Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Lots of Popups and its slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Lots of Popups and its slow

Unread postby Megaman001 » March 9th, 2008, 11:53 am

Hey, My computer is running really slow and there are a lot of popups from somthing called CiD.

Here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:31 AM, on 3/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Instafinder\instafinder.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\TWljaGFlbA\command.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\JavaCore\JavaCore.exe
c:\documents and settings\all users\start menu\programs\startup\svchost.exe
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael\Application Data\Microsoft\dsenxil.exe
C:\Documents and Settings\Michael\Application Data\WinTouch\WinTouch.exe
C:\WINDOWS\b116.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafinder.com/addsearch.asp?err=ADD&url=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: (no name) - {2AFD79D5-8112-447A-882B-BC82DA1A59DC} - C:\Program Files\MSN\wyzolytih89104.dll
O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINDOWS\System32\yayvvss.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\City drive.exe
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [Boob comp] C:\DOCUME~1\Michael\APPLIC~1\FUNKME~1\defy road corn.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Michael\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Michael\Application Data\Microsoft\dsenxil.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O20 - Winlogon Notify: yayvvss - C:\WINDOWS\SYSTEM32\yayvvss.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWljaGFlbA\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

--
End of file - 5293 bytes
Megaman001
Active Member
 
Posts: 9
Joined: March 9th, 2008, 11:48 am
Advertisement
Register to Remove

Re: Lots of Popups and its slow

Unread postby Simon V. » March 11th, 2008, 4:29 pm

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

Please go to Start > Control Panel and double click on Add or Remove Programs. Uninstall the following programs if they are present:

BigMAQ Toolbar
Bitgrabber
BitRol
Bitdownload
Browser Enhancer
CiD Help
CiD Manager
DivoCodec
Download Plugin for Internet Explorer
Lop.com
LOP SEARCH
Messenger Plus or Messenger Plus and Client
Netpumper
Search Plugin
Torrent101
Ultimate Browser Enhancer
Window Search
Window Searching
WinZix
W3player
Zone Media


During the uninstallation, you might be asked to verify. Enter the numbers shown in the window and continue.

Restart your computer.

Once your computer has restarted, download deljob.exe and save it to your desktop.

  • Double click on deljob.exe.
  • A log, (logit.txt) will open, and it will be saved to your desktop.

Step 2

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.

  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.

Step 3

Print these instructions or copy them to Notepad and save it to your desktop, as you won't be able to access internet in Safe Mode.

Please download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows directory, typically C:\SDFix)

Please reboot into Safe Mode. To do this, go to Start > Turn off Computer, and select Restart. Rapidly tap F8 just before Windows starts to load. In the menu that appears, select Safe Mode (Without Networking)

Log in to your usual account.

Once in Safe Mode, do the following:

Open the extracted SDFix folder and double-click RunThis.bat to start the script.

  • Type Y to begin the cleanup process.
  • It will remove any trojan services and registry entries that it finds, then prompt you to press any key to reboot; press any key and it will restart the PC.
  • When the PC restarts SDFix will run again and complete the removal process then display Finished. Press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to clipboard ready for posting back on the forum).

Step 4

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix (C:\Combofix.txt) when you've accomplished that, along with a new HijackThis log, the deljob log (logit.txt, the CCleaner Uninstall List (install.txt) and the SDFix log (C:\SDFix\Report.txt).
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Lots of Popups and its slow

Unread postby Megaman001 » March 11th, 2008, 7:37 pm

Hello,

-Most of the things you asked me to uninstall were not listed on add/remove programs. The only one I found CiD help, would not uninstall.

- When I tried to open deljob, I get an error "Error 26 running command ./deljob.bat"

- I cannot boot to safemode, I restarted and pressed F8 but the normal windows screen came up. I tried again and this happened again.

Here is the combo and ccleaner.

Adobe Flash Player ActiveX
CCleaner (remove only)
CiD Help
Command
eDonkey2000
HijackThis 2.0.2
Instafinder
Java(TM) 6 Update 4
Kaspersky Online Scanner
Kazaa 3.2.7
Malwarebytes' Anti-Malware
Mozilla Firefox (2.0.0.12)
Need2Find Bar
Network Monitor
NoDNS
nvcoi
Outerinfo
P2P Networking
Peer Points Manager
RABCO
RX Bar
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Warez 3.2.0
WebFldrs XP
WinTouch

ComboFix 08-03-10.1 - Michael 2008-03-11 15:15:38.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.87 [GMT -8:00]
Running from: C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\SNIHC7KB\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Michael\Application Data\WinTouch
C:\Documents and Settings\Michael\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Michael\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Michael\Application Data\WinTouch\WTUninstaller.exe
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\MSN\wyzolytih89104.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\RABCO
C:\Program Files\RABCO\ExecutionDll.dll
C:\Program Files\RABCO\RABCO.dll
C:\Program Files\RABCO\RABCO.dll.intermediate.manifest
C:\Program Files\RABCO\RABCOse.exe
C:\Program Files\RABCO\RABCOse.info
C:\Program Files\RABCO\RABCOse.original
C:\Program Files\RABCO\Setup.log
C:\Program Files\RABCO\un_RABCOSetup_16230.exe
C:\Program Files\RABCO\un_RABCOSetup_16230.txt
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\RABCO\X_RABCOse.log
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\b.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\pciidexx.sys
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\yayvvss.dll
C:\WINDOWS\TWljaGFlbA\
C:\WINDOWS\TWljaGFlbA\\asappsrv.dll
C:\WINDOWS\TWljaGFlbA\\command.exe
C:\WINDOWS\TWljaGFlbA\\nq53u3I5vE.vbs
C:\WINDOWS\TWljaGFlbA\command.exe
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_PCIIDEXX
-------\cmdService
-------\Network Monitor
-------\pciidexx


((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-11 15:07 . 2008-03-11 15:07 40,960 --a------ C:\WINDOWS\quit.exe
2008-03-11 15:07 . 2008-03-11 15:07 36,864 --a------ C:\WINDOWS\system32\fwehg.exe
2008-03-11 15:07 . 2008-03-11 15:07 36,864 --a------ C:\WINDOWS\d7hjthfj.exe
2008-03-11 14:38 . 2008-03-11 14:53 <DIR> d-------- C:\Program Files\CCleaner
2008-03-09 07:48 . 2008-03-09 07:49 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-09 07:40 . 2008-03-09 07:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-09 07:24 . 2008-03-09 07:24 <DIR> d-------- C:\Program Files\funk meal test
2008-03-09 07:24 . 2008-03-09 07:24 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\funk meal test
2008-03-09 07:24 . 2008-03-09 07:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bind army eggs joy
2008-03-09 07:23 . 2008-03-11 14:15 <DIR> d-------- C:\Program Files\BitDownload
2008-03-09 07:20 . 2008-03-11 15:25 36,864 --a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-03-09 07:20 . 2008-03-11 15:25 17,878 --ah----- C:\WINDOWS\system32\vcmgcd32.dl_
2008-03-09 07:17 . 2008-03-09 07:30 <DIR> d-------- C:\Documents and Settings\Michael\Incomplete
2008-03-09 07:11 . 2008-03-09 07:11 <DIR> d-------- C:\Program Files\nvcoi
2008-03-09 06:46 . 2008-03-09 06:46 <DIR> d-------- C:\WINDOWS\system32\typ2
2008-03-09 06:46 . 2008-03-09 06:46 <DIR> d-------- C:\WINDOWS\system32\iDlo18
2008-03-09 06:46 . 2008-03-09 06:46 <DIR> d-------- C:\WINDOWS\system32\ech5
2008-03-09 06:46 . 2008-03-09 06:46 <DIR> d-------- C:\WINDOWS\system32\dr6
2008-03-09 06:42 . 2008-03-09 07:14 <DIR> d-------- C:\Program Files\Incomplete
2008-03-09 06:41 . 2008-03-11 15:25 <DIR> d-------- C:\Program Files\eDonkey2000
2008-03-09 06:35 . 2008-03-11 15:25 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Warez
2008-03-09 06:33 . 2008-03-09 06:33 <DIR> d-------- C:\WINDOWS\cdmxtras
2008-03-09 06:33 . 2008-03-09 07:11 <DIR> d-------- C:\Program Files\RXToolBar
2008-03-09 06:33 . 2008-03-09 06:33 <DIR> d-------- C:\Program Files\Need2Find
2008-03-09 06:33 . 2008-03-09 06:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 06:33 . 2008-03-09 06:33 <DIR> d-------- C:\Program Files\Instafinder
2008-03-09 06:33 . 2008-03-09 06:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-03-09 06:31 . 2008-03-09 06:31 <DIR> d-------- C:\WINDOWS\system32\P2P Networking
2008-03-09 06:31 . 2008-03-09 06:33 <DIR> d-------- C:\Program Files\Kazaa
2008-03-09 06:31 . 2008-03-09 06:33 <DIR> d-------- C:\Program Files\Altnet
2008-03-09 06:31 . 2008-03-09 06:31 77,312 --a------ C:\WINDOWS\system32\P2P Networking v126.cpl
2008-03-09 06:30 . 2008-03-11 15:26 <DIR> d-------- C:\Program Files\Warez
2008-03-09 06:29 . 2008-03-09 07:30 <DIR> d-------- C:\Program Files\LimeWire
2008-03-08 17:44 . 2008-03-08 17:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-08 17:44 . 2008-03-08 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-08 16:36 . 2008-03-08 16:35 397,688 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-08 16:31 . 2008-03-08 16:31 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-08 16:26 . 2008-03-09 07:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 16:19 . 2008-03-09 07:30 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\LimeWire
2008-03-08 14:02 . 2008-03-08 14:02 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-03-08 12:54 . 2008-03-08 12:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-08 12:54 . 2008-03-08 12:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-08 12:54 . 2008-03-08 12:54 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-03-08 12:54 . 2008-03-08 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-08 12:19 . 2008-03-08 12:19 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-03-08 12:16 . 2008-03-08 12:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 12:02 . 2008-03-08 12:08 <DIR> d-------- C:\Program Files\Java
2008-03-08 12:01 . 2008-03-08 12:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-08 11:51 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-08 11:51 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-08 11:50 . 2008-03-09 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 11:46 . 2008-03-08 11:46 <DIR> d-------- C:\WINDOWS\system32\lows8
2008-03-08 11:46 . 2008-03-11 15:20 <DIR> d-------- C:\Temp
2008-03-08 11:31 . 2008-03-08 12:22 <DIR> d-------- C:\Program Files\Google
2008-03-08 11:30 . 2008-03-08 12:15 <DIR> d-------- C:\Downloads
2008-03-08 11:20 . 2008-03-08 11:20 <DIR> d---s---- C:\Documents and Settings\Michael\UserData
2008-03-08 11:05 . 2008-03-08 12:21 <DIR> d--hs---- C:\WINDOWS\Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 21:56 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"= "C:\Program Files\RXToolBar\RXToolBar.dll" [2006-07-04 22:48 628440]

[HKEY_CLASSES_ROOT\clsid\{25d8bacf-3de2-4b48-ae22-d659b8d835b0}]
[HKEY_CLASSES_ROOT\RXToolBar.TBInfo.1]
[HKEY_CLASSES_ROOT\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}]
[HKEY_CLASSES_ROOT\RXToolBar.TBInfo]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"= C:\Program Files\RXToolBar\RXToolBar.dll [2006-07-04 22:48 628440]

[HKEY_CLASSES_ROOT\clsid\{25d8bacf-3de2-4b48-ae22-d659b8d835b0}]
[HKEY_CLASSES_ROOT\RXToolBar.TBInfo.1]
[HKEY_CLASSES_ROOT\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}]
[HKEY_CLASSES_ROOT\RXToolBar.TBInfo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Warez"="C:\Program Files\Warez\Warez.exe" [2007-04-04 05:15 1191936]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-09 07:11 77824]
"Boob comp"="C:\DOCUME~1\Michael\APPLIC~1\FUNKME~1\defy road corn.exe" [2008-03-09 07:23 460288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" [2008-03-09 06:31 468152]
"Instafinder"="C:\Program Files\Instafinder\instafinder.exe" [2007-07-12 12:32 311296]
"eDonkey2000"="C:\Program Files\eDonkey2000\eDonkey2000.exe" [2005-07-27 07:14 2505886]
"eggs joy math type"="C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\City drive.exe" [2008-03-11 14:24 2619904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
RABCO - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\RABCO\RABCOse.exe.vir [2008-03-09 06:46:12 203264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll 2007-10-08 04:32 364544 C:\WINDOWS\system32\TPSvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

R0 vmscsi;vmscsi;C:\WINDOWS\System32\DRIVERS\vmscsi.sys [2007-10-08 04:32]
R2 hgfs;hgfs;C:\WINDOWS\System32\DRIVERS\hgfs.sys [2007-10-08 04:32]
R3 vmx_svga;vmx_svga;C:\WINDOWS\System32\DRIVERS\vmx_svga.sys [2007-10-08 04:32]


Contents of the 'Scheduled Tasks' folder
"2008-03-11 23:00:05 C:\WINDOWS\Tasks\AA3417A0918F8CD4.job"
- c:\docume~1\michael\applic~1\funkme~1\shim balm start.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 15:26:00
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
-> C:\WINDOWS\System32\vcmgcd32.dll
-> C:\Program Files\Instafinder\instafinder.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-03-11 15:27:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-11 23:27:13

Thanks
Megaman001
Active Member
 
Posts: 9
Joined: March 9th, 2008, 11:48 am

Re: Lots of Popups and its slow

Unread postby Simon V. » March 12th, 2008, 2:21 am

Hi :)

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Lots of Popups and its slow

Unread postby Megaman001 » March 12th, 2008, 7:27 am

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Megaman001
Active Member
 
Posts: 9
Joined: March 9th, 2008, 11:48 am

Re: Lots of Popups and its slow

Unread postby Simon V. » March 12th, 2008, 8:40 am

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

That's looking good, it should be OK now to reboot if you wish to do so.

Step 1

Click on Start, then Control Panel. Double click on Add or Remove Programs.

Please remove the following program(s):

Command
eDonkey2000
Instafinder
Java(TM) 6 Update 4
Kazaa 3.2.7
Need2Find Bar
Network Monitor
Outerinfo
P2P Networking
RABCO
RX Bar
Warez 3.2.0
WinTouch


Then download and install Java Runtime Environment (JRE) 6 Update 5.

Have a look here for safe Peer-to-Peer programs > http://www.malwareremoval.com/p2pindex.php

Remember that no matter how clean the program you're using for Peer-to-Peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via Peer-to-Peer filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., pirated software and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

Step 2

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?p=274289#p274289

Collect::[1]

C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\vcmgcd32.dl_

Suspect::[1]

C:\WINDOWS\system32\msxml3a.dll

File::

C:\WINDOWS\quit.exe
C:\WINDOWS\system32\fwehg.exe
C:\WINDOWS\d7hjthfj.exe
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\RABCO - Auto Update.lnk
C:\WINDOWS\Tasks\AA3417A0918F8CD4.job

Folder::

C:\Program Files\funk meal test
C:\Documents and Settings\Michael\Application Data\funk meal test
C:\Documents and Settings\All Users\Application Data\Bind army eggs joy
C:\Program Files\nvcoi
C:\WINDOWS\system32\typ2
C:\WINDOWS\system32\iDlo18
C:\WINDOWS\system32\ech5
C:\WINDOWS\system32\dr6
C:\WINDOWS\cdmxtras
C:\Program Files\RXToolBar
C:\Program Files\Need2Find
C:\Program Files\Instafinder
C:\WINDOWS\system32\lows8

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"=-
[-HKEY_CLASSES_ROOT\clsid\{25d8bacf-3de2-4b48-ae22-d659b8d835b0}]
[-HKEY_CLASSES_ROOT\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"=-
[-HKEY_CLASSES_ROOT\clsid\{25d8bacf-3de2-4b48-ae22-d659b8d835b0}]
[-HKEY_CLASSES_ROOT\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvcoi"=-
"Boob comp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Instafinder"=-


Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Image

Referring to the picture above, drag CFScript into ComboFix.exe.

When your computer has rebooted, a webpage will pop up. Please do as instructed and upload the file asked.

It will create a log. Be sure to save it to a convenient location.

Step 3

Please download Dr.Web CureIt to your desktop.

  • Doubleclick the drweb-cureit.exe file and allow to run the express scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings.
  • Choose the Scan-tab, and remove the mark next to Heuristic analysis.
  • Back at the main window, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found - Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image -

Image

  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the report to your desktop. The report will be called DrWeb.csv.
  • Close Dr.Web Cureit.
  • Reboot your computer! It could be possible that files in use will be moved/deleted during reboot.

Step 4

In your next reply, please post:

  • the Combofix log (C:\Combofix.txt)
  • the Dr. Web CureIt log (DrWeb.csv)
  • a new HijackThis log
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Lots of Popups and its slow

Unread postby Megaman001 » March 12th, 2008, 9:40 am

ComboFix 08-03-10.1 - Michael 2008-03-12 5:03:21.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.127 [GMT -8:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\RABCO - Auto Update.lnk
C:\WINDOWS\d7hjthfj.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\fwehg.exe
C:\WINDOWS\Tasks\AA3417A0918F8CD4.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Bind army eggs joy
C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\City drive.exe
C:\Documents and Settings\Michael\Application Data\funk meal test
C:\Documents and Settings\Michael\Application Data\funk meal test\0
C:\Documents and Settings\Michael\Application Data\funk meal test\cqjjgjhn.exe
C:\Documents and Settings\Michael\Application Data\funk meal test\defy road corn.exe
C:\Documents and Settings\Michael\Application Data\funk meal test\shim balm start.exe
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\RABCO - Auto Update.lnk
C:\Program Files\funk meal test
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\RXToolBar
C:\Program Files\RXToolBar\CacheCatalog.rx
C:\Program Files\RXToolBar\RXToolBar.dll
C:\Program Files\RXToolBar\sfcont.bin
C:\Program Files\RXToolBar\sfcont.dll
C:\WINDOWS\d7hjthfj.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\dr6
C:\WINDOWS\system32\dr6\crecomdll1.exe
C:\WINDOWS\system32\ech5
C:\WINDOWS\system32\ech5\vomb33dll.exe
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\fwehg.exe
C:\WINDOWS\system32\iDlo18
C:\WINDOWS\system32\iDlo18\iDlo182328.exe
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\lows8
C:\WINDOWS\system32\lows8\spgdn65.exe
C:\WINDOWS\system32\typ2
C:\WINDOWS\system32\typ2\key89104.exe
C:\WINDOWS\system32\vcmgcd32.dl_
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\Tasks\AA3417A0918F8CD4.job

.
((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-12 05:02 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-12 05:01 . 2008-03-12 05:02 <DIR> d-------- C:\Program Files\Java
2008-03-12 05:00 . 2008-03-12 05:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-12 04:56 . 2008-03-09 06:33 233,472 --a------ C:\Program Files\Uninstall Need2Find Bar.dll
2008-03-11 14:38 . 2008-03-11 14:53 <DIR> d-------- C:\Program Files\CCleaner
2008-03-09 07:48 . 2008-03-09 07:49 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-09 07:40 . 2008-03-09 07:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-09 07:23 . 2008-03-11 14:15 <DIR> d-------- C:\Program Files\BitDownload
2008-03-09 07:17 . 2008-03-09 07:30 <DIR> d-------- C:\Documents and Settings\Michael\Incomplete
2008-03-09 06:42 . 2008-03-09 07:14 <DIR> d-------- C:\Program Files\Incomplete
2008-03-09 06:41 . 2008-03-12 04:52 <DIR> d-------- C:\Program Files\eDonkey2000
2008-03-09 06:31 . 2008-03-12 04:55 <DIR> d-------- C:\Program Files\Kazaa
2008-03-09 06:29 . 2008-03-09 07:30 <DIR> d-------- C:\Program Files\LimeWire
2008-03-08 17:44 . 2008-03-08 17:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-08 17:44 . 2008-03-08 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-08 16:36 . 2008-03-08 16:35 397,688 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-08 16:31 . 2008-03-08 16:31 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-08 16:26 . 2008-03-09 07:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 16:19 . 2008-03-09 07:30 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\LimeWire
2008-03-08 14:02 . 2008-03-08 14:02 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-03-08 12:54 . 2008-03-08 12:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-08 12:54 . 2008-03-08 12:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-08 12:54 . 2008-03-08 12:54 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-03-08 12:54 . 2008-03-08 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-08 12:19 . 2008-03-08 12:19 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-03-08 12:16 . 2008-03-08 12:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 12:08 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-03-08 12:08 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-03-08 12:08 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-08 12:08 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-08 12:08 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-08 12:08 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-03-08 12:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-08 12:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-08 12:08 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-08 11:51 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-08 11:51 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-08 11:50 . 2008-03-09 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 11:46 . 2008-03-11 15:20 <DIR> d-------- C:\Temp
2008-03-08 11:31 . 2008-03-08 12:22 <DIR> d-------- C:\Program Files\Google
2008-03-08 11:30 . 2008-03-08 12:15 <DIR> d-------- C:\Downloads
2008-03-08 11:20 . 2008-03-08 11:20 <DIR> d---s---- C:\Documents and Settings\Michael\UserData
2008-03-08 11:05 . 2008-03-12 05:02 <DIR> d--hs---- C:\WINDOWS\Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 21:56 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-03-11_15.26.50.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-14 08:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 09:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-12-14 08:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 09:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-12-14 09:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 10:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDonkey2000"="C:\Program Files\eDonkey2000\eDonkey2000.exe" [2005-07-27 07:14 2505886]
"eggs joy math type"="C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\City drive.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll 2007-10-08 04:32 364544 C:\WINDOWS\system32\TPSvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

R0 vmscsi;vmscsi;C:\WINDOWS\System32\DRIVERS\vmscsi.sys [2007-10-08 04:32]
R2 hgfs;hgfs;C:\WINDOWS\System32\DRIVERS\hgfs.sys [2007-10-08 04:32]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 05:04:55
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-12 5:05:40
ComboFix-quarantined-files.txt 2008-03-12 13:05:31
ComboFix2.txt 2008-03-11 23:27:20

autochk.exe;C:\cmdcons;Win32.HLLP.Sector;Cured.;
autofmt.exe;C:\cmdcons;Win32.HLLP.Sector;Cured.;
dsenxil.exe;C:\Documents and Settings\Michael\Application Data\Microsoft;Win32.HLLP.Sector;Cured.;
dsenxil.exe;C:\Documents and Settings\Michael\Application Data\Microsoft;BackDoor.Vomba;Deleted.;
deljob.exe;C:\Documents and Settings\Michael\Desktop;Win32.HLLP.Sector;Cured.;
catchme.exe;C:\Documents and Settings\Michael\Desktop\SDFix;Win32.HLLP.Sector;Cured.;
cliptext.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Incurable.Moved.;
download.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
ERUNT.EXE;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
FixPath.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
grep.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
isadmin.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
LS.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
MD5File.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
Process.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
Process.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Tool.Prockill;;
procs.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Incurable.Moved.;
psservice.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
RestartIt!.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
sc.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
sed.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
SF.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
shutdown.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
swreg.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
swsc.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
unzip.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
vfind.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
WINMSG.EXE;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
zip.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps;Win32.HLLP.Sector;Cured.;
regedit.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps\Replace;Win32.HLLP.Sector;Cured.;
W2K.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps\Replace;Win32.HLLP.Sector;Cured.;
XP.exe;C:\Documents and Settings\Michael\Desktop\SDFix\apps\Replace;Win32.HLLP.Sector;Cured.;
xzxzxzxzxzxz.exe;C:\Documents and Settings\Michael\My Documents\_;Win32.HLLP.Sector;Cured.;
xzxzxzxzxzxz.exe;C:\Documents and Settings\Michael\My Documents\_;Trojan.MulDrop.3338;Deleted.;
Uninstall Need2Find Bar.dll;C:\Program Files;Adware.IESearch;;
uninstall_eDonkey2000.exe;C:\Program Files\eDonkey2000;Win32.HLLP.Sector;Cured.;
keygen.exe;C:\Program Files\LimeWire;Win32.HLLP.Sector;Cured.;
Nero.UE.8.x-KeyGen.exe;C:\Program Files\LimeWire;Win32.HLLP.Sector;Cured.;
mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.HLLP.Sector;Cured.;
mbamservice.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.HLLP.Sector;Cured.;
mbamtrayctrl.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.HLLP.Sector;Cured.;
msmsgs.exe;C:\Program Files\Messenger;Win32.HLLP.Sector;Cured.;
msmsgsin.exe;C:\Program Files\Messenger;Win32.HLLP.Sector;Cured.;
copymar.exe;C:\Program Files\MSN\MSNCoreFiles;Win32.HLLP.Sector;Cured.;
msn6.exe;C:\Program Files\MSN\MSNCoreFiles;Win32.HLLP.Sector;Cured.;
update.exe;C:\Program Files\MSN\MSNCoreFiles;Win32.HLLP.Sector;Cured.;
msnunin.exe;C:\Program Files\MSN\MSNCoreFiles\Setup;Win32.HLLP.Sector;Cured.;
HijackThis.exe;C:\Program Files\Trend Micro\HijackThis;Win32.HLLP.Sector;Cured.;
hypertrm.exe;C:\Program Files\Windows NT;Win32.HLLP.Sector;Cured.;
City drive.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Bind army eggs joy;Win32.HLLP.Sector;Incurable.Moved.;
svchost.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup;Win32.HLLP.Sector;Cured.;
svchost.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup;Trojan.MulDrop.3338;Deleted.;
cqjjgjhn.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Michael\Application Data\funk meal test;Win32.HLLP.Sector;Cured.;
defy road corn.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Michael\Application Data\funk meal test;Win32.HLLP.Sector;Cured.;
shim balm start.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Michael\Application Data\funk meal test;Win32.HLLP.Sector;Cured.;
WTUninstaller.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Michael\Application Data\WinTouch;Win32.HLLP.Sector;Cured.;
Yazzle1560OinAdmin.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files;Win32.HLLP.Sector;Incurable.Moved.;
JavaCore.exe.vir;C:\QooBox\Quarantine\C\Program Files\JavaCore;Trojan.Insider.origin;Incurable.Moved.;
UnInstall.exe.vir;C:\QooBox\Quarantine\C\Program Files\JavaCore;Win32.HLLP.Sector;Cured.;
netmon.exe.vir;C:\QooBox\Quarantine\C\Program Files\Network Monitor;Trojan.DnsChange;Deleted.;
UnInstall.exe.vir;C:\QooBox\Quarantine\C\Program Files\NoDNS;Win32.HLLP.Sector;Cured.;
nvcoi.exe.vir;C:\QooBox\Quarantine\C\Program Files\nvcoi;Trojan.Stars.origin;Incurable.Moved.;
sfcont.dll.vir;C:\QooBox\Quarantine\C\Program Files\RXToolBar;Adware.RXToolbar;;
InsiDERInst.exe.vir;C:\QooBox\Quarantine\C\Program Files\Temporary;Win32.HLLP.Sector;Cured.;
b116.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.MulDrop.9222;Deleted.;
b138.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.MulDrop.11196;Deleted.;
b152.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Win32.HLLP.Sector;Cured.;
b153.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Win32.HLLP.Sector;Cured.;
b154.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Win32.HLLP.Sector;Cured.;
d7hjthfj.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;BackDoor.Generic.1570;Deleted.;
mrofinu1000106.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.DownLoader.45546;Deleted.;
mrofinu1188.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Win32.HLLP.Sector;Cured.;
mrofinu1188.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.DownLoader.45546;Deleted.;
quit.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Win32.HLLP.Sector;Cured.;
quit.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.DownLoader.39285;Deleted.;
Crack.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Fonts;Win32.HLLP.Sector;Cured.;
svchost.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Fonts;Win32.HLLP.Sector;Cured.;
fwehg.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;BackDoor.Generic.1570;Deleted.;
vomb33dll.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\ech5;Trojan.DownLoader.5013;Deleted.;
iDlo182328.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\iDlo18;Trojan.DownLoader.24715;Deleted.;
asappsrv.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\TWljaGFlbA;Trojan.Proxy.493;Deleted.;
command.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\TWljaGFlbA;Trojan.Proxy.493;Deleted.;
A0004773.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004775.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.DownLoader.39285;Deleted.;
A0004778.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004779.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004781.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.Insider.origin;Incurable.Moved.;
A0004782.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004784.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004790.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004792.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Incurable.Moved.;
A0004793.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.DnsChange;Deleted.;
A0004794.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004795.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004800.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004800.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.MulDrop.3338;Deleted.;
A0004801.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Incurable.Moved.;
A0004806.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.DownLoader.45546;Deleted.;
A0004807.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004807.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.DownLoader.45546;Deleted.;
A0004809.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.MulDrop.9222;Deleted.;
A0004810.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.MulDrop.11196;Deleted.;
A0004811.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004812.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004813.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004819.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.Proxy.493;Deleted.;
A0004821.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004822.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Trojan.Proxy.493;Deleted.;
A0004828.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004840.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Deleted.;
A0004842.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Incurable.Moved.;
A0004844.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004878.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004879.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004882.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004882.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;BackDoor.Vomba;Deleted.;
A0004884.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004885.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Incurable.Moved.;
A0004886.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004887.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004888.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004889.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004890.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004891.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004892.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004893.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004893.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Tool.Prockill;;
A0004894.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Incurable.Moved.;
A0004895.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004896.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004897.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004898.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004899.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004900.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004901.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004902.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004903.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004904.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004905.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004906.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004907.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004908.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004909.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004910.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004912.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Adware.Altnet;;
A0004913.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004913.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Adware.Altnet;;
A0004914.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Incurable.Moved.;
A0004915.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004920.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004922.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004929.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Deleted.;
A0004931.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Cured.;
A0004936.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10;Win32.HLLP.Sector;Incurable.Moved.;
A0004973.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Win32.HLLP.Sector;Cured.;
A0004974.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Win32.HLLP.Sector;Cured.;
A0004975.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Win32.HLLP.Sector;Cured.;
A0004977.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Win32.HLLP.Sector;Cured.;
A0004977.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;BackDoor.Vomba;Deleted.;
A0004983.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Win32.HLLP.Sector;Deleted.;
A0004986.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Win32.HLLP.Sector;Cured.;
A0004992.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Adware.TopSearch;;
A0004998.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Win32.HLLP.Sector;Cured.;
A0005000.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11;Win32.HLLP.Sector;Incurable.Moved.;
A0005002.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Incurable.Moved.;
A0005044.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005046.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005048.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005049.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005050.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005067.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005068.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005069.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005070.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005083.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005084.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005085.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005087.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005088.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005089.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005092.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005094.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005109.rbf;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12;Win32.HLLP.Sector;Cured.;
A0005126.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005128.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005129.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005137.exe\data001;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005137.exe;Adware.PeerNet;;
A0005137.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Archive contains infected objects;Moved.;
A0005149.DLL;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Msearch;;
A0005150.DLL;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.MyWay;;
A0005151.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Incurable.Moved.;
A0005152.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005153.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005154.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005156.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005157.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005158.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005159.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005159.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005160.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005161.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Adware.Altnet;;
A0005162.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005165.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005166.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005174.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005176.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005184.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005185.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005186.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005187.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005187.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;BackDoor.Vomba;Deleted.;
A0005190.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005191.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Incurable.Moved.;
A0005192.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005193.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005194.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005195.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005196.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005197.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005198.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005199.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Cured.;
A0005199.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Tool.Prockill;;
A0005200.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13;Win32.HLLP.Sector;Incurable.Moved.;
A0005201.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005202.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005203.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005204.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005205.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005206.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005207.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005208.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005209.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005210.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005211.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005212.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005213.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005214.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005215.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005216.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005218.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005220.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Incurable.Moved.;
A0005222.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005223.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Win32.HLLP.Sector;Cured.;
A0005224.DLL;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14;Adware.IESearch;;
A0005230.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Incurable.Moved.;
A0005235.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005236.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005237.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005238.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Trojan.Stars.origin;Incurable.Moved.;
A0005240.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Adware.RXToolbar;;
A0005242.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Trojan.DownLoader.5013;Deleted.;
A0005243.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Trojan.DownLoader.24715;Deleted.;
A0005247.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Deleted.;
A0005249.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;BackDoor.Generic.1570;Deleted.;
A0005250.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005250.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Trojan.DownLoader.39285;Deleted.;
A0005251.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;BackDoor.Generic.1570;Deleted.;
A0005283.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005284.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005285.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005285.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;BackDoor.Vomba;Deleted.;
A0005286.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005287.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005288.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Incurable.Moved.;
A0005289.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005290.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005291.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005292.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005293.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005294.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005295.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005296.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005296.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Tool.Prockill;;
A0005297.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Incurable.Moved.;
A0005298.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005299.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005300.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005301.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005302.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005303.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005304.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005305.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005306.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005307.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005308.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005309.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005310.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005311.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005312.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005313.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005314.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005315.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005316.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005317.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005318.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005319.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005320.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005321.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005322.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005323.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005324.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005325.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005326.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005327.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0005328.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15;Win32.HLLP.Sector;Cured.;
A0002390.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8;Trojan.DownLoader.39189;Deleted.;
A0002505.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8;Trojan.DownLoader.24715;Deleted.;
A0002506.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8;Trojan.DownLoader.5013;Deleted.;
A0002509.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8;Trojan.DownLoader.50050;Deleted.;
A0003549.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0003549.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.MulDrop.3338;Deleted.;
A0003566.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.MulDrop.3338;Deleted.;
A0003569.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.MulDrop.3338;Deleted.;
A0003573.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.DownLoader.39189;Deleted.;
A0003578.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Adware.Altnet;;
A0003579.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Adware.Altnet;;
A0003580.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Adware.Altnet;;
A0003649.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.DownLoader.45546;Deleted.;
A0003650.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.DownLoader.45546;Deleted.;
A0004531.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004536.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Deleted.;
A0004537.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.Stars.origin;Incurable.Moved.;
A0004538.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.Insider.origin;Incurable.Moved.;
A0004539.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004541.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;BackDoor.Vomba;Deleted.;
A0004542.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004543.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004543.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.DownLoader.45546;Deleted.;
A0004545.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Incurable.Moved.;
A0004551.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004554.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004555.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004557.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004562.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Deleted.;
A0004565.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004568.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Incurable.Moved.;
A0004572.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004573.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004574.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004594.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004595.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004600.dll;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Deleted.;
A0004603.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004606.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004607.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Incurable.Moved.;
A0004612.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004613.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004614.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004615.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004616.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Incurable.Moved.;
A0004624.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Tool.Prockill;;
A0004643.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Adware.Altnet;;
A0004644.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004644.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Adware.Altnet;;
A0004645.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Incurable.Moved.;
A0004646.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004651.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004652.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Incurable.Moved.;
A0004655.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004658.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004659.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004660.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004661.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004662.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004666.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004667.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004668.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004669.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004670.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004671.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004672.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004673.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004674.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004675.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004676.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004677.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004678.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004679.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004681.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004682.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004683.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004684.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004685.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004687.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004688.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004694.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004696.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004697.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004698.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004699.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004703.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004704.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004705.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004706.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004714.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004715.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004716.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004718.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004719.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004721.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004725.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.MulDrop.9222;Deleted.;
A0004726.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.MulDrop.11196;Deleted.;
A0004727.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004728.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004729.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004730.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004731.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004732.EXE;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004733.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004734.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004736.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004736.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Trojan.DownLoader.45546;Deleted.;
A0004737.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
A0004738.exe;C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9;Win32.HLLP.Sector;Cured.;
places.exe;C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227};Win32.HLLP.Sector;Cured.;
HscUpd.exe;C:\WINDOWS\PCHealth\HelpCtr\Binaries;Win32.HLLP.Sector;Cured.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:18 AM, on 3/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\City drive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll

--
End of file - 2587 bytes


When I try to open a .txt file I get an error saying "Windows cannot find d7hjthfj.exe" It says its required to open text files. What happened?
Megaman001
Active Member
 
Posts: 9
Joined: March 9th, 2008, 11:48 am

Re: Lots of Popups and its slow

Unread postby Simon V. » March 12th, 2008, 9:59 am

You haven't uploaded the file after running Combofix... Please do the following -

Please visit this site and upload <Submit_Date_Time>.zip (created on your desktop) > http://www.bleepingcomputer.com/submit- ... ?channel=1

Include a link to this thread (http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=28617).

When that's done, we can continue cleaning.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Lots of Popups and its slow

Unread postby Megaman001 » March 12th, 2008, 10:04 am

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.


Ok I uploaded it.
Megaman001
Active Member
 
Posts: 9
Joined: March 9th, 2008, 11:48 am

Re: Lots of Popups and its slow

Unread postby Simon V. » March 12th, 2008, 10:29 am

Hi :)

Thanks for uploading the file. You really need to get rid of those infected Peer-to-Peer programs, especially eDonkey2000.

Open HijackThis, perform a scan and put a check next to the following items (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\City drive.exe


Close all programs except HijackThis and click on Fix checked.

Then, please download this file > http://www.dougknox.com/xp/fileassoc/xp_fileassoc.zip

Unzip it to your desktop, and double-click on xp_fileassoc.bat to restore file associations. Let me know whether the problem with running .txt files is resolved.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Lots of Popups and its slow

Unread postby Megaman001 » March 12th, 2008, 10:38 am

No that didn't work. I also noticed when I click on CCleaner is says Program.exe is missing.

Yes, I have removed all p2p software. I never knew it could do this much damage to a computer. I'm never going to install any again.
Megaman001
Active Member
 
Posts: 9
Joined: March 9th, 2008, 11:48 am

Re: Lots of Popups and its slow

Unread postby Simon V. » March 12th, 2008, 11:26 am

Megaman001 wrote:No that didn't work. I also noticed when I click on CCleaner is says Program.exe is missing.

Does it happen when you click on the shortcut, or on the actual file?

Let's do an online scan to make sure all infections are gone -

Close all programs before continuing, and try not to run anything during the scan.

Please do an online scan with Kaspersky WebScanner. (You will need to use Internet Explorer to run this scan)

On the welcome screen, click Accept.

You will be promted to install an ActiveX component from Kaspersky, click Install.

  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:

  • Scan using the following Anti-Virus database:

    Extended (if available, otherwise Standard)

  • Scan Options:

    Scan Archives
    Scan Mail Bases

  • Click OK.
  • Now under Select a Target to Scan:

    Select My Computer.

  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop. Post the contents of that log in your next reply.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Lots of Popups and its slow

Unread postby Megaman001 » March 12th, 2008, 6:52 pm

Here is the log. When I double click on CCleaner the shortcut it says CCleaner.exe is missing. Ok or Browse.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 12, 2008 2:51:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/03/2008
Kaspersky Anti-Virus database records: 626476
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 12747
Number of viruses found: 31
Number of infected objects: 152
Number of suspicious objects: 0
Duration of the scan process: 00:19:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Desktop\[1]-Submit_2008-03-12@5.03.zip/vcmgcd32.dl_/vcmgcd32.dl_ Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\Desktop\[1]-Submit_2008-03-12@5.03.zip/vcmgcd32.dl_ Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\Desktop\[1]-Submit_2008-03-12@5.03.zip/vcmgcd32.dll Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\Desktop\[1]-Submit_2008-03-12@5.03.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004538.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004545.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004568.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004607.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004616.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004645.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004652.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004781.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004792.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004801.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004842.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004885.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004894.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004914.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0004936.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005000.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005002.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005151.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005191.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005200.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005220.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005230.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005288.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\A0005297.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\City drive.exe.vir Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\cliptext.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\procs.exe Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\DoctorWeb\Quarantine\Yazzle1560OinAdmin.exe.vir Infected: Virus.Win32.Sality.q skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\LimeWire\Adobe Cracks amp; Keygens (2008).zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.dck skipped
C:\Program Files\LimeWire\Adobe Cracks amp; Keygens (2008).zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\MSN\wyzolytih89104.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\Program Files\NoDNS\NoDNS.exe.vir Infected: Trojan-Downloader.Win32.Agent.kji skipped
C:\QooBox\Quarantine\C\Program Files\RABCO\RABCO.dll.vir Infected: not-a-virus:AdWare.Win32.Rabio.h skipped
C:\QooBox\Quarantine\C\Program Files\RABCO\RABCOse.exe.vir Infected: Virus.Win32.Sality.q skipped
C:\QooBox\Quarantine\C\Program Files\RABCO\X_RABCOse.exe.vir Infected: Virus.Win32.Sality.q skipped
C:\QooBox\Quarantine\C\Program Files\RXToolBar\RXToolBar.dll.vir Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\QooBox\Quarantine\C\Program Files\RXToolBar\sfcont.dll.vir Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERInst.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\b152.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\QooBox\Quarantine\C\WINDOWS\b154.exe.vir Infected: Trojan-Downloader.Win32.Agent.kha skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\Crack.exe.vir Infected: Trojan.Win32.Agent.cmn skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir Infected: Trojan.Win32.Agent.cmn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\explorer.exe.vir Infected: Trojan-Clicker.Win32.VB.aho skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mljjg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnll.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\typ2\key89104.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\typ2\key89104.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-03-11_152525.15.zip/pciidexx.sys Infected: Rootkit.Win32.Agent.to skipped
C:\QooBox\Quarantine\catchme2008-03-11_152525.15.zip/yayvvss.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-11_152525.15.zip/WinTouch.exe Infected: Virus.Win32.Sality.q skipped
C:\QooBox\Quarantine\catchme2008-03-11_152525.15.zip ZIP: infected - 3 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004783.exe Infected: Trojan-Downloader.Win32.Agent.kji skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004786.dll Infected: not-a-virus:AdWare.Win32.Rabio.h skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004788.exe Infected: Virus.Win32.Sality.q skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004790.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004791.exe Infected: Virus.Win32.Sality.q skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004794.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004795.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004797.exe Infected: Trojan-Clicker.Win32.VB.aho skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004802.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004802.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004808.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004808.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004808.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004808.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004811.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004812.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004813.exe Infected: Trojan-Downloader.Win32.Agent.kha skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004816.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004817.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004818.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004912.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP10\A0004913.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP11\A0004992.exe Infected: not-a-virus:AdWare.Win32.TopSearch.a skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP12\A0005001.exe Infected: Trojan-Clicker.Win32.VB.aho skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005126.exe/TopSearch.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005126.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005126.exe Execryptor: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005128.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005149.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005150.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005152.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005153.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005154.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005156.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005157.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005158.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005159.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP13\A0005161.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP14\A0005224.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15\A0005239.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15\A0005240.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15\A0005245.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15\A0005245.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15\A0005246.exe Infected: Trojan-Clicker.Win32.VB.aho skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15\A0005329.exe Infected: Virus.Win32.Sality.q skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15\A0005330.exe Infected: Virus.Win32.Sality.q skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP15\A0005335.dll Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP16\A0005382.dll Infected: Virus.Win32.Sality.q skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP16\change.log Object is locked skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8\A0002504.exe/data0018/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8\A0002504.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8\A0002504.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8\A0002504.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8\A0002504.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8\A0002507.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8\A0002507.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP8\A0002508.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003542.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003543.exe Infected: Trojan-Downloader.Win32.VB.dck skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003550.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003578.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003579.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003580.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003608.exe/TopSearch.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003608.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003608.exe Execryptor: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0003646.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004540.exe Infected: Trojan-Downloader.Win32.Agent.ktb skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004542.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004565.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004606.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004643.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004644.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004653.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004653.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004679.exe/TopSearch.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004679.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004679.exe Execryptor: infected - 1 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004700.exe Infected: Virus.Win32.Sality.q skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004703.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004724.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004724.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004724.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004724.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004727.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004728.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004729.exe Infected: Trojan-Downloader.Win32.Agent.kha skipped
C:\System Volume Information\_restore{498255E6-3A9F-4C1A-9F31-29D56AF215B3}\RP9\A0004733.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Megaman001
Active Member
 
Posts: 9
Joined: March 9th, 2008, 11:48 am

Re: Lots of Popups and its slow

Unread postby Simon V. » March 13th, 2008, 2:15 am

Hi :)

Please delete this file - C:\Program Files\LimeWire\Adobe Cracks amp; Keygens (2008).zip

Then, please reinstall the programs you are having difficulties with, and let me know which problems remain. You had a nasty file infecter on your machine, and it is expected that some programs may not function correctly; reinstalling should solve it though.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: Lots of Popups and its slow

Unread postby Megaman001 » March 13th, 2008, 7:37 am

Ok, I have reinstalled CCleaner and the icon seems to work. But when I click on any text file, it says "Windows cannot find the file d7hjthfj.exe This program is needed for opening the file type of 'Text document'. Type in the executable file to be used instead. Ok Cancel or Browse."

Thanks

Edit: I have fixed this. When the dialog poped up, I put C:\WINDOWS\system32\notepad.exe, and now when i open .txt files it works.
Megaman001
Active Member
 
Posts: 9
Joined: March 9th, 2008, 11:48 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware