Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! 14+ trojans, 97+ spyware

Started by LadyDavis , Nov 14 2007 08:22 AM

  • Please log in to reply

#1
LadyDavis
Posted 14 November 2007 - 08:22 AM

LadyDavis

    New Member

  • Member
  • Pip
  • 3 posts
Wow, okay, so the title says it all. I don't even know how I'm connected to the internet, much less typing.

Win32/NetMon.A
Win32/Matcash.BR
Win32/Clspring!generic
Win32/Matcash.BP
(Matcash.BP is running from "Winable.exe" and "b122.exe")
Java/ByteVerify!exploit
2 more Matcash BP
1 more NetMon.A
Another ClSpring!generic
Win32/Clspring.GZ
Win32/Matcash.BU
Another Matcash.BR
Another Matcash.BP


I have CA Security Suite that Road Runner offers, and it stopped deleting the trojans after 11/5. The Anti-Virus Log is below. Plus a few more viruses that I'm suspicious about. The background on this is that I called Microsoft about six months ago because I was having an e-mail issue, and the woman helped me fix it (data file routed to removable storage drive = corrupt user interface). So, she also told me that my computer was running slowly (she was remotely controlling my desktop) and told me I didn't need Anti-virus or Spy-ware if I have IE 7 because it blocks it all itself as long as I keep all the safety restrictions on etc etc etc. So like an idiot, I believed her and took my crap off and Ta-Da! Instantly fast computer.

It was fine, until about 3 weeks ago, it started to slow down and I was getting internet pop-ups without an internet window being open.

I went to Trend-Micro (because I work from home over the internet) scanned my poor comp. "Holy Cow" my boss says when I tell him what was infected.

So here's the GOOD NEWS!

I have ALL of my original disks/registry keys/drivers/software that I use and ALL of my info is backed up on flash drives (documents, pictures, saved e-mails, blah blah blah) So I basically have a BASIC system that I'm okay to wipe out and start over. Yeah, that's the only good news.

Okay, anti-virus log and HiJackThis log (it's my first time, be nice):

11/5/2007 14:45:36 PM File infection: C:\Program Files\Network Monitor\netmon.exe is Win32/NetMon.A trojan.
11/5/2007 14:45:36 PM File infection: C:\Program Files\Network Monitor\netmon.exe is Win32/NetMon.A trojan.
11/5/2007 14:45:57 PM File infection: C:\WINDOWS\mrofinu72.exe is Win32/Matcash.BR trojan. Deleted
11/5/2007 14:45:58 PM File infection: C:\WINDOWS\mrofinu72.exe is Win32/Matcash.BR trojan.
11/5/2007 14:45:58 PM File infection: C:\WINDOWS\mrofinu72.exe is Win32/Matcash.BR trojan.
11/5/2007 14:45:59 PM File infection: C:\WINDOWS\mrofinu72.exe is Win32/Matcash.BR trojan.
11/5/2007 14:46:00 PM File infection: C:\WINDOWS\mrofinu72.exe is Win32/Matcash.BR trojan.
11/5/2007 14:46:01 PM File infection: C:\WINDOWS\mrofinu72.exe is Win32/Matcash.BR trojan.
11/5/2007 14:46:02 PM File infection: C:\WINDOWS\mrofinu72.exe is Win32/Matcash.BR trojan.
11/5/2007 14:46:06 PM File infection: C:\PROGRA~1\ECURIT~1\smss.exe is Win32/Clspring!generic trojan. Deleted
11/5/2007 14:46:07 PM File infection: C:\PROGRA~1\ECURIT~1\smss.exe is Win32/Clspring!generic trojan.
11/5/2007 14:46:08 PM File infection: C:\PROGRA~1\ECURIT~1\smss.exe is Win32/Clspring!generic trojan.
11/5/2007 14:46:08 PM File infection: C:\PROGRA~1\ECURIT~1\smss.exe is Win32/Clspring!generic trojan.
11/5/2007 14:46:09 PM File infection: C:\PROGRA~1\ECURIT~1\smss.exe is Win32/Clspring!generic trojan.
11/5/2007 14:46:09 PM File infection: C:\PROGRA~1\ECURIT~1\smss.exe is Win32/Clspring!generic trojan.
11/5/2007 14:46:10 PM File infection: C:\PROGRA~1\ECURIT~1\smss.exe is Win32/Clspring!generic trojan.
11/5/2007 14:46:10 PM File infection: C:\Program Files\WinAble\winable.exe is Win32/Matcash.BP trojan. Deleted
11/5/2007 14:46:11 PM File infection: C:\Program Files\WinAble\winable.exe is Win32/Matcash.BP trojan.
11/5/2007 14:46:14 PM File infection: C:\Program Files\WinAble\winable.exe is Win32/Matcash.BP trojan.
11/5/2007 14:46:15 PM File infection: C:\Program Files\WinAble\winable.exe is Win32/Matcash.BP trojan.
11/5/2007 14:46:15 PM File infection: C:\Program Files\WinAble\winable.exe is Win32/Matcash.BP trojan.
11/5/2007 14:46:15 PM File infection: C:\Program Files\WinAble\winable.exe is Win32/Matcash.BP trojan.
11/5/2007 14:46:16 PM File infection: C:\Program Files\WinAble\winable.exe is Win32/Matcash.BP trojan.
11/5/2007 14:48:57 PM File infection: C:\windows\b122.exe is Win32/Matcash.BP trojan. Deleted
11/5/2007 14:48:57 PM File infection: C:\windows\b122.exe is Win32/Matcash.BP trojan.
11/5/2007 14:48:57 PM File infection: C:\windows\b122.exe is Win32/Matcash.BP trojan.
11/5/2007 14:48:57 PM File infection: C:\windows\b122.exe is Win32/Matcash.BP trojan.
11/5/2007 14:48:57 PM File infection: C:\windows\b122.exe is Win32/Matcash.BP trojan.
11/5/2007 14:48:58 PM File infection: C:\program files\temporary\wininstall.exe is Win32/Matcash.BP trojan. Deleted
11/5/2007 14:48:58 PM File infection: C:\program files\temporary\wininstall.exe is Win32/Matcash.BP trojan.
11/5/2007 14:48:58 PM File infection: C:\program files\temporary\wininstall.exe is Win32/Matcash.BP trojan.
11/5/2007 14:48:58 PM File infection: C:\program files\temporary\wininstall.exe is Win32/Matcash.BP trojan.
11/5/2007 14:48:58 PM File infection: C:\program files\temporary\wininstall.exe is Win32/Matcash.BP trojan.
11/5/2007 15:29:37 PM File infection: C:\Documents and Settings\JTDAVIS\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-4c83be21 is Java/ByteVerify!exploit trojan. Deleted
11/5/2007 15:29:38 PM File infection: C:\Documents and Settings\JTDAVIS\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-4c83be21 is Java/ByteVerify!exploit trojan.
11/5/2007 15:29:38 PM File infection: C:\Documents and Settings\JTDAVIS\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-4c83be21 is Java/ByteVerify!exploit trojan.
11/5/2007 15:29:38 PM File infection: C:\Documents and Settings\JTDAVIS\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-4c83be21 is Java/ByteVerify!exploit trojan.
11/5/2007 15:29:38 PM File infection: C:\Documents and Settings\JTDAVIS\Application Data\Sun\Java\Deployment\cache\6.0\3\6edc3c83-4c83be21 is Java/ByteVerify!exploit trojan.
11/5/2007 15:51:32 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 15:51:33 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 15:51:33 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 15:51:33 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 15:51:33 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 15:51:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/5/2007 15:51:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/5/2007 15:51:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/5/2007 15:51:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/5/2007 15:51:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/5/2007 15:51:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/5/2007 15:51:35 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/5/2007 15:51:35 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/5/2007 15:51:35 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/5/2007 15:51:35 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/5/2007 15:51:36 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:36 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:36 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:36 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:37 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:37 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:37 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:37 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:37 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:38 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:38 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:38 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:38 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:38 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:39 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/5/2007 15:51:39 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/5/2007 15:51:39 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/5/2007 15:51:39 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/5/2007 15:51:39 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/5/2007 15:51:40 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/5/2007 16:07:14 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 16:23:36 PM File infection: C:\DOCUME~1\SAMANT~1\LOCALS~1\Temp\UE.exe is Win32/Clspring!generic trojan.
11/5/2007 16:23:36 PM File infection: C:\DOCUME~1\SAMANT~1\LOCALS~1\Temp\UE.exe is Win32/Clspring!generic trojan.
11/5/2007 16:23:36 PM File infection: C:\DOCUME~1\SAMANT~1\LOCALS~1\Temp\UE.exe is Win32/Clspring!generic trojan.
11/5/2007 17:17:49 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 18:02:14 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 18:49:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 19:49:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 20:49:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 21:49:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 22:49:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/5/2007 23:49:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/6/2007 6:43:26 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/6/2007 11:36:04 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/6/2007 15:51:59 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/6/2007 18:39:22 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/6/2007 19:28:05 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/6/2007 20:28:05 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/6/2007 22:11:55 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/6/2007 22:28:05 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/7/2007 13:20:28 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/7/2007 13:28:53 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/7/2007 14:29:58 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/7/2007 18:28:53 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/7/2007 19:31:26 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/8/2007 6:37:18 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/8/2007 9:03:03 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/8/2007 11:46:14 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/8/2007 13:08:56 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/8/2007 16:51:01 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 7:37:29 AM File infection: C:\Documents and Settings\Samantha Davis\Application Data\WinTouch\WinTouch.exe is Win32/Matcash.BU trojan.
11/9/2007 7:37:29 AM File infection: C:\Documents and Settings\Samantha Davis\Application Data\WinTouch\WinTouch.exe is Win32/Matcash.BU trojan.
11/9/2007 7:37:43 AM File infection: C:\documents and settings\samantha davis\application data\wintouch\WinTouch.exe is Win32/Matcash.BU trojan.
11/9/2007 7:37:43 AM File infection: C:\documents and settings\samantha davis\application data\wintouch\WinTouch.exe is Win32/Matcash.BU trojan.
11/9/2007 7:37:43 AM File infection: C:\documents and settings\samantha davis\application data\wintouch\WTUninstaller.exe is Win32/Matcash.BU trojan.
11/9/2007 7:37:43 AM File infection: C:\documents and settings\samantha davis\application data\wintouch\WTUninstaller.exe is Win32/Matcash.BU trojan.
11/9/2007 13:08:12 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 13:26:40 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 14:35:53 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 16:13:09 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 16:26:40 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 17:32:12 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 18:26:40 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 19:26:40 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 20:26:40 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 21:34:16 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/9/2007 23:26:40 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 0:26:40 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 10:50:18 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 11:38:49 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 12:39:54 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 14:12:30 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 14:38:49 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 16:26:10 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 16:38:49 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 17:38:49 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 18:39:54 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 19:38:49 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 21:15:12 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/10/2007 23:38:49 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 11:31:40 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 12:11:08 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 13:09:21 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 14:08:16 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 16:46:20 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 16:46:20 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 16:46:21 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 16:46:21 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 16:46:21 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/11/2007 16:46:21 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/11/2007 16:46:22 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/11/2007 16:46:22 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/11/2007 16:46:22 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/11/2007 16:46:23 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/11/2007 16:46:23 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/11/2007 16:46:24 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/11/2007 16:46:24 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/11/2007 16:46:24 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/11/2007 16:46:25 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/11/2007 16:46:25 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:26 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:26 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:26 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:27 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:27 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:27 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:28 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:28 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:29 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:29 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:30 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:30 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:30 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:31 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/11/2007 16:46:31 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/11/2007 16:46:32 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/11/2007 16:46:32 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/11/2007 16:46:33 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/11/2007 16:46:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/11/2007 16:47:52 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:52 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:53 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:53 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:53 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:54 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:54 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:55 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:56 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:56 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/11/2007 16:47:57 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/11/2007 16:47:57 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/11/2007 16:47:57 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/11/2007 16:47:57 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/11/2007 16:47:57 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/11/2007 17:25:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/12/2007 8:45:35 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/12/2007 12:06:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/12/2007 12:55:39 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/12/2007 13:54:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/12/2007 16:16:46 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/12/2007 16:55:39 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/12/2007 18:53:14 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/12/2007 20:06:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 10:20:09 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 10:32:07 AM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 12:15:11 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 12:33:12 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 15:55:59 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 15:56:00 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 15:56:00 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 15:56:00 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 15:56:01 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 15:56:01 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/13/2007 15:56:02 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/13/2007 15:56:02 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/13/2007 15:56:03 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/13/2007 15:56:03 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107163.exe is Win32/Matcash.BR trojan.
11/13/2007 15:56:03 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/13/2007 15:56:04 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/13/2007 15:56:04 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/13/2007 15:56:04 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/13/2007 15:56:04 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107164.exe is Win32/Clspring!generic trojan.
11/13/2007 15:56:05 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:05 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:05 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:05 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107165.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:07 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:07 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107166.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:07 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:08 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:09 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:09 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:09 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107167.exe is Win32/Matcash.BP trojan.
11/13/2007 15:56:10 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/13/2007 15:56:10 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/13/2007 15:56:11 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/13/2007 15:56:11 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/13/2007 15:56:11 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107180.exe is Win32/Clspring.GZ trojan.
11/13/2007 15:57:27 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:28 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:28 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:28 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:28 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109306.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:29 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:29 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:29 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:30 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:30 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109307.exe is Win32/Matcash.BU trojan.
11/13/2007 15:57:31 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/13/2007 15:57:32 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/13/2007 15:57:32 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/13/2007 15:57:33 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/13/2007 15:57:33 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP832\A0109310.exe is Win32/Matcash.BT trojan.
11/13/2007 16:19:46 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 18:30:34 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 19:13:06 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 21:07:50 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.
11/13/2007 21:25:32 PM File infection: C:\System Volume Information\_restore{BAF37F92-D225-4A1B-BB32-435DD3CC578B}\RP827\A0107161.exe is Win32/NetMon.A trojan.

That's the end of the Anti-virus and now, I'll attempt the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:51 AM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\myTenKey4\myTenKey4.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\??crosoft.NET\n?tepad.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: (no name) - {C6F9F54B-1BF0-3C55-D85D-4AE600815CB1} - C:\WINDOWS\system32\ved.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [myTenKey] C:\Program Files\myTenKey4\myTenKey4.exe /start
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Ithc] "C:\PROGRA~1\ECURIT~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Lmzyzc] C:\WINDOWS\system32\??crosoft.NET\n?tepad.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/se...an/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1182487787562
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse...opcaploader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Extention Manager - Unknown owner - C:\WINDOWS\system32\mdmcls32.exe (file missing)

--
End of file - 10502 bytes

Edited by LadyDavis, 15 November 2007 - 06:32 PM.

  • 0

Advertisements

#2
LadyDavis
Posted 14 November 2007 - 08:30 AM

LadyDavis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ok well, there was a bunch here, but alas, it was to big to post. Anyways, attached is the .txt files because I ran a Kapersky(sp) scan and created a log after reading through some other posts.

Attached Files


Edited by LadyDavis, 14 November 2007 - 01:47 PM.

  • 0

#3
LadyDavis
Posted 14 November 2007 - 01:48 PM

LadyDavis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Cont'd File:

Attached Files


  • 0

#4
ScHwErV
Posted 11 December 2007 - 12:38 PM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Seems like you have a lot of fun stuff happening here. If you still need help with your problem, just reply back and let me know.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP