07 07:46 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-02-07 07:44 . 2008-02-07 07:44 <DIR> d-------- C:\Program Files\Atari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 21:15 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 19:41 --------- d-----w C:\Program Files\Guild Wars
2008-03-02 01:00 --------- d-----w C:\Program Files\7-Zip
2008-02-10 11:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-03 11:17 --------- d-----w C:\Program Files\Kap.SATc
2008-02-02 22:30 --------- d-----w C:\Program Files\Activision
2008-02-02 19:25 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 14:57 11,540 -c--a-w C:\Program Files\install.log
2008-02-02 14:21 --------- d-----w C:\Documents and Settings\master\Application Data\U3
2008-02-02 01:18 --------- d-----w C:\Documents and Settings\master\Application Data\Ahead
2008-02-01 23:25 22,328 ----a-w C:\Documents and Settings\master\Application Data\PnkBstrK.sys
2008-01-27 00:00 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2008-01-25 21:17 --------- d-----w C:\Program Files\IBM and Crayola
2008-01-25 12:39 --------- d-----w C:\Program Files\Steam
2008-01-25 12:35 --------- d-----w C:\Program Files\Warcraft III
2008-01-25 12:31 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-25 12:17 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2003-03-21 20:37 16,056 -c--a-w C:\Program Files\owcstp16.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-01 07:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 20:02 1880064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 03:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 01:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 20:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 18:07 49263]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-08 07:17 180269]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53 714608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-09-24 12:15:57 184320]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-26 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-26 51984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {2ccef484-33ab-4d2d-bb96-4d222b18d8e6} - C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll [2008-02-16 13:38 38438]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Steam\\steamapps\\rav3n007\\team fortress 2\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Team17\\Worms Armageddon\\wa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 02:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 pfsvgae;pfsvgae;C:\DOCUME~1\master\LOCALS~1\Temp\pfsvgae.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f45fe56e-ab8c-11dc-bda7-0011d8cb03e3}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 23:11:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 12:13:22 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - master.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 19:28:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-06 19:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 00:31:03
.
2008-02-13 10:39:07 --- E O F ---



here is the new highjack log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:23 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O21 - SSODL: zip - {2ccef484-33ab-4d2d-bb96-4d222b18d8e6} - C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8501 bytes
raven007
Active Member
 
Posts: 7
Joined: March 6th, 2008, 7:04 am

Re: 3v.m feed.com malware redirect issue

Unread postby chryssi2001 » March 7th, 2008, 7:45 am

Hello raven007 :),

I see this program installed on your pc. As much as i searched i can't find any information about it. Do you know what it is? Did you intentionally installed it on your pc? If you don't know what it is, and you did not install it, remove it via Add/Remove programs. Please let me know.

Kap.SATc
----------------------------------------------
Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 5.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 5 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u4-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O21 - SSODL: zip - {2ccef484-33ab-4d2d-bb96-4d222b18d8e6} - C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\DOCUME~1\master\LOCALS~1\Temp\pfsvgae.sys
    C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll
    
    Driver::
    pfsvgae
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------------
Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
----------------------------------------------
Post back:
Information about Kap.SATc
Combofix report.
Kaspersky report.
A new HijackThis log.
Is the pc behaving better now?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: 3v.m feed.com malware redirect issue

Unread postby raven007 » March 7th, 2008, 8:32 pm

Hi Chryssi2001: :cheers:


Information on Kap.SATc - This is the kaplan SAT study program for college. I have removed it.

I have updated java to 6 update 5

I have selected and fixed the highjack file you listed.

I have completed the CFScript.txt combo fix code you wrote.

My internet seems to be running ok now. I am not being redirected.

I have attached the combofix report below:

ComboFix 08-03-06.2 - master 2008-03-07 17:37:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1558 [GMT -5:00]
Running from: C:\donwloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\master\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\master\LOCALS~1\Temp\pfsvgae.sys
C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\master\LOCALS~1\Temp\pfsvgae.sys
C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_PFSVGAE
-------\pfsvgae


((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-07 17:38 . 2008-03-07 17:38 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-03-07 17:28 . 2008-03-07 17:28 <DIR> d-------- C:\Program Files\Sun
2008-03-07 17:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-07 17:25 . 2008-03-07 17:28 <DIR> d-------- C:\Program Files\Java
2008-03-07 17:25 . 2008-03-07 17:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-04 16:15 . 2008-03-04 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-01 20:00 . 2008-03-01 20:00 <DIR> d-------- C:\Program Files\Marvell
2008-03-01 17:43 . 2008-03-01 17:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 07:28 . 2008-03-07 17:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-01 07:28 . 2008-03-01 07:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 07:10 . 2008-03-01 07:10 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-01 07:09 . 2008-03-01 07:23 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-03-01 07:08 . 2008-03-01 07:18 <DIR> d-------- C:\Program Files\Symantec
2008-03-01 07:08 . 2008-03-01 07:18 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-01 07:08 . 2008-03-01 07:18 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-01 07:08 . 2008-03-01 07:18 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-01 07:08 . 2008-03-01 07:18 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-01 06:30 . 2008-03-01 07:11 <DIR> d-------- C:\Documents and Settings\master\Application Data\Symantec
2008-03-01 06:30 . 2008-03-07 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-01 06:29 . 2008-03-07 17:36 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-24 19:34 . 2008-02-24 19:34 <DIR> d-------- C:\Program Files\Microsoft Games
2008-02-22 16:42 . 2008-03-01 06:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-22 16:42 . 2008-03-01 06:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 16:16 . 2008-03-07 15:52 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-07 07:46 . 2008-02-07 07:46 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-02-07 07:46 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-02-07 07:44 . 2008-02-07 07:44 <DIR> d-------- C:\Program Files\Atari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 21:15 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 19:41 --------- d-----w C:\Program Files\Guild Wars
2008-03-02 01:00 --------- d-----w C:\Program Files\7-Zip
2008-02-10 11:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 22:30 --------- d-----w C:\Program Files\Activision
2008-02-02 19:25 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 14:57 11,540 -c--a-w C:\Program Files\install.log
2008-02-02 14:21 --------- d-----w C:\Documents and Settings\master\Application Data\U3
2008-02-02 01:18 --------- d-----w C:\Documents and Settings\master\Application Data\Ahead
2008-02-01 23:25 22,328 ----a-w C:\Documents and Settings\master\Application Data\PnkBstrK.sys
2008-01-27 00:00 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2008-01-25 21:17 --------- d-----w C:\Program Files\IBM and Crayola
2008-01-25 12:39 --------- d-----w C:\Program Files\Steam
2008-01-25 12:35 --------- d-----w C:\Program Files\Warcraft III
2008-01-25 12:31 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-25 12:17 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2003-03-21 20:37 16,056 -c--a-w C:\Program Files\owcstp16.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-06_19.30.51.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-09 21:28:20 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 21:28:30 53,346 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 23:07:32 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-01 07:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 20:02 1880064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 03:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 01:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 20:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-08 07:17 180269]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-09-24 12:15:57 184320]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-26 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-26 51984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {2ccef484-33ab-4d2d-bb96-4d222b18d8e6} - C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Steam\\steamapps\\rav3n007\\team fortress 2\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Team17\\Worms Armageddon\\wa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 02:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f45fe56e-ab8c-11dc-bda7-0011d8cb03e3}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 23:11:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 12:13:22 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - master.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 17:42:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-03-07 17:45:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 22:45:37
ComboFix2.txt 2008-03-07 00:31:08
.
2008-02-13 10:39:07 --- E O F ---


I have attached the Kaspersky online AV scanner file below:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 07, 2008 7:21:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/03/2008
Kaspersky Anti-Virus database records: 610492
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 77743
Number of viruses found: 3
Number of infected objects: 308
Number of suspicious objects: 0
Duration of the scan process: 01:20:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{7EE525E7-5D7E-4191-9336-F217076C1192}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{C4F978C1-95A7-4F73-B4D3-D0A54D512C43}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{3341A53A-8B9E-4E19-94CE-759E0AB878F3}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{3341A53A-8B9E-4E19-94CE-759E0AB878F3}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\BF4480CA.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\master\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\master\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\master\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Temp\~DF649B.tmp Object is locked skipped
C:\Documents and Settings\master\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\master\ntuser.dat Object is locked skipped
C:\Documents and Settings\master\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll.vir Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051185.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051194.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051199.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051205.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051276.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051281.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051338.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051343.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051348.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051419.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051490.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051623.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051628.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051633.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051651.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051657.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052436.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052510.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052588.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052593.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052601.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052607.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052612.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052621.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052693.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052699.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052704.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052714.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052720.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052727.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052735.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052745.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052750.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052756.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052761.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052768.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052777.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052783.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052789.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052794.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052800.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052807.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052815.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052821.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052832.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052838.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052965.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052971.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053042.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053053.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053123.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053196.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053270.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053343.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053476.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0053895.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0053970.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0053976.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0053982.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054118.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054126.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054132.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054139.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054145.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054153.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054159.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054170.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054176.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054185.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054195.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054206.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054216.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054222.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054229.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054236.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP258\A0054248.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP258\A0054254.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP258\A0054264.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP260\A0054305.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP260\A0054317.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054325.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054335.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054345.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054377.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054410.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054416.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054423.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054432.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054438.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054445.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054451.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054457.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054463.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054478.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054487.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054496.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054502.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054508.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054514.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054520.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054526.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054535.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054549.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054555.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054561.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054567.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054573.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054579.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054588.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054594.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054602.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054609.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054615.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054624.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054630.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054636.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054644.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054654.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054660.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054671.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054679.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054685.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054693.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054701.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054710.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054719.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054726.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054732.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054740.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054746.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054752.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054757.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054763.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055139.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055145.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055151.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055157.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055163.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055168.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP266\A0055175.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP266\A0055181.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP266\A0055190.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP266\A0055196.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055283.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055289.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055295.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055318.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055324.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055333.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055370.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055376.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055386.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055393.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055401.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055413.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055423.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055436.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055449.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055455.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055465.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055476.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP269\A0055489.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0056489.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057489.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057494.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057500.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057511.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057526.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057535.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057551.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057556.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057561.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057571.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057608.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057613.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057619.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057625.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057631.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057639.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057645.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057656.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057663.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057672.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057679.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057689.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057695.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057701.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057706.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057714.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057730.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057736.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057748.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057758.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057764.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057773.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057783.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057792.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057798.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057805.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057812.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057823.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057831.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057933.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057939.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057946.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057952.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057958.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057965.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057971.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057977.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057982.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057988.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057994.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0058004.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP274\A0058018.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP274\A0058026.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP274\A0058035.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058118.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058124.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058134.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058140.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058147.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058153.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058164.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058169.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058175.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058184.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058190.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058202.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058208.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058215.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058221.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058233.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058239.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058248.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058254.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058260.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058266.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058273.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059273.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059280.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059286.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059295.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059304.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059313.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059319.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059325.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059331.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059342.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059351.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059365.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059372.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059382.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059388.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059393.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059403.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059411.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060411.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060417.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060426.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060435.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060445.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060455.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060465.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060474.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060481.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060491.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060496.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0061496.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0061501.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0061508.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061560.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061565.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061570.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061575.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061580.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061585.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061590.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061595.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061600.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061605.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061610.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061615.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061620.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061628.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061633.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061641.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061646.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061651.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061656.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061663.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061673.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061678.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061684.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061690.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061697.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061704.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061709.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061715.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061720.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061729.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061745.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061762.exe Infected: Trojan-PSW.Win32.OnLineGames.lz skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0062253.exe Infected: Trojan-PSW.Win32.OnLineGames.lz skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0062289.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP292\A0064278.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP292\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{eb38534e-c041-4290-96f0-39c42642f3c7}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETAFC8.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000004-20021102}.CDF Object is locked skipped

Scan process completed.


I have attached the new highjack log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:54 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O21 - SSODL: zip - {2ccef484-33ab-4d2d-bb96-4d222b18d8e6} - C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8693 bytes
raven007
Active Member
 
Posts: 7
Joined: March 6th, 2008, 7:04 am

Re: 3v.m feed.com malware redirect issue

Unread postby chryssi2001 » March 8th, 2008, 4:09 am

Hello raven007,

Registrar Registry Manager
Use this link http://www.resplendence.com/registrar scroll to the end of the page and download and install the program Registrar Registry Manager.
  • Once it is installed, please double click on the icon that should now be on your desktop.
  • If an icon is not there, then check under programs portion of the Start Menu.
  • Once it is opened, click on search, then search registry.
  • In the new screen, enter C:\WINDOWS\Installer\{eb38534e-c041-4290-96f0-39c42642f3c7}\zip.dll
    in the text to search for field, and in the search in field, then press the magnifying glass button at the bottom.
Copy back here what keys come up.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: 3v.m feed.com malware redirect issue

Unread postby raven007 » March 8th, 2008, 6:35 am

Hi Chryssi2001,

I have downloaded registrar registry manager and posted the key information below:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb38534e-c041-4290-96f0-39c42642f3c7}\InProcServer32
raven007
Active Member
 
Posts: 7
Joined: March 6th, 2008, 7:04 am

Re: 3v.m feed.com malware redirect issue

Unread postby chryssi2001 » March 8th, 2008, 1:19 pm

Hello raven,

I need to confirm something and will be back asap. :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: 3v.m feed.com malware redirect issue

Unread postby chryssi2001 » March 9th, 2008, 2:11 am

Hello raven007,

I apologise for the delay.
------------------------------------------------
COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}
    C:\WINDOWS\Installer\{eb38534e-c041-4290-96f0-39c42642f3c7}
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "zip"=-
    [-HKEY_CLASSES_ROOT\CLSID\{eb38534e-c041-4290-96f0-39c42642f3c7}]
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
------------------------------------------------
Use registrar registry manager like before, to confirm that there is no Key for this anymore:
C:\WINDOWS\Installer\{eb38534e-c041-4290-96f0-39c42642f3c7}\zip.dll
If it still shows, post back the Key, and do not run Kaspersky as in my next instruction.
------------------------------------------------
If no results from registrar registry manager, run Kaspersky again.
------------------------------------------------
Post back:
Combofix report.
A new HijackThis.
Kaspersky report if the Key dissappeared.
Let me know the results from registrar registry manager.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: 3v.m feed.com malware redirect issue

Unread postby raven007 » March 9th, 2008, 7:37 am

Hi Chyssi2001,

The file did not show up on the registrar registy manager.

here is the combofix log:

ComboFix 08-03-06.2 - master 2008-03-09 5:47:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1569 [GMT -4:00]
Running from: C:\donwloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\master\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}
C:\WINDOWS\Installer\{eb38534e-c041-4290-96f0-39c42642f3c7}
.

((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 06:20 . 2008-03-08 06:20 <DIR> d-------- C:\Program Files\Registrar Registry Manager
2008-03-08 06:20 . 2008-02-09 12:20 31,280 --a------ C:\WINDOWS\system32\rrMon.sys
2008-03-07 18:47 . 2008-03-07 18:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-07 18:47 . 2008-03-07 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-07 18:28 . 2008-03-07 18:28 <DIR> d-------- C:\Program Files\Sun
2008-03-07 18:28 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-07 18:25 . 2008-03-07 18:28 <DIR> d-------- C:\Program Files\Java
2008-03-07 18:25 . 2008-03-07 18:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-04 17:15 . 2008-03-04 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-01 21:00 . 2008-03-01 21:00 <DIR> d-------- C:\Program Files\Marvell
2008-03-01 18:43 . 2008-03-01 18:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 08:28 . 2008-03-09 05:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-01 08:28 . 2008-03-01 08:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 08:10 . 2008-03-01 08:10 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-01 08:09 . 2008-03-01 08:23 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-03-01 08:08 . 2008-03-01 08:18 <DIR> d-------- C:\Program Files\Symantec
2008-03-01 08:08 . 2008-03-01 08:18 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-01 08:08 . 2008-03-01 08:18 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-01 08:08 . 2008-03-01 08:18 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-01 08:08 . 2008-03-01 08:18 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-01 07:30 . 2008-03-01 08:11 <DIR> d-------- C:\Documents and Settings\master\Application Data\Symantec
2008-03-01 07:30 . 2008-03-08 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-01 07:29 . 2008-03-08 06:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-24 20:34 . 2008-02-24 20:34 <DIR> d-------- C:\Program Files\Microsoft Games
2008-02-22 17:42 . 2008-03-01 07:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-22 17:42 . 2008-03-01 07:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 17:16 . 2008-03-08 17:15 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 21:15 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 19:41 --------- d-----w C:\Program Files\Guild Wars
2008-03-02 01:00 --------- d-----w C:\Program Files\7-Zip
2008-02-10 11:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-07 12:48 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-07 12:46 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-02-07 12:44 --------- d-----w C:\Program Files\Atari
2008-02-02 22:30 --------- d-----w C:\Program Files\Activision
2008-02-02 19:25 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 19:25 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-02 14:57 11,540 -c--a-w C:\Program Files\install.log
2008-02-02 14:21 --------- d-----w C:\Documents and Settings\master\Application Data\U3
2008-02-02 01:18 --------- d-----w C:\Documents and Settings\master\Application Data\Ahead
2008-02-01 23:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-01 23:25 22,328 ----a-w C:\Documents and Settings\master\Application Data\PnkBstrK.sys
2008-01-27 00:00 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2008-01-25 21:17 --------- d-----w C:\Program Files\IBM and Crayola
2008-01-25 12:39 --------- d-----w C:\Program Files\Steam
2008-01-25 12:35 --------- d-----w C:\Program Files\Warcraft III
2008-01-25 12:31 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-25 12:17 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2003-03-21 20:37 16,056 -c--a-w C:\Program Files\owcstp16.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-06_19.30.51.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2006-11-09 21:28:20 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 21:28:30 53,346 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 23:07:32 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-11-30 22:38:28 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 09:45:29 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-30 22:38:28 401,064 -c--a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 09:45:29 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-02-09 16:20:08 119,728 ----a-w C:\WINDOWS\system32\rrsec.dll
+ 2008-02-09 16:19:50 97,240 ----a-w C:\WINDOWS\system32\rrsec2k.exe
- 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 23:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-01 08:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 23:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 23:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 21:02 1880064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 13:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 04:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 02:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 21:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 04:00 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-08 08:17 180269]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 00:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-09-24 13:15:57 184320]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-26 01:00:00 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-26 01:00:00 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Steam\\steamapps\\rav3n007\\team fortress 2\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Team17\\Worms Armageddon\\wa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 03:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
S3 pfsvgae;pfsvgae;C:\DOCUME~1\master\LOCALS~1\Temp\pfsvgae.sys [2004-04-11 02:42]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f45fe56e-ab8c-11dc-bda7-0011d8cb03e3}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 23:11:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 12:13:22 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - master.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 05:50:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-09 5:50:42
ComboFix-quarantined-files.txt 2008-03-09 09:50:40
ComboFix2.txt 2008-03-07 22:45:41
ComboFix3.txt 2008-03-07 00:31:08
.
2008-02-13 10:39:07 --- E O F ---


Here is the highjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:42 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8579 bytes


Here is the kasperskly log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 7:32:02 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 617547
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 81494
Number of viruses found: 3
Number of infected objects: 308
Number of suspicious objects: 0
Duration of the scan process: 01:33:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{00A28074-5FB5-4B8F-A72D-1DCE5712924A}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{7B09A2AE-496C-4018-BDCB-13EA7E76D26C}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{A7FD1E2B-C56C-4020-9FF2-E32962EE8A80}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{3341A53A-8B9E-4E19-94CE-759E0AB878F3}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{3341A53A-8B9E-4E19-94CE-759E0AB878F3}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\27B646EB.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B5F26E76.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\master\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\master\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\master\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\History\History.IE5\MSHist012008030920080310\index.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Temp\~DF479F.tmp Object is locked skipped
C:\Documents and Settings\master\Local Settings\Temp\~DFA5D0.tmp Object is locked skipped
C:\Documents and Settings\master\Local Settings\Temp\~DFA5F2.tmp Object is locked skipped
C:\Documents and Settings\master\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\master\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\master\ntuser.dat Object is locked skipped
C:\Documents and Settings\master\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}\zip.dll.vir Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051185.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051194.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051199.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051205.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051276.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051281.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051338.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051343.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051348.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051419.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051490.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051623.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051628.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051633.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051651.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP243\A0051657.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052436.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052510.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052588.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052593.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052601.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052607.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052612.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052621.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052693.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052699.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052704.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052714.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052720.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052727.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052735.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052745.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052750.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052756.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052761.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052768.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052777.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052783.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052789.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052794.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052800.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052807.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052815.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052821.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052832.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052838.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052965.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0052971.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053042.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053053.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053123.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053196.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053270.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053343.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP256\A0053476.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0053895.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0053970.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0053976.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0053982.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054118.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054126.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054132.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054139.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054145.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054153.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054159.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054170.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054176.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054185.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054195.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054206.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054216.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054222.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054229.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP257\A0054236.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP258\A0054248.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP258\A0054254.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP258\A0054264.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP260\A0054305.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP260\A0054317.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054325.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054335.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054345.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054377.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054410.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054416.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054423.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054432.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054438.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054445.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054451.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054457.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054463.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054478.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054487.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054496.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054502.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054508.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054514.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054520.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054526.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054535.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054549.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054555.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054561.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054567.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054573.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054579.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054588.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054594.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054602.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054609.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054615.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054624.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054630.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP261\A0054636.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054644.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054654.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054660.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054671.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054679.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054685.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054693.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054701.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054710.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP262\A0054719.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054726.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054732.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054740.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054746.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054752.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054757.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP263\A0054763.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055139.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055145.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055151.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055157.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055163.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP265\A0055168.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP266\A0055175.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP266\A0055181.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP266\A0055190.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP266\A0055196.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055283.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055289.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055295.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055318.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055324.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055333.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055370.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055376.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055386.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055393.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055401.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055413.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055423.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055436.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055449.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055455.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055465.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP268\A0055476.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP269\A0055489.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0056489.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057489.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057494.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057500.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057511.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057526.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057535.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057551.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057556.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057561.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP270\A0057571.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057608.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057613.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057619.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057625.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057631.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057639.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057645.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057656.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057663.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057672.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057679.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057689.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057695.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057701.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057706.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP271\A0057714.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057730.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057736.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057748.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057758.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057764.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057773.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057783.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057792.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057798.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057805.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057812.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057823.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057831.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057933.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057939.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057946.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057952.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057958.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057965.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057971.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057977.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057982.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057988.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0057994.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP273\A0058004.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP274\A0058018.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP274\A0058026.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP274\A0058035.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058118.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058124.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058134.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058140.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058147.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058153.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058164.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058169.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058175.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP275\A0058184.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058190.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058202.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058208.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058215.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058221.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058233.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP276\A0058239.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058248.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058254.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058260.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058266.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0058273.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059273.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059280.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059286.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059295.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059304.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059313.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059319.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059325.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059331.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059342.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059351.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059365.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059372.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059382.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059388.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059393.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059403.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0059411.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060411.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060417.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060426.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060435.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060445.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060455.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060465.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060474.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060481.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060491.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0060496.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0061496.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0061501.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP277\A0061508.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061560.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061565.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061570.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061575.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061580.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061585.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061590.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061595.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061600.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061605.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061610.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061615.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061620.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061628.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061633.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061641.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061646.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061651.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061656.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP278\A0061663.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061673.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061678.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061684.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061690.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061697.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061704.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061709.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061715.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061720.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061729.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061745.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0061762.exe Infected: Trojan-PSW.Win32.OnLineGames.lz skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0062253.exe Infected: Trojan-PSW.Win32.OnLineGames.lz skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP279\A0062289.dll Infected: Trojan-PSW.Win32.WOW.qf skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP292\A0064278.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\System Volume Information\_restore{276A9A37-5BA7-48ED-A19C-4DF6EA836B46}\RP293\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{eb38534e-c041-4290-96f0-39c42642f3c7}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9CDBA64C-7B69-4D4A-87A3-3CEED7C2FC67}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETF220.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000004-20021102}.CDF Object is locked skipped

Scan process completed.
raven007
Active Member
 
Posts: 7
Joined: March 6th, 2008, 7:04 am

Re: 3v.m feed.com malware redirect issue

Unread postby chryssi2001 » March 9th, 2008, 10:33 am

Hello raven007,

I can't see any firewall in your HijackThis log, so i assume you use windows firewall.

FIREWALL
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly. It's preferable to install one of the suggested firewalls.

FREE FIREWALLS
Tutorial about Firewalls can be found here
--------------------------------------------------------------
Please download the OTMoveIt2 by OldTimer and Save it to your Desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\WINDOWS\Installer\{eb38534e-c041-4290-96f0-39c42642f3c7}
    C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6}

  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: 3v.m feed.com malware redirect issue

Unread postby raven007 » March 9th, 2008, 11:44 am

Hi Chryssi2001,

My son had my Norton firewall turned off. I have corrected that.

I have attached the OTmove2 file you requested below:

C:\WINDOWS\Installer\{eb38534e-c041-4290-96f0-39c42642f3c7} moved successfully.
C:\WINDOWS\Installer\{2ccef484-33ab-4d2d-bb96-4d222b18d8e6} moved successfully.

OTMoveIt2 v1.0.20 log created on 03092008_114113
raven007
Active Member
 
Posts: 7
Joined: March 6th, 2008, 7:04 am

Re: 3v.m feed.com malware redirect issue

Unread postby chryssi2001 » March 9th, 2008, 12:03 pm

Hello raven007,

Great work. :)
----------------------------------------------------
Please remove REGISTRAR REGISTRY MANANER.
----------------------------------------------------
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
----------------------------------------------------
Congratulations you are clean! :)

Here are some free programs I recommend that could help you improve your computer's security.
(Vista users must ensure that any programs are Vista compatible BEFORE installing)

Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing!
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: 3v.m feed.com malware redirect issue

Unread postby raven007 » March 9th, 2008, 12:24 pm

Hi Chryssi2001, :cheers:

Thanks for all the help!
raven007
Active Member
 
Posts: 7
Joined: March 6th, 2008, 7:04 am

Re: 3v.m feed.com malware redirect issue

Unread postby chryssi2001 » March 9th, 2008, 12:40 pm

You are welcome :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware