My comp is very slow, apparently got virtumonde virus.
I've tried spyware doctor to sort out the problems, to no avail.
My firefox wont open certain webpages, and i get plenty iexplorer popups (ie celldorado etc)
here are the logs of the online kaspersky and hjt
Thanks in advance
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 2:52:20 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 811615
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 175809
Number of viruses found: 11
Number of infected objects: 80
Number of suspicious objects: 0
Duration of the scan process: 01:46:44
Infected Object Name / Virus Name / Last Action
C:\Program Files\HP Connections\6811507\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\L0000003.FCS Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\ProSB\Support.exe/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Program Files\ProSB\Support.exe 7-Zip: infected - 1 skipped
C:\Program Files\ProSB\Support.exe UPX: infected - 1 skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MPF\data\log.edb Object is locked skipped
C:\ProgramData\McAfee\MPF\data\logout.edb Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bbb78300220bcb9b83c3dbaf43e6cd3b_311cff53-0acf-4dea-9647-91f5d2335b92 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bbb78300220bcb9b83c3dbaf43e6cd3b_fa270d0c-e8c0-4426-b4f8-326139a300f1 Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052920080530\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008052920080530\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3M1LBQ55\moorate[1] Infected: Trojan.Win32.KillAV.rf skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJ18P0Z0\hctp[1] Infected: Trojan.Win32.Monder.fc skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJ18P0Z0\kriv[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5856E298-658A-4DD5-8484-760D6680EC58}.tmp Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{85D50659-9E85-48E5-88E3-41771F4E5868}.tmp Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BA81ACF8-326F-433A-889F-3CC3252FA815}.tmp Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\UsrClass.dat{de469c33-2a38-11dc-9037-0017a4e77d16}.TM.blf Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\UsrClass.dat{de469c33-2a38-11dc-9037-0017a4e77d16}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows\UsrClass.dat{de469c33-2a38-11dc-9037-0017a4e77d16}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Business Contact Manager\MSSmallBusiness.ldf Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Business Contact Manager\MSSmallBusiness.mdf Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Outlook\~Outlook.pst.tmp Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Microsoft\Windows Defender\FileTracker\{13F8077B-6411-49E6-A570-B4C11233C916} Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\Acr6F66.tmp Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\Acr6FCF.tmp Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\awtuuRLC.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\bnbubooo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.srg skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\cbXNETKe.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\ddcDwxyX.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\ddcYqqOe.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\E88B.tmp Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\einoouij.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\exxsyxoj.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\fccDtTjk.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\hfwbuqfy.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\hgGVpmLc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sta skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\hgGvvtuS.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\khfGyvwx.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\lilo4 Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\lilo5 Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\ljJBtQgf.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\ljJCuRKC.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\nnNeDstu.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\nnnmlIbA.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\pmNGwxya.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\pmnmlkHb.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\pmnoMcCs.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\qOIyWnLD.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\qoMghihH.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\rqRLeddD.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\skeyiaey.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\ssqoLDSL.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\ssqPjklk.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tescktrt.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp00017001 Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp0002c522 Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp0002c84d Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp0002d8ff Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp0002da95 Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp0002e83c Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp0002fff0 Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp00037f5c Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tmp00073c15 Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tuVlLDSi.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\tuvWnmmK.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\vtUonnlk.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\waxouwfa.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\xxywTNFx.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\yayvSmJb.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\yaywwVPG.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Users\Dylan de Wet\AppData\Local\Temp\~DFE59D.tmp Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Mozilla\Firefox\Profiles\e1xpfbqy.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Mozilla\Firefox\Profiles\e1xpfbqy.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Mozilla\Firefox\Profiles\e1xpfbqy.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\Mozilla\Firefox\Profiles\e1xpfbqy.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\VirtualStore\Windows\Temp\Cookies\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\VirtualStore\Windows\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Local\VirtualStore\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\microsoft\Templates\NormalEmail.dotm Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\Mozilla\Firefox\Profiles\e1xpfbqy.default\cert8.db Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\Mozilla\Firefox\Profiles\e1xpfbqy.default\formhistory.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\Mozilla\Firefox\Profiles\e1xpfbqy.default\history.dat Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\Mozilla\Firefox\Profiles\e1xpfbqy.default\key3.db Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\Mozilla\Firefox\Profiles\e1xpfbqy.default\parent.lock Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\Mozilla\Firefox\Profiles\e1xpfbqy.default\search.sqlite Object is locked skipped
C:\Users\Dylan de Wet\AppData\Roaming\Mozilla\Firefox\Profiles\e1xpfbqy.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Dylan de Wet\Applications\Arb\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]\spybotsd152.exe/data0000.cab/is153202.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpu skipped
C:\Users\Dylan de Wet\Applications\Arb\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]\spybotsd152.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qpu skipped
C:\Users\Dylan de Wet\Applications\Arb\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]\spybotsd152.exe Rsrc-Package: infected - 2 skipped
C:\Users\Dylan de Wet\Applications\Arb\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!].rar/Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]/spybotsd152.exe/data0000.cab/is153202.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpu skipped
C:\Users\Dylan de Wet\Applications\Arb\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!].rar/Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]/spybotsd152.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qpu skipped
C:\Users\Dylan de Wet\Applications\Arb\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!].rar/Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!]/spybotsd152.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpu skipped
C:\Users\Dylan de Wet\Applications\Arb\Spybot Search & Destroy 1.5.2 LATEST FULL Edition [GRAB IT!].rar RAR: infected - 3 skipped
C:\Users\Dylan de Wet\Applications\Arb\WinRAR.v4.65(cracked) (totally new interface)\WinRAR.v4.65(cracked) (totally new interface)\WRAR4.65.exe/winupdaters.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\Users\Dylan de Wet\Applications\Arb\WinRAR.v4.65(cracked) (totally new interface)\WinRAR.v4.65(cracked) (totally new interface)\WRAR4.65.exe CreateInstall: infected - 1 skipped
C:\Users\Dylan de Wet\Applications\Arb\WinRAR.v4.65(cracked) (totally new interface)\WinRAR.v4.65(cracked) (totally new interface).zip/WinRAR.v4.65(cracked) (totally new interface)/WRAR4.65.exe/winupdaters.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\Users\Dylan de Wet\Applications\Arb\WinRAR.v4.65(cracked) (totally new interface)\WinRAR.v4.65(cracked) (totally new interface).zip/WinRAR.v4.65(cracked) (totally new interface)/WRAR4.65.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\Users\Dylan de Wet\Applications\Arb\WinRAR.v4.65(cracked) (totally new interface)\WinRAR.v4.65(cracked) (totally new interface).zip ZIP: infected - 2 skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\sdsetup.exe/data0000.cab/is153056.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\sdsetup.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\sdsetup.exe Rsrc-Package: infected - 2 skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware.Doctor.5.5.0.212_KEYGEN+PATCH-FFF.exe/data0000.cab/is153055.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware.Doctor.5.5.0.212_KEYGEN+PATCH-FFF.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)\Spyware.Doctor.5.5.0.212_KEYGEN+PATCH-FFF.exe Rsrc-Package: infected - 2 skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE).rar/Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)/sdsetup.exe/data0000.cab/is153056.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE).rar/Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)/sdsetup.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE).rar/Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)/sdsetup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE).rar/Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)/Spyware.Doctor.5.5.0.212_KEYGEN+PATCH-FFF.exe/data0000.cab/is153055.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE).rar/Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)/Spyware.Doctor.5.5.0.212_KEYGEN+PATCH-FFF.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE).rar/Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE)/Spyware.Doctor.5.5.0.212_KEYGEN+PATCH-FFF.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\Users\Dylan de Wet\Documents\Downloads\Spyware Doctor v5.5.0.212 + KEYGEN & PATCH (UNLIMITED LISENCE - UPDATABLE).rar RAR: infected - 6 skipped
C:\Users\Dylan de Wet\Games\Diablo II\patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\Users\Dylan de Wet\ntuser.dat Object is locked skipped
C:\Users\Dylan de Wet\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Dylan de Wet\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Dylan de Wet\ntuser.dat{a4898645-274c-11dd-b1f7-a5c679658c34}.TM.blf Object is locked skipped
C:\Users\Dylan de Wet\ntuser.dat{a4898645-274c-11dd-b1f7-a5c679658c34}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Dylan de Wet\ntuser.dat{a4898645-274c-11dd-b1f7-a5c679658c34}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\VundoFix Backups\opnmNDuT.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI2463.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\components Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\default Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\sam Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\security Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\software Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\system Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000005.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000006.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\hgGayApQ.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\opnmNDuT.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Windows\System32\qoMecYOe.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\uRLFVOEV.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Windows\System32\wbem\AutoRecover\10A9EB2C94277C0A1A6143B54809F210.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\21D7529435092A1DD242FD6ACF494493.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\43A7EEE279F15546EE900076CA8CC2C8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A20D7181B570E2E2142FB6261D170A2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\95CF8C2673B156E93407C44DA1171F14.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\B8F066315788F9A2DF744CF3A9F7F3D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Credential Manager.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx.corrupt Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\MSFWSVC.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\System32\xxywwtRL.dll Infected: Trojan.Win32.Zapchast.gb skipped
C:\Windows\Tasks\1-Click Maintenance.job Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\mcafee_4FX7d1JyELig97r Object is locked skipped
C:\Windows\Temp\mcafee_Tef63XpzT94YeIg Object is locked skipped
C:\Windows\Temp\mcmsc_DFE3pQ1bCHqBRvz Object is locked skipped
C:\Windows\Temp\mcmsc_u9uMaf2yJeH5Xjp Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
Scan process completed.
--------------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 03:26:14 PM, on 2008/05/29
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor111\pctsAuxs.exe
C:\Program Files\Spyware Doctor111\pctsSvc.exe
C:\Program Files\Spyware Doctor111\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Mozilla Firefox\mfirefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spyware Doctor111\pctsGui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news24.com/News24/Home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {4FCE784E-3915-49B8-B546-68EADE6B27EA} - C:\Windows\system32\cbXQhgGX.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor111\pctsTray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMecYOe.dll,#1
O4 - HKLM\..\Run: [BM6830f3c4] Rundll32.exe "C:\Windows\system32\egycrojj.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\DYLAND~1\AppData\Local\Temp\yayaBRHy.dll,#1
O4 - HKCU\..\Run: [BM6830f3c4] Rundll32.exe "C:\Users\DYLAND~1\AppData\Local\Temp\pvalwrha.dll",s
O4 - HKCU\..\Run: [6b03c058] rundll32.exe "C:\Users\DYLAND~1\AppData\Local\Temp\jceisrhg.dll",b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Users\Dylan de Wet\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra button: Silver Sands Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - e:\Program Files\Autobot\GameClient.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61FFF564-6CF6-4D2B-B142-5E51DA12B2B6}: NameServer = 196.7.18.82,196.31.65.99
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - Unknown owner - (no file)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\b2new.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor111\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor111\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)