Very Slow Loading Webpages, random pop-ups [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

2 Pages

1 2 >

Very Slow Loading Webpages, random pop-ups [RESOLVED]

Options

Nick P View Member Profile	Jun 12 2008, 06:15 PM Post #1
New Member Posts: 9 OS: Windows XP Pro	Almost every webpage is loading very slow, my cursor is skipping from time to time as I am typing this, I also been getting random pop-ups and random images on web-pages appearing saying that my privacy is at risk or whatnot. I dunno what else to think of except something is lurking on my computer. Help me! Thank you in adavance. Nick P. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:15:10 PM, on 6/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 F3 - REG:win.ini: run= O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [2f7208ab] rundll32.exe "C:\WINDOWS\system32\eoswuith.dll",b O4 - HKLM\..\Run: [BM2c413b37] Rundll32.exe "C:\WINDOWS\system32\tjpprgrg.dll",s O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'Default user') O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\FMRMD32.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nick\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-tri...mesLauncher.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx O20 - AppInit_DLLs: netdde.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing) O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\Prime95.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 8667 bytes

Rorschach112 View Member Profile	Jun 13 2008, 05:36 AM Post #2
GeekU Teacher Posts: 21,884 From: Dublin OS: XP	Hello Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post.

Nick P View Member Profile	Jun 13 2008, 12:25 PM Post #3
New Member Posts: 9 OS: Windows XP Pro	I am having difficulty installing the Recovery Console. I am following the guide, by dragging my Microsoft file onto Combofix.exe, but it automatically loads ComboFix and wants to start running. I don't think this is supposed to happen. Am I doing something wrong?

Rorschach112 View Member Profile	Jun 13 2008, 12:40 PM Post #4
GeekU Teacher Posts: 21,884 From: Dublin OS: XP	No that should be fine, let it run

Nick P View Member Profile	Jun 13 2008, 05:48 PM Post #5
New Member Posts: 9 OS: Windows XP Pro	Okay, here is what I got. ComboFix 08-06-11.7 - Nick 2008-06-13 15:11:15.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447 [GMT -4:00] Running from: C:\Documents and Settings\Nick\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Nick\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\6.tmp C:\Documents and Settings\Dana\Application Data\ASEMBL~1 C:\Documents and Settings\Dana\Application Data\CROSOF~1 C:\Documents and Settings\Dana\Application Data\CROSOF~1.NET C:\Documents and Settings\Dana\Application Data\CURITY~1 C:\Documents and Settings\Dana\Application Data\FNTS~1 C:\Documents and Settings\Dana\Application Data\FNTS~2 C:\Documents and Settings\Dana\Application Data\ICROSO~1.NET C:\Documents and Settings\Dana\Application Data\macromedia\Flash Player\#SharedObjects\PQ3XYZFT\www.broadcaster.com C:\Documents and Settings\Dana\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Dana\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\Dana\Application Data\MANTEC~1 C:\Documents and Settings\Dana\Application Data\MCROSO~1.NET C:\Documents and Settings\Dana\Application Data\RACLE~1 C:\Documents and Settings\Dana\Application Data\RACLE~2 C:\Documents and Settings\Dana\Application Data\SCURIT~1 C:\Documents and Settings\Dana\Application Data\SKS~1 C:\Documents and Settings\Dana\Application Data\SMANTE~1 C:\Documents and Settings\Dana\Application Data\SSEMBL~1 C:\Documents and Settings\Dana\Application Data\STEM~1 C:\Documents and Settings\Dana\Application Data\STEM32~1 C:\Documents and Settings\Dana\Application Data\TSKS~1 C:\Documents and Settings\Dana\Application Data\WNSXS~1 C:\Documents and Settings\Dana\Application Data\YMANTE~1 C:\Documents and Settings\Dana\Application Data\YSTEM~1 C:\Documents and Settings\Dana\My Documents\ASEMBL~1 C:\Documents and Settings\Dana\My Documents\ASKS~1 C:\Documents and Settings\Dana\My Documents\CROSOF~1 C:\Documents and Settings\Dana\My Documents\CROSOF~1.NET C:\Documents and Settings\Dana\My Documents\CURITY~1 C:\Documents and Settings\Dana\My Documents\DOBE~1 C:\Documents and Settings\Dana\My Documents\FNTS~1 C:\Documents and Settings\Dana\My Documents\ICROSO~1 C:\Documents and Settings\Dana\My Documents\ICROSO~1.NET C:\Documents and Settings\Dana\My Documents\ICROSO~2 C:\Documents and Settings\Dana\My Documents\MANTEC~1 C:\Documents and Settings\Dana\My Documents\MCROSO~1 C:\Documents and Settings\Dana\My Documents\MCROSO~1.NET C:\Documents and Settings\Dana\My Documents\RACLE~1 C:\Documents and Settings\Dana\My Documents\SCURIT~1 C:\Documents and Settings\Dana\My Documents\SEMBLY~1 C:\Documents and Settings\Dana\My Documents\SMANTE~1 C:\Documents and Settings\Dana\My Documents\SSEMBL~1 C:\Documents and Settings\Dana\My Documents\SSTEM3~1 C:\Documents and Settings\Dana\My Documents\STEM32~1 C:\Documents and Settings\Dana\My Documents\WNSXS~1 C:\Documents and Settings\Dana\My Documents\YMANTE~1 C:\Documents and Settings\Dana\My Documents\YMBOLS~1 C:\Documents and Settings\Dana\My Documents\YSTEM~1 C:\Documents and Settings\Dana\Start Menu\Programs\Outerinfo C:\Documents and Settings\Dana\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Dana\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Program Files\appatc~1 C:\Program Files\asks~1 C:\Program Files\Common Files\asembl~1 C:\Program Files\Common Files\asks~1 C:\Program Files\Common Files\crosof~1 C:\Program Files\Common Files\crosof~1.net C:\Program Files\Common Files\curity~1 C:\Program Files\Common Files\dobe~1 C:\Program Files\Common Files\dobe~1\DOBE~1\ctxad-526.0000 C:\Program Files\Common Files\dobe~1\DOBE~1\ctxad-526.0001 C:\Program Files\Common Files\dobe~1\DOBE~1\ctxad-526.0002 C:\Program Files\Common Files\dobe~1\DOBE~1\ctxad-526.0003 C:\Program Files\Common Files\dobe~1\DOBE~1\ctxad-526.0004 C:\Program Files\Common Files\dobe~1\fast.exe C:\Program Files\Common Files\ecurit~1 C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\fnts~2 C:\Program Files\Common Files\icroso~1 C:\Program Files\Common Files\mbols~1 C:\Program Files\Common Files\ppatch~1 C:\Program Files\Common Files\scurit~1 C:\Program Files\Common Files\sembly~1 C:\Program Files\Common Files\smante~1 C:\Program Files\Common Files\smbols~1 C:\Program Files\Common Files\ssembl~1 C:\Program Files\Common Files\sstem~1 C:\Program Files\Common Files\stem~1 C:\Program Files\Common Files\tsks~1 C:\Program Files\Common Files\wnsxs~1 C:\Program Files\Common Files\ymante~1 C:\Program Files\Common Files\ymbols~1 C:\Program Files\Common Files\ystem3~1 C:\Program Files\crosof~1 C:\Program Files\crosof~1.net C:\Program Files\curity~1 C:\Program Files\ecurit~1 C:\Program Files\fnts~1 C:\Program Files\icroso~1 C:\Program Files\mantec~1 C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\OiUninstaller.exe C:\Program Files\outerinfo\outerinfo.ico C:\Program Files\outerinfo\Terms.rtf C:\Program Files\pppatc~1 C:\Program Files\racle~1 C:\Program Files\racle~2 C:\Program Files\scurit~1 C:\Program Files\smante~1 C:\Program Files\ssembl~1 C:\Program Files\sstem~1 C:\Program Files\sstem3~1 C:\Program Files\stem~1 C:\Program Files\wnsxs~1 C:\Program Files\ymante~1 C:\Program Files\ystem~1 C:\Program Files\ystem3~1 C:\WINDOWS\appatc~1 C:\WINDOWS\asembl~1 C:\WINDOWS\BM2c413b37.xml C:\WINDOWS\cookies.ini C:\WINDOWS\dobe~1 C:\WINDOWS\ecurit~1 C:\WINDOWS\fnts~1 C:\WINDOWS\icroso~1 C:\WINDOWS\mantec~1 C:\WINDOWS\mbols~1 C:\WINDOWS\mcroso~1.net C:\WINDOWS\pskt.ini C:\WINDOWS\racle~1 C:\WINDOWS\racle~2 C:\WINDOWS\scurit~1 C:\WINDOWS\smante~1 C:\WINDOWS\sstem~1 C:\WINDOWS\sstem3~1 C:\WINDOWS\stem~1 C:\WINDOWS\system32\appatc~1 C:\WINDOWS\system32\asks~1 C:\WINDOWS\system32\awtrPiiI.dll C:\WINDOWS\system32\Cache C:\WINDOWS\system32\Cache\buts.bin C:\WINDOWS\system32\Cache\chart 1.bmp C:\WINDOWS\system32\Cache\comp40.bmp C:\WINDOWS\system32\Cache\creditcard.bmp C:\WINDOWS\system32\Cache\ding.bmp C:\WINDOWS\system32\Cache\disk 1.bmp C:\WINDOWS\system32\Cache\document.bmp C:\WINDOWS\system32\Cache\mail unreaded.bmp C:\WINDOWS\system32\Cache\msg.bin C:\WINDOWS\system32\Cache\peoples 1.bmp C:\WINDOWS\system32\Cache\search find 2.bmp C:\WINDOWS\system32\Cache\showbtn.bmp C:\WINDOWS\system32\Cache\showbtn1.bmp C:\WINDOWS\system32\Cache\showbtn12.bmp C:\WINDOWS\system32\Cache\showbtn123.bmp C:\WINDOWS\system32\Cache\showbtn1234.bmp C:\WINDOWS\system32\Cache\valentines copy.bmp C:\WINDOWS\system32\Cache\web app.bmp C:\WINDOWS\system32\Cache\web app1.bmp C:\WINDOWS\system32\cdjsgkhq.dll C:\WINDOWS\system32\commands.xml C:\WINDOWS\system32\crosof~1 C:\WINDOWS\system32\curity~1 C:\WINDOWS\system32\dobe~1 C:\WINDOWS\system32\ecurit~1 C:\WINDOWS\system32\eoswuith.dll C:\WINDOWS\system32\eyripkkd.ini C:\WINDOWS\system32\fnts~1 C:\WINDOWS\system32\fvqjjomy.ini C:\WINDOWS\system32\htiuwsoe.ini C:\WINDOWS\system32\icroso~1 C:\WINDOWS\system32\litypbxf.ini C:\WINDOWS\system32\ljJDTJBU.dll C:\WINDOWS\system32\mbols~1 C:\WINDOWS\system32\mcroso~1 C:\WINDOWS\system32\minpflkr.ini C:\WINDOWS\system32\mslink.dll C:\WINDOWS\system32\muscira.dll C:\WINDOWS\system32\netdde.dll C:\WINDOWS\system32\njinvveq.dll C:\WINDOWS\system32\ppatch~1 C:\WINDOWS\system32\pppatc~1 C:\WINDOWS\system32\qhkgsjdc.ini C:\WINDOWS\system32\racle~1 C:\WINDOWS\system32\racle~2 C:\WINDOWS\system32\rklfpnim.dll C:\WINDOWS\system32\rmxb.dll C:\WINDOWS\system32\sembly~1 C:\WINDOWS\system32\smante~1 C:\WINDOWS\system32\smante~1\n?lookup.exe C:\WINDOWS\system32\smbols~1 C:\WINDOWS\system32\ssembl~1 C:\WINDOWS\system32\sstem~1 C:\WINDOWS\system32\sstem3~1 C:\WINDOWS\system32\stem~1 C:\WINDOWS\system32\tjpprgrg.dll C:\WINDOWS\system32\tqihvuat.dll C:\WINDOWS\system32\UBJTDJjl.ini C:\WINDOWS\system32\UBJTDJjl.ini2 C:\WINDOWS\system32\udqxhevs.ini C:\WINDOWS\system32\urqQhEvT.dll C:\WINDOWS\system32\vivoisog.dll C:\WINDOWS\system32\wnsxs~1 C:\WINDOWS\system32\ymbols~1 C:\WINDOWS\system32\ymojjqvf.dll C:\WINDOWS\tsks~1 C:\WINDOWS\wnsxs~1 C:\WINDOWS\ymbols~1 C:\WINDOWS\ystem~1 C:\WINDOWS\ystem3~1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RUNTIME -------\Legacy_RUNTIME2 ((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))) . 2008-06-13 09:15 . 2008-06-13 09:15 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\Apple Computer 2008-06-12 20:13 . 2008-06-12 20:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-12 19:45 . 2008-06-12 19:46 <DIR> d-------- C:\WINDOWS\3DEBCFB2389E419C842E15501ACC8C93.TMP 2008-06-12 19:43 . 2008-06-12 19:43 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Prevx 2008-06-12 19:42 . 2008-06-12 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-06-12 01:42 . 2008-06-12 01:42 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-06-11 11:53 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-08 20:03 . 2008-06-08 20:03 <DIR> d-------- C:\Program Files\Microsoft Games 2008-06-08 19:58 . 2008-06-08 19:59 <DIR> d-------- C:\Program Files\HeadGames 2008-06-06 23:45 . 2008-04-06 14:30 <DIR> d-------- C:\Program Files\Common Files\�ppPatch 2008-06-03 21:08 . 2008-06-03 21:08 <DIR> d-------- C:\Logs 2008-06-03 14:30 . 2008-06-03 14:30 <DIR> d-------- C:\Program Files\World of Warcraft 2008-06-03 14:30 . 2008-06-03 14:30 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-05-29 16:11 . 2008-05-29 16:13 129 --a------ C:\WINDOWS\kaillera.ini 2008-05-13 19:02 . 2008-05-13 19:02 <DIR> d-------- C:\Documents and Settings\Dana\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-07 03:45 --------- d-----w C:\Program Files\Common Files\??pPatch 2008-05-13 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-13 00:51 --------- d-----w C:\Program Files\Apple Software Update 2008-05-13 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-05-12 23:43 --------- d-----w C:\Program Files\QuickTime 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-25 19:00 --------- d-----w C:\Program Files\C-Media 2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-21 07:04 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2008-04-21 07:04 615,936 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-04-21 07:04 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2008-04-21 07:04 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2008-04-21 07:04 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2008-04-21 07:04 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2008-04-21 07:04 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-21 07:04 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2008-04-21 07:04 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-04-21 07:03 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2008-04-21 07:03 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2008-04-21 07:03 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2008-04-21 07:03 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2008-04-21 07:03 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2008-04-21 07:03 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2008-04-21 07:03 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-04-21 07:03 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll 2008-04-21 07:03 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-04-16 00:17 --------- d-----w C:\Documents and Settings\Dana\Application Data\My Games 2008-04-15 19:21 --------- d-----w C:\Documents and Settings\Nick\Application Data\My Games 2008-04-15 19:05 --------- d-----w C:\Program Files\Firaxis Games 2008-04-14 11:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-03-27 17:50 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2005-09-29 20:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2005-05-30 14:01 88,576 --sh--r C:\Documents and Settings\NetworkService\Application Data\ctan.exe 2005-05-09 15:51 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2005-04-21 20:00 280,064 ----a-w C:\Documents and Settings\Tony\Application Data\tizhook.bin 2005-04-21 20:00 152,804 ----a-w C:\Documents and Settings\Tony\Application Data\tizupd.bin 2005-04-20 19:26 280,064 ----a-w C:\Documents and Settings\Dana\Application Data\tizhook.bin 2005-04-20 19:26 152,804 ----a-w C:\Documents and Settings\Dana\Application Data\tizupd.bin 2005-04-20 17:14 280,064 ----a-w C:\Documents and Settings\Nick\Application Data\tizhook.bin 2005-04-20 17:14 152,804 ----a-w C:\Documents and Settings\Nick\Application Data\tizupd.bin 2004-08-30 04:41 456 ----a-w C:\Program Files\INSTALL.LOG 2004-03-21 00:04 40,960 --sha-w C:\WINDOWS\lbbho.dll 2005-05-25 13:17 430,080 --sh--r C:\WINDOWS\system32\w?nspool.exe 2006-04-13 22:12 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-04-13 22:12 56 --sh--r C:\WINDOWS\system32\AA808BCAAF.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CF9DDF1-6044-319F-6802-1EB329B854B6}] 2005-04-21 10:42 163840 --a------ C:\WINDOWS\system32\udectbd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="" [] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 20:04 5562368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "anvshell"="anvshell.exe" [] "zSPGuard"="c:\program files\pjw\spguard\spguard.exe" [ ] "nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-06 22:14 100056] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-07 21:02 180269] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-13 13:20 59040] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384] "C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-12 19:43 413696] "PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SSS6_Suite"="C:\Program Files\Steganos Security Suite 6\sss.exe" [ ] "SSS6_SAFE"="C:\Program Files\Steganos Security Suite 6\safe.exe" [ ] "SSS6_SPM"="C:\Program Files\Steganos Security Suite 6\spm.exe" [ ] "Jfpocj"="C:\WINDOWS\system32\w?nspool.exe" [2001-09-26 04:30 2112] "Euba"="C:\Program Files\sraa\ctan.exe" [ ] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 20:04 5562368] C:\Documents and Settings\Dana\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2005-07-18 20:01:08 256000] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ CreataCard Gold 2 Forget Me Not Reminders.lnk - C:\Program Files\CreataCard\Gold\FMRMD32.EXE [2004-05-27 15:11:12 55296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXPji] fccaXPji.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= netdde.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I263"= i263_32.drv "SENTINEL"= snti386.dll "VIDC.CTRX"= ctrxvid.drv "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2006-11-07 11:29 50736 C:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2006-04-13 13:20 59040 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 05:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] --a------ 2006-09-07 21:02 208941 C:\Program Files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-09-07 21:02 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2005-02-24 11:57 2506752 C:\Program Files\Yahoo!\Messenger\ypager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\WINDOWS\\System32\\lexpps.exe"= "C:\\Program Files\\messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "94:TCP"= 94:TCP:VRS Recording System Web Control Panel "81:TCP"= 81:TCP:Axon Virtual PBX Web Server R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 02:14] S3 gAGP440p;gAGP440p;C:\DOCUME~1\Nick\LOCALS~1\Temp\gAGP440p.sys [] . Contents of the 'Scheduled Tasks' folder "2008-06-13 18:56:34 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2008-06-07 02:01:04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Nick.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-06-10 21:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 15:18:13 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\WgaTray.exe . ************************************************************************ . Completion time: 2008-06-13 15:21:07 - machine was rebooted [Nick] ComboFix-quarantined-files.txt 2008-06-13 19:21:04 Pre-Run: 1,240,825,856 bytes free Post-Run: 1,141,866,496 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 432 --- E O F --- 2008-06-12 05:42:16 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:48:11 PM, on 6/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\Mixer.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\WISPTIS.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9CF9DDF1-6044-319F-6802-1EB329B854B6} - C:\WINDOWS\system32\udectbd.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'Default user') O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\FMRMD32.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O20 - AppInit_DLLs: netdde.dll O20 - Winlogon Notify: fccaXPji - fccaXPji.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 7842 bytes KASPERSKY ONLINE SCANNER 7 REPORT Friday, June 13, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, June 13, 2008 18:36:27 Records in database: 860715 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ Scan statistics Files scanned 99220 Threat name 38 Infected objects 155 Suspicious objects 0 Duration of the scan 02:32:50 File name Threat name Threats count C:\WINDOWS\system32\udectbd.dll/C:\WINDOWS\system32\udectbd.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1 C:\WINDOWS\system32\udectbd.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1 C:\WINDOWS\system32\wіnspool.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ca 1 C:\WINDOWS\system32\~.exe Infected: Trojan-Downloader.Win32.Agent.bga 1 C:\WINDOWS\lbbho.dll Infected: not-a-virus:AdWare.Win32.RelatedLinks.d 1 C:\Documents and Settings\NetworkService\Application Data\ctan.exe Infected: Trojan-Downloader.Win32.PurityScan.bc 1 C:\Documents and Settings\Nick\Application Data\tizupd.bin Infected: not-a-virus:AdWare.Win32.PurityScan.w 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv325.jar-16755cfa-47a7aa44.zip Infected: Trojan-Downloader.Java.OpenStream.c 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-35d226fb-1d509d96.zip Infected: Trojan.Java.ClassLoader.k 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-366118ff-36795e9e.zip Infected: Trojan.Java.ClassLoader.ak 2 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-366118ff-36795e9e.zip Infected: Trojan-Downloader.Java.OpenConnection.ah 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-48ec748c.zip Infected: Trojan.Java.ClassLoader.aq 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-48ec748c.zip Infected: Trojan-Downloader.Java.OpenStream.z 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-445c4b18-4ace2ada.zip Infected: Trojan.Java.ClassLoader.ao 3 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-686cd5c0-1abddba6.zip Infected: Trojan.Java.ClassLoader.aq 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-686cd5c0-1abddba6.zip Infected: Trojan-Downloader.Java.OpenStream.z 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-79d29352.zip Infected: Trojan.Java.ClassLoader.ao 3 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-4293731d.zip Infected: Trojan.Java.ClassLoader.i 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-4293731d.zip Infected: Trojan.Java.ClassLoader.k 2 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\1\7f5fb3c1-6ebf8e88 Infected: Trojan-Downloader.Java.OpenStream.c 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\1\7f5fb3c1-6ebf8e88 Infected: Trojan.Java.ClassLoader.h 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\1\7f5fb3c1-6ebf8e88 Infected: Trojan.Java.ClassLoader.d 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\3\3b5b3043-29d3ed1b Infected: Trojan.Java.ClassLoader.ak 2 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\3\3b5b3043-29d3ed1b Infected: Trojan-Downloader.Java.OpenConnection.ah 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\14\444964e-30bda59f Infected: Trojan.Java.ClassLoader.k 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\15\a91cf4f-7d9f9b51 Infected: Trojan.Java.ClassLoader.aq 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\15\a91cf4f-7d9f9b51 Infected: Trojan-Downloader.Java.OpenStream.z 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-71c49067 Infected: Trojan.Java.ClassLoader.ao 3 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\23\1d19b497-73b38265 Infected: Trojan.Java.ClassLoader.ao 3 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-4065b8fd Infected: Trojan.Java.ClassLoader.i 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-4065b8fd Infected: Trojan.Java.ClassLoader.k 2 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\25\2365d359-415d4f05 Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\37\19b63ba5-1658c87f Infected: Trojan.Java.ClassLoader.ao 3 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\44\65cf59ac-253ed0fa Infected: Trojan-Downloader.Java.OpenConnection.aj 2 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\44\65cf59ac-253ed0fa Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\49\4db115b1-34562f79 Infected: Trojan.Java.ClassLoader.aq 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\49\4db115b1-34562f79 Infected: Trojan-Downloader.Java.OpenStream.z 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\61\452ed83d-56edb193 Infected: Trojan-Downloader.Java.OpenStream.c 1 C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\6.0\62\70a93cfe-721e9a32 Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\Tony\Application Data\tizupd.bin Infected: not-a-virus:AdWare.Win32.PurityScan.w 1 C:\Documents and Settings\Dana\My Documents\LimeWire\Saved\breathe me sia.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Dana\Desktop\Piano Music and Other Music\Limewire Music\breathe me sia.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-2d7ba12b.zip Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-2d7ba12b.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-103b68b7.zip Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-103b68b7.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-25df0b80-36196719.zip Infected: Trojan.Java.Femad 1 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-25df0b80-36196719.zip Infected: Trojan-Downloader.Win32.Small.dmj 1 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\6.0\20\7c7c4754-56479d7a Infected: Trojan.Java.Femad 1 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\6.0\20\7c7c4754-56479d7a Infected: Trojan-Downloader.Win32.Small.dmj 1 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\6.0\34\61118e2-3e85bb8e Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\6.0\34\61118e2-3e85bb8e Infected: Trojan-Downloader.Java.OpenConnection.aa 1 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\6.0\41\200ae869-5fd21d64 Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\cache\6.0\41\200ae869-5fd21d64 Infected: Trojan-Downloader.Java.OpenConnection.aa 1 C:\Documents and Settings\Dana\Application Data\tizupd.bin Infected: not-a-virus:AdWare.Win32.PurityScan.w 1 C:\Program Files\Norton AntiVirus\Quarantine\72C2280C.cla Infected: Exploit.Java.ByteVerify 1 C:\Program Files\Norton AntiVirus\Quarantine\72C65208.cla Infected: Exploit.Java.ByteVerify 1 C:\Program Files\Norton AntiVirus\Quarantine\21153AE1.cla Infected: Trojan.Java.Femad 1 C:\Program Files\Norton AntiVirus\Quarantine\2A572B29.tmp Infected: Exploit.Java.ByteVerify 1 C:\Program Files\Norton AntiVirus\Quarantine\5BC527E5.tmp Infected: Exploit.Java.ByteVerify 1 C:\Program Files\Norton AntiVirus\Quarantine\04195E72.tmp Infected: Trojan.Java.Femad 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1590\A0353096.exe Infected: not-a-virus:AdWare.Win32.PurityScan.id 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1589\A0353032.dll Infected: not-a-virus:AdWare.Win32.PurityScan.if 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1589\A0353033.exe Infected: not-a-virus:AdWare.Win32.PurityScan.id 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1589\A0353035.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1591\A0354082.dll Infected: not-a-virus:AdWare.Win32.PurityScan.if 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1553\A0348190.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1553\A0348191.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1553\A0348191.exe Infected: not-a-virus:AdWare.Win32.PurityScan.bu 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1553\A0349182.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1595\A0354304.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1595\A0354305.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1595\A0354306.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1595\A0354307.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1595\A0354308.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1595\A0355460.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1571\A0349885.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1571\A0349886.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1571\A0349890.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1572\A0349925.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1572\A0349929.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1572\A0349951.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1578\A0350167.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1578\A0350168.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1578\A0350172.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1582\A0350310.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1582\A0350313.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355640.exe Infected: Trojan-Downloader.Win32.PurityScan.ek 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355641.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hh 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355644.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355645.exe Infected: not-a-virus:AdWare.Win32.PurityScan.id 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355646.dll Infected: Trojan-Downloader.Win32.Agent.bga 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355647.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.en 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355650.DLL Infected: Trojan-Clicker.Win32.Agent.kl 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355651.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.if 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355652.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355653.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355654.DLL Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355655.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355656.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355657.DLL Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355658.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355659.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355660.DLL Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1598\A0355661.dll Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1558\A0349516.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1558\A0349520.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1558\A0349547.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1559\A0349560.dll Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1562\A0349670.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.hk 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1562\A0349671.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl 1 C:\System Volume Information\_restore{D689DE2D-9230-4244-870D-AE9ECC6AE91F}\RP1562\A0349675.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1 C:\QooBox\Quarantine\C\Program Files\Common Files\DOBE~1\fast.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ek 1 C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hh 1 C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1 C:\QooBox\Quarantine\C\WINDOWS\system32\SMANTE~1\nѕlookup.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.id 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mslink.dll.vir Infected: Trojan-Downloader.Win32.Agent.bga 1 C:\QooBox\Quarantine\C\WINDOWS\system32\netdde.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.en 1 C:\QooBox\Quarantine\C\WINDOWS\system32\muscira.dll.vir Infected: Trojan-Clicker.Win32.Agent.kl 1 C:\QooBox\Quarantine\C\WINDOWS\system32\rmxb.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.if 1 C:\QooBox\Quarantine\C\WINDOWS\system32\awtrPiiI.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\cdjsgkhq.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\eoswuith.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\njinvveq.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\Quarantine\C\WINDOWS\system32\rklfpnim.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\QooBox\