#16
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    shellaxx.exe;E:\RECYCLER\S-1-6-22-4564031308-1609158761-021649731-2550;Win32.HLLW.Autoruner.2865;Deleted.;
    ComboFix.exe\32788R22FWJFW\List-C.bat;E:\For other comp\ComboFix.exe;Probably BATCH.Virus;;
    ComboFix.exe\32788R22FWJFW\psexec.cfexe;E:\For other comp\ComboFix.exe;Program.PsExec.171;;
    ComboFix.exe;E:\For other comp;Archive contains infected objects;Moved.;
    SDFix.exe\SDFix\apps\Process.exe;E:\For other comp\SDFix.exe;Tool.Prockill;;
    SDFix.exe;E:\For other comp;Archive contains infected objects;Moved.;
    ix.exe\32788R22FWJFW\List-C.bat;C:\Documents and Settings\Pwner\Desktop\ix.exe;Probably BATCH.Virus;;
    ix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Pwner\Desktop\ix.exe;Program.PsExec.171;;
    ix.exe;C:\Documents and Settings\Pwner\Desktop;Archive contains infected objects;Moved.;
    SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Pwner\Desktop\SDFix.exe;Tool.Prockill;;
    SDFix.exe;C:\Documents and Settings\Pwner\Desktop;Archive contains infected objects;Moved.;
    data009\data003;C:\Program Files\ATT\nullsoft\nap.EXE\data009;Probably DLOADER.Trojan;;
    data009;C:\Program Files\ATT\nullsoft\nap.EXE;Archive contains infected objects;;
    nap.EXE;C:\Program Files\ATT\nullsoft;Archive contains infected objects;Moved.;
    InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Moved.;
    T8M0.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.4915;Moved.;
    WAfg.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.5986;Moved.;
    netdde.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Judy\My Documents\SMANTE~1;Adware.MediaTicket.81;Moved.;
    qofra.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\qofr;Trojan.DownLoader.11355;Moved.;
    qofrl.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\qofr;Trojan.DownLoader.11354;Moved.;
    qofrm.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\qofr;Adware.TargetServer;Moved.;
    qofrp.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\qofr;Adware.TargetServer;Moved.;
    qofrc.dll.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\qofr\qofrd;Adware.TargetServer;Moved.;
    el32.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.5785;Moved.;
    HKDSKE~1.VIR;C:\Qoobox\Quarantine\C\WINDOWS\WNSXS~1;Trojan.PurityAd.origin;Moved.;
    Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
    A0232383.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0232387.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0232457.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0232458.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0232470.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0232474.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.2043;Moved.;
    A0232476.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.MulDrop.18267;Moved.;
    A0232477.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0232486.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Probably DLOADER.Trojan;Moved.;
    A0233457.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0233458.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0233470.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0234457.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0234458.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0234466.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0234472.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.4906;Moved.;
    A0234473.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.2043;Moved.;
    A0234475.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0234477.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.MulDrop.18267;Moved.;
    A0234479.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Probably DLOADER.Trojan;Moved.;
    A0234494.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0234495.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0234507.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0234511.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0234512.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0234518.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0234522.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0234527.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.4906;Moved.;
    A0234528.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.2043;Moved.;
    A0234530.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0234532.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.MulDrop.18267;Moved.;
    A0234540.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0234541.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0234556.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0235540.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235541.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235544.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0235545.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235546.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235555.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0235559.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0235561.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.4906;Moved.;
    A0235562.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.2043;Moved.;
    A0235564.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0235566.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.MulDrop.18267;Moved.;
    A0235569.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Probably DLOADER.Trojan;Moved.;
    A0235574.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235575.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235588.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0235589.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0235593.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235594.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235600.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0235604.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0235605.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0235610.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.4906;Moved.;
    A0235611.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.2043;Moved.;
    A0235613.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0235615.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.MulDrop.18267;Moved.;
    A0235618.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Probably DLOADER.Trojan;Moved.;
    A0235620.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235621.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235631.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3201;Moved.;
    A0235633.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0235638.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.4906;Moved.;
    A0235639.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.2043;Moved.;
    A0235641.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0235642.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0235644.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.MulDrop.18267;Moved.;
    A0235648.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Probably DLOADER.Trojan;Moved.;
    A0235650.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235651.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235662.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0235668.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.4906;Moved.;
    A0235669.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.2043;Moved.;
    A0235670.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0235672.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0235674.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.MulDrop.18267;Moved.;
    A0235678.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235679.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235685.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0235692.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0235695.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235696.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235699.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0235710.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0235713.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235714.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235717.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0235718.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235719.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235722.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0235723.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Siggen.66;Moved.;
    A0235727.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0235730.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0235733.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3201;Moved.;
    A0235743.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3201;Moved.;
    A0235744.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235745.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0235749.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0235755.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0236743.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0236744.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0236748.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0236754.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0236759.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.4906;Moved.;
    A0236760.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.2043;Moved.;
    A0236763.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.MulDrop.18267;Moved.;
    A0236764.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0236773.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0236774.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0236781.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0236788.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0236789.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0236792.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0236793.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0236796.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0236802.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.1475;Moved.;
    A0236803.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0236806.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0236807.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.DownLoad.5986;Moved.;
    A0236811.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0236820.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Spambot.3432;Moved.;
    A0238885.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Fakealert.458;Moved.;
    A0238931.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0238973.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0238993.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239005.bat;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Probably BATCH.Virus;Moved.;
    A0239012.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239013.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239014.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239015.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239023.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;BackDoor.Bulknet.240;Moved.;
    A0239028.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239029.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239038.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239039.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239052.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239053.sys;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP393;Trojan.Sentinel.based;Moved.;
    A0239101.bat;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP394;Probably BATCH.Virus;Moved.;
    A0239102.EXE;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP394;Program.PsExec.170;Moved.;
    A0239123.EXE;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP394;Program.PsExec.170;Moved.;
    A0239235.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Trojan.DownLoader.11355;Moved.;
    A0239237.dll;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Adware.TargetServer;Moved.;
    A0239238.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Trojan.DownLoader.11354;Moved.;
    A0239240.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Adware.TargetServer;Moved.;
    A0239242.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Adware.TargetServer;Moved.;
    A0239245.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Trojan.DownLoad.4915;Moved.;
    A0239246.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Trojan.DownLoad.5986;Moved.;
    A0239254.dll;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Trojan.DownLoad.5785;Moved.;
    A0239259.exe;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Trojan.PurityAd.origin;Moved.;
    A0239261.bat;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Probably BATCH.Virus;Moved.;
    A0239262.EXE;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Program.PsExec.170;Moved.;
    A0239280.EXE;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP395;Program.PsExec.170;Moved.;
    A0239319.bat;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP396;Probably BATCH.Virus;Moved.;
    A0239339.EXE;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP396;Program.PsExec.170;Moved.;
    A0241214.dll;C:\System Volume Information\_restore{C0DC6EBD-B11E-4581-9BCE-7405A3A15500}\RP398;Trojan.NtRootKit.103;Moved.;
  2. #17
  3. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    is there more of the log or did it get cut off by the posting limit?
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  4. #18
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Nope, that's it.
  6. #19
  7. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Please download Random's System Information Tool (RSIT)

    * Save it to the Desktop
    * Double click on RSIT.exe to run the program
    * Click Continue at the disclaimer screen
    * Once the tool finishes, two logs open. Log.txt is maximized, and Info.txt is minimized.
    (The logs are also contained in C:\rsit)


    Please post the contents of both logs in your reply.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  8. #20
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Pwner at 2008-10-12 21:02:09
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 27 GB (71%) free of 38 GB
    Total RAM: 447 MB (36% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:02:15 PM, on 10/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Pwner\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Pwner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

    --
    End of file - 8965 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2004-06-21 143360]
    "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-01 53248]
    "AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-09-05 450560]
    "RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2004-10-11 589824]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2003-04-01 12288]
    "LXSUPMON"=C:\WINDOWS\System32\LXSUPMON.EXE [2002-01-28 885760]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
    "InstantAccess"=C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE [1998-12-10 37376]
    "RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE [1998-12-10 23040]
    "lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]
    "lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]
    "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-06-11 312240]
    "PhotoExplosionCalCheck"=C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe [2006-09-20 69632]
    "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-10-13 1694208]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
    "C:\Program Files\att-nap\McciBrowser.exe"="C:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe"
    "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
    "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
    "C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\ 3\lxddjswx.exe:*:Enabled: "
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\ 3\lxddpswx.exe:*:Enabled: "
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\ 3\lxddtime.exe:*:Enabled: "
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\ 3\lxddwbgw.exe:*:Enabled: "
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"

    ======List of files/folders created in the last 1 months======

    2008-10-12 21:02:09 ----D---- C:\rsit
    2008-10-12 14:45:00 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-10-12 14:26:39 ----A---- C:\WINDOWS\AdWare Pro Uninstall Log.txt
    2008-10-12 10:56:22 ----D---- C:\WINDOWS\BDOSCAN8
    2008-10-12 10:08:36 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2008-10-12 10:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-12 10:06:36 ----D---- C:\Program Files\SUPERAntiSpyware
    2008-10-12 10:06:36 ----D---- C:\Documents and Settings\Pwner\Application Data\SUPERAntiSpyware.com
    2008-10-12 09:57:50 ----SHD---- C:\RECYCLER
    2008-10-12 00:09:04 ----D---- C:\WINDOWS\ERUNT
    2008-10-12 00:05:47 ----D---- C:\SDFix
    2008-10-12 00:03:16 ----D---- C:\WINDOWS\temp
    2008-10-12 00:03:13 ----A---- C:\ComboFix.txt
    2008-10-11 21:09:07 ----D---- C:\Program Files\Trend Micro
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\zip.exe
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\VFIND.exe
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\SWXCACLS.exe
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\SWSC.exe
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\SWREG.exe
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\sed.exe
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\NIRCMD.exe
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\grep.exe
    2008-10-11 20:03:52 ----A---- C:\WINDOWS\fdsv.exe
    2008-10-11 20:03:46 ----D---- C:\WINDOWS\ERDNT
    2008-10-11 20:03:46 ----D---- C:\Qoobox
    2008-10-11 16:30:39 ----D---- C:\Program Files\HijackThis
    2008-10-11 16:15:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 15:51:12 ----D---- C:\Program Files\CCleaner
    2008-10-11 14:59:20 ----D---- C:\Documents and Settings\Pwner\Application Data\Malwarebytes
    2008-10-11 14:59:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 14:59:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 12:02:29 ----D---- C:\WINDOWS\AdWare Pro
    2008-10-11 12:00:30 ----D---- C:\Program Files\AdWare Pro
    2008-10-07 08:40:59 ----D---- C:\Program Files\att-nap
    2008-10-06 20:58:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-06 19:42:05 ----SHD---- C:\WINDOWS\VVNFUg
    2008-10-05 18:01:42 ----D---- C:\WINDOWS\Minidump
    2008-10-04 11:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-10-01 16:48:08 ----D---- C:\Documents and Settings\All Users\Application Data\IM
    2008-10-01 16:47:02 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-09-29 16:54:37 ----D---- C:\Program Files\Microsoft
    2008-09-16 14:58:28 ----A---- C:\WINDOWS\Textart.INI
    2008-09-16 14:15:21 ----D---- C:\Program Files\Apple Software Update
    2008-09-15 17:30:03 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
    2008-09-13 14:35:50 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
    2008-09-13 14:35:50 ----A---- C:\WINDOWS\system32\ltimg13n.dll
    2008-09-13 14:35:50 ----A---- C:\WINDOWS\system32\ltfil13n.dll
    2008-09-13 14:35:50 ----A---- C:\WINDOWS\system32\ltefx13n.dll
    2008-09-13 14:35:50 ----A---- C:\WINDOWS\system32\ltdis13n.dll
    2008-09-13 14:35:50 ----A---- C:\WINDOWS\system32\lfgif13n.dll
    2008-09-13 14:35:50 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
    2008-09-13 14:35:50 ----A---- C:\WINDOWS\system32\lfbmp13n.dll

    ======List of files/folders modified in the last 1 months======

    2008-10-12 21:02:11 ----D---- C:\WINDOWS\Prefetch
    2008-10-12 14:45:00 ----D---- C:\WINDOWS
    2008-10-12 14:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-12 14:42:51 ----D---- C:\Program Files\Viewpoint
    2008-10-12 14:38:33 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-10-12 14:38:16 ----AD---- C:\Program Files
    2008-10-12 14:37:08 ----SHD---- C:\WINDOWS\Installer
    2008-10-12 14:35:59 ----D---- C:\Config.Msi
    2008-10-12 14:35:51 ----AD---- C:\WINDOWS\system32
    2008-10-12 14:30:11 ----D---- C:\Program Files\ATT Internet Tools
    2008-10-12 14:23:50 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-10-12 14:23:50 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-12 14:21:49 ----D---- C:\WINDOWS\system32\drivers
    2008-10-12 14:21:49 ----D---- C:\Program Files\Symantec
    2008-10-12 14:20:11 ----D---- C:\Program Files\Common Files
    2008-10-12 11:05:06 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-12 11:03:39 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-10-12 11:03:38 ----HD---- C:\WINDOWS\inf
    2008-10-12 10:56:28 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-10-12 10:53:11 ----SD---- C:\Documents and Settings\Pwner\Application Data\Microsoft
    2008-10-12 10:08:36 ----D---- C:\WINDOWS\Debug
    2008-10-11 23:57:59 ----A---- C:\WINDOWS\system.ini
    2008-10-11 23:56:17 ----D---- C:\WINDOWS\system32\config
    2008-10-11 23:55:15 ----D---- C:\WINDOWS\AppPatch
    2008-10-11 23:51:33 ----SD---- C:\WINDOWS\Tasks
    2008-10-11 21:37:11 ----D---- C:\WINDOWS\repair
    2008-10-11 20:08:51 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-11 16:23:07 ----D---- C:\Program Files\Mozilla Firefox
    2008-10-11 16:22:44 ----D---- C:\Documents and Settings\Pwner\Application Data\Mozilla
    2008-10-11 15:23:55 ----D---- C:\Program Files\Internet Explorer
    2008-10-11 15:22:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-10-09 17:16:46 ----D---- C:\Program Files\Lx_cats
    2008-10-07 08:40:59 ----D---- C:\Program Files\Common Files\Motive
    2008-10-07 08:32:26 ----D---- C:\WINDOWS\security
    2008-10-06 20:58:16 ----D---- C:\Program Files\Google
    2008-10-06 20:34:01 ----D---- C:\24670f0d862a27e73ec059ccc1
    2008-10-06 19:09:51 ----D---- C:\WINDOWS\system32\wbem
    2008-10-06 17:04:50 ----A---- C:\WINDOWS\NeroDigital.ini
    2008-10-06 15:29:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-06 14:56:07 ----SHD---- C:\System Volume Information
    2008-10-06 14:56:07 ----D---- C:\WINDOWS\system32\Restore
    2008-10-06 14:24:00 ----D---- C:\Cellosoft
    2008-10-06 10:50:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-10-05 18:00:26 ----A---- C:\WINDOWS\system32\svchost.exe
    2008-10-02 11:49:06 ----RSD---- C:\WINDOWS\Fonts
    2008-10-02 11:37:22 ----D---- C:\WINDOWS\system32\NtmsData
    2008-10-02 07:32:01 ----D---- C:\Program Files\MySpace
    2008-10-01 11:10:20 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
    2008-09-29 16:51:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-09-29 16:51:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-09-24 09:41:09 ----D---- C:\WINDOWS\Help
    2008-09-22 14:49:11 ----A---- C:\WINDOWS\Winamp.ini
    2008-09-19 18:06:52 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-19 18:06:45 ----D---- C:\Program Files\NOS
    2008-09-16 15:38:24 ----D---- C:\WINDOWS\Microsoft.NET
    2008-09-16 14:16:54 ----D---- C:\Program Files\QuickTime
    2008-09-16 14:07:12 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-09-16 14:07:04 ----RSD---- C:\WINDOWS\assembly
    2008-09-16 14:07:01 ----D---- C:\WINDOWS\WinSxS
    2008-09-16 14:03:20 ----D---- C:\Program Files\ATT
    2008-09-16 14:02:56 ----D---- C:\Documents and Settings\Pwner\Application Data\Lavasoft
    2008-09-16 14:02:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-09-16 14:02:11 ----D---- C:\Program Files\Common Files\Adobe
    2008-09-15 16:50:42 ----A---- C:\WINDOWS\disney.ini
    2008-09-15 16:50:41 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-09-13 18:19:38 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
    2008-09-13 18:19:38 ----AT---- C:\WINDOWS\system32\SIntf32.dll
    2008-09-13 18:19:37 ----AT---- C:\WINDOWS\system32\SIntf16.dll
    2008-09-13 17:58:20 ----D---- C:\WINDOWS\system32\Adobe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
    R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-09-29 1036928]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2004-09-29 219136]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-10-06 174592]
    R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-08-03 202112]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-09-29 702592]
    S3 catchme;catchme; \??\C:\DOCUME~1\Pwner\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
    S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
    S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
    S3 SFC4;SFC4; C:\WINDOWS\system32\drivers\SFC4.sys []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-07-13 33890]
    S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 UWProSys;Process monitor.; C:\WINDOWS\system32\drivers\UWProSys.sys []
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
    R2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
    R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 303104]
    S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]

    -----------------EOF-----------------
  10. #21
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    info.txt logfile of random's system information tool 1.04 2008-10-12 21:02:18

    ======Uninstall list======

    -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNNMP.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    -->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
    Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Adobe Acrobat Reader 3.01-->C:\WINDOWS\uninst.exe -fC:\AcrobatX\Reader\DeIsL1.isu
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
    Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
    Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"
    CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
    ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
    ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
    ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
    ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
    essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
    fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
    FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
    getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
    Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
    kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
    kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
    kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
    kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
    kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
    kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
    kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
    Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_ca59c\Setup.exe /APR-REMOVE
    KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
    Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
    Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
    Lexmark Supplies Monitor-->C:\WINDOWS\System32\LXSMUNIN.EXE
    Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
    LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Office Live Add-in beta-->MsiExec.exe /I{F88502DB-13B8-4F71-87C2-4F1529644973}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
    Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
    Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    Nero PhotoShow Express-->"C:\Program Files\Nero\data\Xtras\Uninstall.exe"
    Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
    Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
    OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
    PCI SoftV92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF
    Photo Explosion 3.0 Special Edition-->MsiExec.exe /X{C778BD4F-0DEA-4D39-B7C1-992E1BFFD351}
    QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
    S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
    S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
    S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
    S3 S3TrayPlus-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'
    Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
    SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
    SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
    skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
    SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    TextBridge Pro 8.0-->"C:\Program Files\TextBridge Pro 8.0\bin\setup.exe" -funinst.ins
    tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
    TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
    UniChrome Pro IGP Display Driver and Utilities-->C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
    Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
    VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
    Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
    WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

    =====HijackThis Backups=====

    O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"

    ======Hosts File======

    127.0.0.1 localhost

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Nova Development\Photo Explosion 3.0 SE;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2c02
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
    "FP_NO_HOST_CHECK"=NO

    -----------------EOF-----------------
  12. #22
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Was there anything else that I should do?
  14. #23
  15. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Let me backtrack over the logs and get back to you. Sorry its taking too long.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  16. #24
  17. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    * Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:

    KillAll::
    File::
    C:\WINDOWS\AdWare Pro Uninstall Log.txt
    Folder::
    C:\RECYCLER
    C:\WINDOWS\AdWare Pro
    C:\Program Files\AdWare Pro
    C:\WINDOWS\VVNFUg
    C:\24670f0d862a27e73ec059ccc1
    C:\Program Files\Viewpoint
    C:\WINDOWS\temp

    * Save this as CFScript.txt and place it on your desktop.





    * Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    * ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    * When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

    With a new HJT log


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  18. #25
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    ComboFix 08-10-12.01 - Pwner 2008-10-14 10:42:58.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.219 [GMT -4:00]
    Running from: C:\Documents and Settings\Pwner\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pwner\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\AdWare Pro Uninstall Log.txt
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\24670f0d862a27e73ec059ccc1
    C:\24670f0d862a27e73ec059ccc1\$shtdwn$.req
    C:\24670f0d862a27e73ec059ccc1\mrt.exe._p
    C:\24670f0d862a27e73ec059ccc1\mrtstub.exe
    C:\Program Files\AdWare Pro
    C:\Program Files\AdWare Pro\AdWare Pro Setup Log.txt
    C:\Program Files\AdWare Pro\SchedulePlan.txt
    C:\Program Files\Viewpoint
    C:\RECYCLER
    C:\RECYCLER\S-1-5-21-448539723-117609710-839522115-1005\Dc1.exe
    C:\RECYCLER\S-1-5-21-448539723-117609710-839522115-1005\desktop.ini
    C:\RECYCLER\S-1-5-21-448539723-117609710-839522115-1005\INFO2
    C:\WINDOWS\AdWare Pro Uninstall Log.txt
    C:\WINDOWS\AdWare Pro
    C:\WINDOWS\AdWare Pro\uninstall.exe
    C:\WINDOWS\temp
    C:\WINDOWS\temp\WGAErrLog.txt
    C:\WINDOWS\VVNFUg

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
    .

    2008-10-12 21:02 . 2008-10-12 21:02 <DIR> d-------- C:\rsit
    2008-10-12 14:48 . 2008-10-12 14:48 <DIR> d-------- C:\Documents and Settings\Pwner\DoctorWeb
    2008-10-12 10:56 . 2008-10-12 11:07 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2008-10-12 10:08 . 2008-10-12 11:03 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-10-12 10:06 . 2008-10-12 10:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-10-12 10:06 . 2008-10-12 10:06 <DIR> d-------- C:\Documents and Settings\Pwner\Application Data\SUPERAntiSpyware.com
    2008-10-12 10:06 . 2008-10-12 10:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-12 00:09 . 2008-10-12 00:09 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-10-12 00:05 . 2008-10-12 00:19 <DIR> d-------- C:\SDFix
    2008-10-11 21:09 . 2008-10-11 21:09 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-11 16:15 . 2008-10-11 16:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 15:51 . 2008-10-11 15:53 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\Pwner\Application Data\Malwarebytes
    2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 14:59 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-11 14:59 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-07 08:40 . 2008-10-07 08:40 <DIR> d-------- C:\Program Files\att-nap
    2008-10-07 08:26 . 2008-10-07 08:26 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
    2008-10-06 20:58 . 2008-10-12 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-06 19:16 . 2008-10-11 22:08 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Gool
    2008-10-06 09:14 . 2008-10-06 09:14 18,533 --a------ C:\WINDOWS\uzoqytyp._sy
    2008-10-06 09:14 . 2008-10-06 09:14 15,155 --a------ C:\WINDOWS\ujuza.dl
    2008-10-06 09:14 . 2008-10-06 09:14 14,177 --a------ C:\WINDOWS\apihoz.dl
    2008-10-06 09:14 . 2008-10-06 09:14 12,856 --a------ C:\WINDOWS\unanetuv.lib
    2008-10-06 09:14 . 2008-10-06 09:14 12,484 --a------ C:\WINDOWS\esuqosoz.inf
    2008-10-06 09:14 . 2008-10-06 09:14 11,389 --a------ C:\WINDOWS\xevumezozi.dat
    2008-10-04 11:28 . 2008-10-04 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-10-01 16:48 . 2008-10-01 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
    2008-10-01 16:47 . 2008-10-01 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-09-29 16:54 . 2008-09-29 16:54 <DIR> d-------- C:\Program Files\Microsoft
    2008-09-24 09:03 . 2008-09-24 09:04 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\SPAMfighter
    2008-09-22 11:25 . 2008-09-22 11:25 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\SPAMfighter
    2008-09-16 14:58 . 2008-09-16 14:58 0 --a------ C:\WINDOWS\Textart.INI
    2008-09-16 14:15 . 2008-09-16 14:15 <DIR> d-------- C:\Program Files\Apple Software Update
    2008-09-16 12:50 . 2008-09-16 12:50 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\Uniblue
    2008-09-15 16:55 . 2008-09-15 16:55 <DIR> d-------- C:\Documents and Settings\Judy\Application Data\vlc

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-12 18:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-10-12 18:30 --------- d-----w C:\Program Files\ATT Internet Tools
    2008-10-12 18:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-12 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-12 18:21 --------- d-----w C:\Program Files\Symantec
    2008-10-09 21:16 --------- d-----w C:\Program Files\Lx_cats
    2008-10-07 12:40 --------- d-----w C:\Program Files\Common Files\Motive
    2008-10-07 00:58 --------- d-----w C:\Program Files\Google
    2008-10-06 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-02 11:32 --------- d-----w C:\Program Files\MySpace
    2008-09-21 20:07 --------- d-----w C:\Documents and Settings\Fred\Application Data\FaxCtr
    2008-09-19 22:06 --------- d-----w C:\Program Files\NOS
    2008-09-19 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-16 18:16 --------- d-----w C:\Program Files\QuickTime
    2008-09-16 18:03 --------- d-----w C:\Program Files\ATT
    2008-09-16 18:02 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-09-16 18:02 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Lavasoft
    2008-09-16 16:24 --------- d-----w C:\Documents and Settings\Judy\Application Data\FaxCtr
    2008-09-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 22:17 --------- d-----w C:\Documents and Settings\Judy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2008-09-06 23:10 --------- d-----w C:\Documents and Settings\Fred\Application Data\MySpace
    2008-09-05 13:58 --------- d-----w C:\Program Files\CDex_150
    2008-08-31 23:00 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Template
    2008-08-31 20:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\Skype
    2008-08-31 20:11 --------- d-----w C:\Documents and Settings\Pwner\Application Data\skypePM
    2008-08-26 16:53 --------- d-----w C:\Program Files\Java
    2008-08-15 15:12 --------- d-----w C:\Documents and Settings\Pwner\Application Data\FaxCtr
    2006-11-07 17:43 0 ----a-w C:\Program Files\Common Files\err.log
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-11_21.35.54.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-11-20 10:17:52 33,280 ----a-w C:\WINDOWS\$hf_mig$\KB926247\SP2QFE\snmp.exe
    + 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926247\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926247\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\spcustom.dll
    + 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\update.exe
    + 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\updspapi.dll
    + 2008-10-12 14:57:17 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-10-12 14:57:18 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-10-12 14:57:18 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-10-12 14:57:26 102,400 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2008-01-09 19:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-10-12 14:57:29 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-10-12 14:57:19 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    + 2008-01-09 19:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    + 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
    + 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-10-12 04:09:24 2,957,312 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2008-10-12 04:09:24 176,128 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-10-12 04:09:13 2,957,312 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2008-10-12 04:09:13 176,128 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2008-10-12 14:06:41 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2008-10-12 14:06:41 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    - 2004-08-04 07:56:56 32,768 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
    + 2006-11-20 08:42:45 33,280 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
    - 2004-08-04 07:56:56 32,768 ----a-w C:\WINDOWS\system32\snmp.exe
    + 2006-11-20 08:42:45 33,280 ----a-w C:\WINDOWS\system32\snmp.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-05 450560]
    "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 12288]
    "LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.EXE" [2002-01-28 885760]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-12-10 37376]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]
    "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
    "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
    "PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "VTTrayp"="VTtrayp.exe" [2004-06-21 C:\WINDOWS\system32\VTTrayp.exe]
    "VTTimer"="VTTimer.exe" [2004-10-01 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 23040]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\att-nap\\McciBrowser.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
    "C:\\WINDOWS\\system32\\lxddcoms.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
    "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020

    R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
    R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lx ddserv.exe [2007-05-25 99248]
    R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 303104]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 19712]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 18304]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 10:47:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-14 10:54:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-14 14:54:12
    ComboFix2.txt 2008-10-12 04:03:13
    ComboFix3.txt 2008-10-12 03:48:16
    ComboFix4.txt 2008-10-12 01:56:05

    Pre-Run: 28,429,742,080 bytes free
    Post-Run: 28,420,440,064 bytes free

    251 --- E O F --- 2008-10-13 05:24:26



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:55:06 AM, on 10/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

    --
    End of file - 8895 bytes
  20. #26
  21. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Download OTMoveIt3 by OldTimer to your desktop from HERE

    Then click OTMoveIt3.exe to run it (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator").

    Copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):

    :files
    C:\WINDOWS\uzoqytyp._sy
    C:\WINDOWS\ujuza.dl
    C:\WINDOWS\apihoz.dl
    C:\WINDOWS\unanetuv.lib
    C:\WINDOWS\esuqosoz.inf
    C:\WINDOWS\xevumezozi.dat
    C:\WINDOWS\VVNFUg
    Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.

    A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".


    After that


    I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
    The below scan can take up to an hour or longer, please be patient.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


    Please do a scan with Kaspersky Online Scanner HERE

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.[*]The program will install and then begin downloading the latest definition files.[*]After the files have been downloaded on the left side of the page in the Scan section select My Computer.[*]This will start the program and scan your system.[*]The scan will take a while, so be patient and let it run.
    * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    [*]Once the scan is complete, click on View scan report
    To obtain the report:
    Click on: Save Report As
    Next, in the Save as prompt, Save in area, select: Desktop
    In the File name area, use KScan, or something similar
    In Save as type, click the drop arrow and select: Text file [*.txt]
    Then, click: Save
    Please post the Kaspersky Online Scanner Report in your reply.


    (Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)



    In your next reply post:
    Kaspersky log
    New HJT log taken after the above scans have run
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  22. #27
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    I'm about to head back to school, so my parents are going to have to take over from here.

    Here's the log from OTMoveIt -- I'll start the online scan and they'll have to post it here for you when it's done.

    Thanks for the help so far.

    :files
    C:\WINDOWS\uzoqytyp._sy
    C:\WINDOWS\ujuza.dl
    C:\WINDOWS\apihoz.dl
    C:\WINDOWS\unanetuv.lib
    C:\WINDOWS\esuqosoz.inf
    C:\WINDOWS\xevumezozi.dat
    C:\WINDOWS\VVNFUg
  24. #28
  25. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    No problem, If the online scan works we should be about finished. The rest should be easy and go quick in a couple more steps.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  26. #29
  27. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:02:50 PM, on 10/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo.com/ActiveX/RCAXSetup.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

    --
    End of file - 9933 bytes
  28. #30
  29. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    34
    Rep Power
    7
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, October 14, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, October 14, 2008 10:36:49
    Records in database: 1310847
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\

    Scan statistics:
    Files scanned: 67383
    Threat name: 24
    Infected objects: 112
    Suspicious objects: 0
    Duration of the scan: 01:12:05


    File name / Threat name / Threats count
    C:\Documents and Settings\Pwner\Desktop\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0232383.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0232387.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0232470.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0232476.exe Infected: Trojan.Win32.Agent.ugi 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0232477.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0232486.exe Infected: Trojan-Downloader.Win32.Agent.aiuk 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0233470.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234466.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234472.exe Infected: Trojan-Downloader.Win32.Agent.aium 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234475.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234477.exe Infected: Trojan.Win32.Agent.ugi 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234479.exe Infected: Trojan-Downloader.Win32.Agent.aiuk 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234507.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234518.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234522.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234527.exe Infected: Trojan-Downloader.Win32.Agent.aium 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234530.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234532.exe Infected: Trojan.Win32.Agent.ugi 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0234556.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235544.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235555.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235559.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235561.exe Infected: Trojan-Downloader.Win32.Agent.aium 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235564.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235566.exe Infected: Trojan.Win32.Agent.ugi 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235569.exe Infected: Trojan-Downloader.Win32.Agent.aiuk 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235588.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235589.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235600.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235604.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235605.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235610.exe Infected: Trojan-Downloader.Win32.Agent.aium 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235611.exe Infected: Trojan-Downloader.Win32.Tibs.kqe 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235613.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235615.exe Infected: Trojan.Win32.Agent.ugi 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235618.exe Infected: Trojan-Downloader.Win32.Agent.aiuk 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235631.sys Infected: Rootkit.Win32.Qandr.do 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235633.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235638.exe Infected: Trojan-Downloader.Win32.Agent.aium 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235639.exe Infected: Trojan-Downloader.Win32.Tibs.kqe 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235641.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235642.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235644.exe Infected: Trojan.Win32.Agent.ugi 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235648.exe Infected: Trojan-Downloader.Win32.Agent.aiuk 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235662.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235668.exe Infected: Trojan-Downloader.Win32.Agent.aium 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235669.exe Infected: Trojan-Downloader.Win32.Tibs.kqe 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235670.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235672.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235674.exe Infected: Trojan.Win32.Agent.ugi 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235685.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235692.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235699.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235710.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235717.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235722.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235723.sys Infected: Trojan.Win32.Agent.mwo 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235727.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235730.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235733.sys Infected: Rootkit.Win32.Qandr.do 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235743.sys Infected: Rootkit.Win32.Qandr.do 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235749.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0235755.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236748.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236754.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236759.exe Infected: Trojan-Downloader.Win32.Agent.aium 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236760.exe Infected: Trojan-Downloader.Win32.Tibs.kqe 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236763.exe Infected: Trojan.Win32.Agent.ugi 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236764.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236781.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236788.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236789.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236796.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236802.exe Infected: not-a-virus:Downloader.Win32.Agent.bs 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236803.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236811.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0236820.sys Infected: Email-Worm.Win32.Zhelatin.vl 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0238885.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0238931.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0238973.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0238993.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239012.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239013.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239014.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239015.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239023.sys Infected: Rootkit.Win32.Protector.bd 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239028.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239029.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239038.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239039.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239052.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239053.sys Infected: Rootkit.Win32.Pakes.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239235.exe Infected: Trojan-Downloader.Win32.TSUpdate.l 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239238.exe Infected: Trojan-Downloader.Win32.TSUpdate.r 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239240.exe Infected: Trojan-Downloader.Win32.TSUpdate.n 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239242.exe Infected: Trojan-Downloader.Win32.TSUpdate.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239246.exe Infected: Backdoor.Win32.UltimateDefender.sp 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239254.dll Infected: Trojan-Downloader.Win32.Agent.ajaz 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\A0239259.exe Infected: not-a-virus:AdWare.Win32.PurityScan.jw 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\el32.dll.vir Infected: Trojan-Downloader.Win32.Agent.ajaz 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\HKDSKE~1.VIR Infected: not-a-virus:AdWare.Win32.PurityScan.jw 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\netdde.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\qofra.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.l 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\qofrl.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.r 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\qofrm.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.n 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\qofrp.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.f 1
    C:\Documents and Settings\Pwner\DoctorWeb\Quarantine\WAfg.exe.vir Infected: Backdoor.Win32.UltimateDefender.sp 1
    C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\867421903.exe.vir Infected: Trojan-Downloader.Win32.Small.aeyi 1
    C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\871026602.exe.vir Infected: Trojan-Downloader.Win32.Small.afbi 1
    C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\932579358.exe.vir Infected: Trojan-Downloader.Win32.Agent.ajkt 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pLqgtD11.exe.vir Infected: Trojan-Downloader.Win32.Firu.aqg 1

    The selected area was scanned.

IMN logo majestic logo threadwatch logo seochat tools logo