Hello!
Ok here are two logs - every time I try to run hijack this it clicks the computer off, and says Microsoft Windows is recovering from a serious error so I quit trying.
A question - which anti virus should I unload? I don't even know where CAIsafe is. I'm guessing it might be in the SBC yahoo files.
as far as the computer, it starts up quick, runs well, but the big red x is still on the "C" drive.
-----------------------------------
ComboFix 08-03-22.1 - Administrator 2008-03-29 17:02:04.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\cfscripttext.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.
2008-03-29 10:53 . 2008-03-29 10:53 6,144 --ahsc--- C:\WINDOWS\system32\Thumbs.db
2008-03-25 21:47 . 2008-03-25 21:50 <DIR> d----c--- C:\Program Files\Panda Security
2008-03-25 19:48 . 2008-03-25 19:48 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-25 19:48 . 2008-03-25 19:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-25 19:48 . 2008-03-25 19:48 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-24 15:38 . 2008-03-24 15:38 <DIR> d----c--- C:\Program Files\Trend Micro
2008-03-24 15:01 . 2008-03-24 15:01 <DIR> d----c--- C:\Program Files\CCleaner
2008-03-22 18:57 . 2008-03-22 22:46 250 --a--c--- C:\WINDOWS\gmer.ini
2008-03-17 19:06 . 2008-03-17 19:06 <DIR> d----c--- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-17 19:06 . 2008-03-29 08:00 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-17 19:05 . 2008-03-17 19:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-17 19:05 . 2008-03-17 23:15 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-23 15:03 . 2008-02-23 15:07 248 --a--c--- C:\WINDOWS\wininit.ini
2008-02-16 18:22 . 2008-03-28 13:12 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-02-16 18:22 . 2008-02-16 18:22 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-02-12 19:21 . 2008-02-12 19:21 <DIR> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-11 14:00 . 2008-02-11 14:00 268 --ah-c--- C:\sqmdata00.sqm
2008-02-11 14:00 . 2008-02-11 14:00 244 --ah-c--- C:\sqmnoopt00.sqm
2008-02-11 10:45 . 2008-02-11 14:00 <DIR> d----c--- C:\Documents and Settings\Administrator\Contacts
2008-02-03 10:28 . 2008-02-03 10:28 <DIR> d----c--- C:\WINDOWS\system32\LogFiles
2008-02-03 10:28 . 2008-02-03 10:30 <DIR> d----c--- C:\WINDOWS\system32\drivers\UMDF
2008-02-03 10:03 . 2008-02-03 10:03 <DIR> d----c--- C:\WINDOWS\Freecorder Toolbar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 04:45 --------- dc----w C:\Program Files\mIRC
2008-03-23 06:00 --------- dc----w C:\Program Files\Java
2008-03-23 00:45 --------- dc----w C:\Program Files\PowerISO
2008-03-22 22:49 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-03-18 02:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 07:00 --------- dc----w C:\Program Files\Digital Photo Navigator 1.5
2008-02-24 06:49 --------- dc----w C:\Program Files\Webshots
2008-02-24 06:22 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 06:14 --------- dc----w C:\Program Files\CyberLink
2008-02-24 06:13 --------- dc----w C:\Program Files\IrfanView
2008-02-18 20:08 --------- dc----w C:\Program Files\Common Files\Adobe
2007-12-07 01:07 659,456 -c--a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 -c--a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-02 17:07 256 -c--a-w C:\Documents and Settings\Administrator\pool.bin
2007-03-25 19:55 284,864 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 21:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2006-05-06 16:42 7,260,160 -c--a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2007-03-09 07:12 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-22_18.25.05.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-21 21:37:26 124,208 -c--a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll
+ 2007-07-18 21:49:56 12,592 -c--a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2008-03-23 01:57:00 819,200 -c--a-w C:\WINDOWS\gmer.dll
+ 2008-03-04 03:29:06 761,856 -c--a-w C:\WINDOWS\gmer.exe
- 2007-12-04 05:36:43 5,409 -c--a-w C:\WINDOWS\mozver.dat
+ 2008-03-26 04:48:16 6,585 -c--a-w C:\WINDOWS\mozver.dat
+ 2008-03-23 01:57:00 86,097 -c--a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2007-09-25 06:30:28 135,168 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 08:23:35 135,168 -c--a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 06:30:30 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 08:23:39 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 07:31:42 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 09:33:32 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2004-02-10 12:19 180224]
"EPSON PictureMate Deluxe (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.exe" [2004-10-17 03:00 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-02-10 00:59 47104 C:\WINDOWS\SOUNDMAN.EXE]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2003-07-23 10:42 69632]
"DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-07-18 10:49 204800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-21 20:08 185632]
"EPSON PictureMate Deluxe (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.exe" [2004-10-17 03:00 98304]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 19:05 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 19:05 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.LNK]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.LNK
backup=C:\WINDOWS\pss\HotSync Manager.LNKStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=C:\WINDOWS\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
--a--c--- 2005-11-03 16:39 230512 C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a--c--- 2005-11-03 16:39 185456 C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
-----c--- 2006-11-22 21:10 151552 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Proxy Server]
C:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 15:49 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a--c--- 2007-05-15 17:12 484904 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 18:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a--c--- 2004-02-10 12:19 180224 C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a--c--- 2007-04-09 05:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a--c--- 2007-03-26 07:07 228088 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-06-03 07:16 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2007-10-21 20:08 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2005-08-15 16:24 3092480 C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a--c--- 2005-04-22 20:49 397312 C:\PROGRA~1\Yahoo!\YOP\yop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\hpbspsvr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 22:29]
S0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys []
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys []
S3 McAfeePF;McAfee Firewall Network Filter Miniport;C:\WINDOWS\system32\DRIVERS\fw220.sys []
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 10:24]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e16e5b41-ade1-11dc-a17f-00508d4bb37a}]
\Shell\AutoRun\command - G:\PortableVault.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 03:56:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-29 17:09:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-29 17:11:43
ComboFix-quarantined-files.txt 2008-03-30 00:11:23
ComboFix2.txt 2008-03-28 20:32:37
ComboFix3.txt 2008-03-26 01:07:39
ComboFix4.txt 2008-03-24 22:28:01
ComboFix5.txt 2008-03-24 21:10:52
.
2008-03-22 22:07:21 --- E O F ---
------------------------------
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-03-29 21:43:06
PROTECTIONS: 2
MALWARE: 96
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Anti-Virus - SBC Yahoo! Online Protection 7.0.7.4 Yes No
AVG 7.5.519 7.5.519 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\fleok
00040467 adware/elitebar Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\internet settings\user agent\post platform\iebar
00046021 adware/megasearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}
00064524 Adware/TVMedia Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295672.dll
00065370 Spyware/BetterInet Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295667.dll
00065370 Spyware/BetterInet Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295666.dll
00065528 Spyware/SafeSurf Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\InstallerV3.exe.vir
00065528 Spyware/SafeSurf Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310290.exe
00102241 Adware/Ipend Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\msnimk.gif.vir
00102512 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310289.exe
00102512 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\iezset.exe.vir
00110538 Spyware/ClientMan Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\msglji.gif.vir
00117359 Spyware/ClientMan Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\msiaih.dll.vir
00117359 Spyware/ClientMan Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310292.dll
00117363 Spyware/Omi Spyware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\msfdje.gif.vir
00120498 Adware/nCase Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295671.dll
00123310 HackTool/SRunner.B HackTools No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290151.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq205.tmp
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3.tmp
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AC.tmp
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1522\A0299162.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B2.tmp
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq204.tmp
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1FE.tmp
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq203.tmp
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AE.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B0.tmp
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AF.tmp
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq202.tmp
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp
00166757 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295663.dll
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp
00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq200.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B4.tmp
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq201.tmp
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B1.tmp
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp
00173557 Spyware/SafeSurf Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310294.dll
00173557 Spyware/SafeSurf Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\richedtr.dll.vir
00173701 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310296.exe
00173701 Adware/BookedSpace Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\zpjeuove.exe.vir
00176013 Spyware/BetterInet Spyware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp.vir
00176880 Trj/Clicker.FV Virus/Trojan No 0 No No C:\QooBox\Quarantine\C\WINDOWS\system32\GSM3-0511.exe.vir[QB.exe]
00176880 Trj/Clicker.FV Virus/Trojan No 0 No No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310288.exe[QB.exe]
00181758 Spyware/BetterInet Spyware No 1 No No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310288.exe[QBUninstaller.exe]
00181758 Spyware/BetterInet Spyware No 1 No No C:\QooBox\Quarantine\C\WINDOWS\system32\GSM3-0511.exe.vir[QBUninstaller.exe]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp
00192119 Adware/BookedSpace Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\system32\bsva-egihsg52.exe.vir[²ÇÇ]
00192119 Adware/BookedSpace Adware No 0 No No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1522\A0297972.exe[²ÇÇ]
00192372 Adware/BigTrafficNet Adware No 0 No No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310286.exe[²ÅÇ]
00192372 Adware/BigTrafficNet Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\system32\btnetw3_venturahot_246765.exe.vir[²ÅÇ]
00192372 Adware/BigTrafficNet Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system320nstDD0.vir
00192372 Adware/BigTrafficNet Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290147.dll
00194387 Adware/Megasearch Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\MegasearchBarSetup.dll.vir
00194387 Adware/Megasearch Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310291.dll
00197368 Spyware/SafeSurf Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310293.dll
00197368 Spyware/SafeSurf Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\redtrsha.dll.vir
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp
00234930 Trj/Downloader.GUM Virus/Trojan No 0 No No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310288.exe[QBTool.exe]
00234930 Trj/Downloader.GUM Virus/Trojan No 0 No No C:\QooBox\Quarantine\C\WINDOWS\system32\GSM3-0511.exe.vir[QBTool.exe]
00242112 Trojan Horse.AP3 Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310288.exe
00242112 Trojan Horse.AP3 Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\GSM3-0511.exe.vir
00246066 Adware/eZula Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310287.exe
00246066 Adware/eZula Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ezNewS5.exe.vir
00248299 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1522\A0297972.exe
00248299 Adware/BookedSpace Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\bsva-egihsg52.exe.vir
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp
00293079 Spyware/7r7t Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1529\A0310286.exe
00293079 Spyware/7r7t Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\btnetw3_venturahot_246765.exe.vir
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp
00371568 Trj/Agent.DZW Virus/Worm No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290153.exe
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1510\A0282142.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290154.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1510\A0283139.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1510\A0281162.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1510\A0284140.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1510\A0281131.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1508\A0281021.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1500\A0274002.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1507\A0276007.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1510\A0285139.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1507\A0280016.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1499\A0273922.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1507\A0279004.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1496\A0272929.sys
00375179 Trj/SpyForms.AA Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1507\A0279028.sys
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1522\A0298001.EXE
01259911 Trj/Downloader.PLQ Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295658.exe
01614600 Application/Win-Touch HackTools No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290148.exe
02206770 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1515\A0292420.exe
02247403 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1515\A0292432.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1522\A0297993.sys
02891362 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290150.exe
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1520\A0297849.dll
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290157.dll
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1518\A0297653.dll
02893893 Trj/Bancos.RQ Virus/Trojan No 0 No No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\pv.cfexe]
02894086 Adware/AVSystemCare Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1518\A0297674.exe
02896112 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290149.exe
02896636 Adware/Matcash Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295659.exe
02896638 Adware/Matcash Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1515\A0292378.exe
02896639 Adware/Matcash Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1515\A0292377.exe
02898733 Trj/Downloader.SLD Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295657.exe
02899162 Trj/Agent.HYR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295647.exe
02899593 Trj/Downloader.SMN Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1507\A0280018.exe
02899593 Trj/Downloader.SMN Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1506\A0274182.exe
02900418 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1512\A0290155.dll
02900545 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1508\A0281008.dll
02900995 Adware/ErrClean Adware No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1515\A0292383.exe
02901062 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295674.dll
02901509 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1510\A0281133.dll
02901551 Trj/Downloader.SQN Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1520\A0297848.exe
02902098 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295668.dll
02902388 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295670.dll
02902392 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295673.dll
02902684 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295660.dll
02904329 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295661.dll
02904329 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1510\A0281125.dll
02904332 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295669.dll
02904332 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1517\A0295665.dll
02907503 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{43F5BAB5-AE95-4FF1-9201-6E1967C682DD}\RP1518\A0297654.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
thanks Dan.