Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or start a new topic of your own. Joining allows you to enjoy all this forum has to offer. Learn more in our 
I was told to repost this here.
So a couple of days ago my desktop and taskbar dissappeared and after looking around on the internet I found out it was explorer.exe. I've been using the task manager to start explorer.exe ever since and now the desktop and taskbar flash on and off. I can't really do much because the only restore point is right when the flashes occured and it is a borrowed laptop so I don't have the windows xp cd. I really need this laptop to do work and even typing out this paragraph is really difficult.
Please help.
Here is my HijackThis Log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:24 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\command.exe
c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
c:\Program Files\CA\eTrust Antivirus\InoRT.exe
c:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\timeserv.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon .exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\NWTRAY .EXE
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\?dobe\w?auboot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\ASEMBL~1\javaw.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ASEMBL~1\javaw.exe
C:\PROGRA~1\ASEMBL~1\javaw.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://insideto.toronto.ca
F3 - REG:win.ini: load=C:\WINDOWS\system32\iiiih.exe
O4 - HKLM\..\Run: [Realtime Monitor] c:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://insideto.toronto.ca
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE1281D-8A39-49F8-8009-F4575839E73D}: Domain = toronto.ca
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\command.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 5428 bytes
Page 1 of 1
- Join to reply or start a new topic
-
This topic is locked
explorer.exe [RESOLVED] desktop and taskbar missing
#1
- New Member
-
- Group: Member
- Posts: 7
- Joined: 24-January 08
- Operating System:windows xp
Posted 24 January 2008 - 10:22 PM
#2
- Ralphie
-
- Group: GeekU Moderator
- Posts: 47,362
- Joined: 23-March 07
- Location:Dublin
- Operating System:XP
Posted 25 January 2008 - 10:24 AM
Hello
CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES
Please go here:
The Spy Killer Forum
Thank you!
Download ComboFix from one of the locations below, and save it to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES
Please go here:
The Spy Killer Forum
- Click on "New Topic"
- Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\iiiih.exe"
- Put a link to this topic in the description box.
- Then next to the file box, at the bottom, click the browse button, then navigate to this file:
- C:\WINDOWS\system32\iiiih.exe
- Click Open.
- Click Post.
Thank you!
Download ComboFix from one of the locations below, and save it to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
#3
- New Member
-
- Group: Member
- Posts: 7
- Joined: 24-January 08
- Operating System:windows xp
Posted 25 January 2008 - 03:08 PM
The desktop seems to be working now. Here are the logs for combofix and hijackthis:
ComboFix 08-01-23.1C - admin 2008-01-25 15:23:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.176 [GMT -5:00]
Running from: C:\Documents and Settings\admin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\admin\Application Data\SpyGuardPro
C:\Documents and Settings\admin\Application Data\SpyGuardPro\Logs\threats.log
C:\Documents and Settings\admin\Application Data\SpyGuardPro\Logs\update.log
C:\Documents and Settings\admin\Local Settings\Temp\winvsnet .exe
C:\Documents and Settings\admin\Local Settings\Temp\winvsnet.exe
C:\Documents and Settings\admin\Start Menu\Programs\Outerinfo
C:\Documents and Settings\admin\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
c:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\asembl~1
C:\Program Files\asembl~1\a?sembly\
C:\Program Files\asembl~1\javaw .exe
C:\Program Files\asembl~1\javaw.exe
C:\Program Files\BGInfo\bginfo .exe
C:\Program Files\BGInfo\bginfo.exe
C:\Program Files\CA\eTrust Antivirus\realmon .exe
C:\Program Files\CA\eTrust Antivirus\realmon.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Internet Explorer\laduxan.dll
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetMeeting\horef4444.dll
C:\Program Files\NetMeeting\horef83122.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SpyGuardPro
C:\Program Files\SpyGuardPro\history.db
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR .exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\BMMLREF .EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\EzEjMnAp .Exe
C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
C:\SxpInst\sxpstub .exe
C:\SxpInst\sxpstub.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\w?auboot.exe
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\\asappsrv.dll
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\\command.exe
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\\kZ5Xym1St21ovaLSvBlS.vbs
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\command.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\dpmw32 .exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\efcdeee.dll
C:\WINDOWS\system32\hiiii.ini
C:\WINDOWS\system32\hiiii.ini2
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ICO .EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\iiiih.dll
C:\WINDOWS\system32\iiiih.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnkjhf.dll
C:\WINDOWS\system32\NWTRAY .EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\RCX39.tmp
C:\WINDOWS\system32\RCX56.tmp
C:\WINDOWS\system32\RCX68.tmp
C:\WINDOWS\system32\RCXC.tmp
C:\WINDOWS\system32\RCXD.tmp
C:\WINDOWS\system32\rqrrqrs.dll
C:\WINDOWS\system32\tp4ex .exe
C:\WINDOWS\system32\tp4ex.exe
C:\WINDOWS\system32\TpShocks .exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\xwrdjhlg.dll
C:\WINDOWS\Temp\RecoverFromReboot .exe
C:\WINDOWS\Temp\RecoverFromReboot.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\UTLite33 .exe
C:\WINDOWS\UTLite33.exe
.
----- BITS: Possible infected sites -----
hxxp://javadl.sun.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-25 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 23:11 . 2008-01-24 23:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 13:24 . 2008-01-22 13:33 <DIR> d-------- C:\Program Files\RegCure
2008-01-21 19:03 . 2008-01-25 15:36 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-21 19:03 . 2008-01-21 19:03 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-21 19:00 . 2008-01-21 19:00 <DIR> d-------- C:\WINDOWS\system32\vx2
2008-01-21 19:00 . 2008-01-21 19:00 <DIR> d-------- C:\WINDOWS\system32\sa3
2008-01-21 19:00 . 2008-01-21 19:00 <DIR> d-------- C:\TEMP\gTiis19
2008-01-21 19:00 . 2008-01-22 12:49 376,320 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-21 18:59 . 2008-01-21 18:59 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-21 18:59 . 2008-01-21 18:59 <DIR> d-------- C:\TEMP\cXzz9
2008-01-21 18:54 . 2008-01-21 18:54 <DIR> d-------- C:\WINDOWS\Sun
2008-01-20 02:50 . 2008-01-20 02:50 <DIR> d-------- C:\Program Files\GALA-NET
2008-01-15 01:06 . 2008-01-15 01:06 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-15 01:03 . 2008-01-15 01:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-15 01:03 . 2008-01-15 01:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-15 01:02 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-15 00:22 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-14 22:42 . 2002-09-30 08:00 87,552 --a------ C:\WINDOWS\system32\CNMLM49.DLL
2008-01-14 22:42 . 2002-07-29 20:59 73,728 --a------ C:\WINDOWS\system32\CNMCP49.exe
2008-01-14 22:42 . 2002-07-29 20:59 73,728 --a------ C:\WINDOWS\system32\cnm1B.tmp
2008-01-14 22:42 . 2002-09-30 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS49.DLL
2008-01-14 22:40 . 2008-01-14 22:41 <DIR> d-------- C:\TEMP\i550_XP_v162
2008-01-14 22:40 . 2008-01-14 22:41 <DIR> d-------- C:\TEMP\Canon_i550_XP_v162
2008-01-13 19:52 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-13 19:52 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-13 19:50 . 2008-01-13 19:50 <DIR> d-------- C:\Program Files\Common Files\snpp106
2008-01-13 19:50 . 1998-06-11 23:15 307,200 --a------ C:\WINDOWS\vidcap32.exe
2008-01-13 18:47 . 2008-01-13 18:49 <DIR> d-------- C:\VP-EYE
2008-01-13 18:47 . 2008-01-13 18:49 33,625 --a------ C:\WINDOWS\unvpeye.ini
2008-01-13 18:41 . 2008-01-13 18:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-13 18:33 . 2008-01-25 15:36 <DIR> d-------- C:\Program Files\MSN Messenger
2008-01-13 17:52 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-13 17:52 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 11:47 . 2007-07-12 16:38 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-13 11:46 . 2008-01-13 11:46 <DIR> d-------- C:\Program Files\Common Files\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:36 --------- d-----w C:\Program Files\BGInfo
2008-01-20 07:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 07:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-16 22:59 --------- d-----w C:\Program Files\Java
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\PROGRA~1\CA\ETRUST~1\realmon.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-25 14:59 132496]
"SDJobCheck"="triggusr.exe" []
"NWTRAY"="NWTRAY.EXE" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoThumbNailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoThumbNailCache"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 19:11 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BGInfo]
c:\program files\bginfo\bginfo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2004-08-25 00:37 110592 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
--a------ 2004-08-25 00:37 395776 C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COT_Networking Tool]
C:\Windows\UTLite33.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]
C:\WINDOWS\system32\dpmw32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Computer]
%windir%\system32\newcomp.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nlae]
C:\PROGRA~1\ASEMBL~1\javaw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDJobCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sxplog]
C:\SxpInst\sxpstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zgtycggn]
C:\WINDOWS\?dobe\w?auboot.exe
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-05-14 13:08]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 11:59]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-08-25 00:37]
R2 TimeServ;Time Service;C:\WINDOWS\system32\timeserv.exe [2004-04-28 02:54]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 12:55]
S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 21:28]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 12:25]
S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2002-11-25 17:30]
*Newly Created Service* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
"2005-05-21 10:22:48 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2005-03-02 14:28:24 C:\WINDOWS\Tasks\defrag.job"
- C:\WINDOWS\system32\defrag.exe
"2008-01-25 20:56:33 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-22 18:24:42 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 15:56:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-01-25 15:57:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 20:57:19
________________________________________________________________________________
_____
________________________________________________________________________________
_____
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:00 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
c:\Program Files\CA\eTrust Antivirus\InoRT.exe
c:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\timeserv.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://insideto.toronto.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Monitor] c:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://insideto.toronto.ca
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE1281D-8A39-49F8-8009-F4575839E73D}: Domain = toronto.ca
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 4663 bytes
Thanks for the help.
ComboFix 08-01-23.1C - admin 2008-01-25 15:23:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.176 [GMT -5:00]
Running from: C:\Documents and Settings\admin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\admin\Application Data\SpyGuardPro
C:\Documents and Settings\admin\Application Data\SpyGuardPro\Logs\threats.log
C:\Documents and Settings\admin\Application Data\SpyGuardPro\Logs\update.log
C:\Documents and Settings\admin\Local Settings\Temp\winvsnet .exe
C:\Documents and Settings\admin\Local Settings\Temp\winvsnet.exe
C:\Documents and Settings\admin\Start Menu\Programs\Outerinfo
C:\Documents and Settings\admin\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
c:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\asembl~1
C:\Program Files\asembl~1\a?sembly\
C:\Program Files\asembl~1\javaw .exe
C:\Program Files\asembl~1\javaw.exe
C:\Program Files\BGInfo\bginfo .exe
C:\Program Files\BGInfo\bginfo.exe
C:\Program Files\CA\eTrust Antivirus\realmon .exe
C:\Program Files\CA\eTrust Antivirus\realmon.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Internet Explorer\laduxan.dll
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetMeeting\horef4444.dll
C:\Program Files\NetMeeting\horef83122.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SpyGuardPro
C:\Program Files\SpyGuardPro\history.db
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR .exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\BMMLREF .EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\EzEjMnAp .Exe
C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
C:\SxpInst\sxpstub .exe
C:\SxpInst\sxpstub.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\w?auboot.exe
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\\asappsrv.dll
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\\command.exe
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\\kZ5Xym1St21ovaLSvBlS.vbs
C:\WINDOWS\Q2l0eSBvZiBUb3JvbnRv\command.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\dpmw32 .exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\efcdeee.dll
C:\WINDOWS\system32\hiiii.ini
C:\WINDOWS\system32\hiiii.ini2
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ICO .EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\iiiih.dll
C:\WINDOWS\system32\iiiih.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnkjhf.dll
C:\WINDOWS\system32\NWTRAY .EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\RCX39.tmp
C:\WINDOWS\system32\RCX56.tmp
C:\WINDOWS\system32\RCX68.tmp
C:\WINDOWS\system32\RCXC.tmp
C:\WINDOWS\system32\RCXD.tmp
C:\WINDOWS\system32\rqrrqrs.dll
C:\WINDOWS\system32\tp4ex .exe
C:\WINDOWS\system32\tp4ex.exe
C:\WINDOWS\system32\TpShocks .exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\xwrdjhlg.dll
C:\WINDOWS\Temp\RecoverFromReboot .exe
C:\WINDOWS\Temp\RecoverFromReboot.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\UTLite33 .exe
C:\WINDOWS\UTLite33.exe
<pre> C:\Documents and Settings\admin\Local Settings\Temp\winvsnet .exe ---> QooBox C:\Program Files\BGInfo\bginfo .exe ---> QooBox C:\Program Files\CA\eTrust Antivirus\realmon .exe ---> QooBox C:\Program Files\Dot1XCfg\Dot1XCfg .exe ---> QooBox C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> jusched.exe C:\Program Files\MSN Messenger\MsnMsgr .Exe ---> QooBox C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ---> QooBox C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR .exe ---> QooBox C:\Program Files\ThinkPad\Utilities\BMMLREF .EXE ---> QooBox C:\Program Files\ThinkPad\Utilities\EzEjMnAp .Exe ---> QooBox C:\SxpInst\sxpstub .exe ---> QooBox C:\WINDOWS\UTLite33 .exe ---> QooBox C:\WINDOWS\system32\dpmw32 .exe ---> QooBox C:\WINDOWS\system32\hkcmd .exe ---> QooBox C:\WINDOWS\system32\ICO .EXE ---> QooBox C:\WINDOWS\system32\igfxtray .exe ---> QooBox C:\WINDOWS\system32\NWTRAY .EXE ---> QooBox C:\WINDOWS\system32\tp4ex .exe ---> QooBox C:\WINDOWS\system32\TpShocks .exe ---> QooBox C:\WINDOWS\Temp\RecoverFromReboot .exe ---> QooBox </pre>
.
----- BITS: Possible infected sites -----
hxxp://javadl.sun.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-25 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 23:11 . 2008-01-24 23:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 13:24 . 2008-01-22 13:33 <DIR> d-------- C:\Program Files\RegCure
2008-01-21 19:03 . 2008-01-25 15:36 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-21 19:03 . 2008-01-21 19:03 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-21 19:00 . 2008-01-21 19:00 <DIR> d-------- C:\WINDOWS\system32\vx2
2008-01-21 19:00 . 2008-01-21 19:00 <DIR> d-------- C:\WINDOWS\system32\sa3
2008-01-21 19:00 . 2008-01-21 19:00 <DIR> d-------- C:\TEMP\gTiis19
2008-01-21 19:00 . 2008-01-22 12:49 376,320 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-21 18:59 . 2008-01-21 18:59 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-21 18:59 . 2008-01-21 18:59 <DIR> d-------- C:\TEMP\cXzz9
2008-01-21 18:54 . 2008-01-21 18:54 <DIR> d-------- C:\WINDOWS\Sun
2008-01-20 02:50 . 2008-01-20 02:50 <DIR> d-------- C:\Program Files\GALA-NET
2008-01-15 01:06 . 2008-01-15 01:06 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-15 01:03 . 2008-01-15 01:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-15 01:03 . 2008-01-15 01:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-15 01:02 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-15 00:22 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-14 22:42 . 2002-09-30 08:00 87,552 --a------ C:\WINDOWS\system32\CNMLM49.DLL
2008-01-14 22:42 . 2002-07-29 20:59 73,728 --a------ C:\WINDOWS\system32\CNMCP49.exe
2008-01-14 22:42 . 2002-07-29 20:59 73,728 --a------ C:\WINDOWS\system32\cnm1B.tmp
2008-01-14 22:42 . 2002-09-30 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS49.DLL
2008-01-14 22:40 . 2008-01-14 22:41 <DIR> d-------- C:\TEMP\i550_XP_v162
2008-01-14 22:40 . 2008-01-14 22:41 <DIR> d-------- C:\TEMP\Canon_i550_XP_v162
2008-01-13 19:52 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-13 19:52 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-13 19:50 . 2008-01-13 19:50 <DIR> d-------- C:\Program Files\Common Files\snpp106
2008-01-13 19:50 . 1998-06-11 23:15 307,200 --a------ C:\WINDOWS\vidcap32.exe
2008-01-13 18:47 . 2008-01-13 18:49 <DIR> d-------- C:\VP-EYE
2008-01-13 18:47 . 2008-01-13 18:49 33,625 --a------ C:\WINDOWS\unvpeye.ini
2008-01-13 18:41 . 2008-01-13 18:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-13 18:33 . 2008-01-25 15:36 <DIR> d-------- C:\Program Files\MSN Messenger
2008-01-13 17:52 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-13 17:52 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 11:47 . 2007-07-12 16:38 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-13 11:46 . 2008-01-13 11:46 <DIR> d-------- C:\Program Files\Common Files\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:36 --------- d-----w C:\Program Files\BGInfo
2008-01-20 07:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 07:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-16 22:59 --------- d-----w C:\Program Files\Java
.
<pre> ----a-w 110,592 2008-01-22 04:53:24 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe </pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\PROGRA~1\CA\ETRUST~1\realmon.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-25 14:59 132496]
"SDJobCheck"="triggusr.exe" []
"NWTRAY"="NWTRAY.EXE" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoThumbNailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoThumbNailCache"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 19:11 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BGInfo]
c:\program files\bginfo\bginfo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2004-08-25 00:37 110592 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
--a------ 2004-08-25 00:37 395776 C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COT_Networking Tool]
C:\Windows\UTLite33.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]
C:\WINDOWS\system32\dpmw32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Computer]
%windir%\system32\newcomp.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nlae]
C:\PROGRA~1\ASEMBL~1\javaw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDJobCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sxplog]
C:\SxpInst\sxpstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zgtycggn]
C:\WINDOWS\?dobe\w?auboot.exe
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-05-14 13:08]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 11:59]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-08-25 00:37]
R2 TimeServ;Time Service;C:\WINDOWS\system32\timeserv.exe [2004-04-28 02:54]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 12:55]
S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 21:28]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 12:25]
S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2002-11-25 17:30]
*Newly Created Service* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
"2005-05-21 10:22:48 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2005-03-02 14:28:24 C:\WINDOWS\Tasks\defrag.job"
- C:\WINDOWS\system32\defrag.exe
"2008-01-25 20:56:33 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-22 18:24:42 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 15:56:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-01-25 15:57:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 20:57:19
________________________________________________________________________________
_____
________________________________________________________________________________
_____
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:00 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
c:\Program Files\CA\eTrust Antivirus\InoRT.exe
c:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\timeserv.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://insideto.toronto.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Monitor] c:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://insideto.toronto.ca
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE1281D-8A39-49F8-8009-F4575839E73D}: Domain = toronto.ca
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 4663 bytes
Thanks for the help.
#4
- Ralphie
-
- Group: GeekU Moderator
- Posts: 47,362
- Joined: 23-March 07
- Location:Dublin
- Operating System:XP
Posted 25 January 2008 - 03:31 PM
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::
File::
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\17PHolmes572.exe
C:\PROGRA~1\ASEMBL~1\javaw.exe
C:\WINDOWS\mrofinu572.exe
Folder::
C:\Program Files\Dot1XCfg
C:\WINDOWS\system32\vx2
C:\WINDOWS\system32\sa3
C:\TEMP\gTiis19
C:\WINDOWS\system32\nGpxx01
C:\TEMP\cXzz9
C:\WINDOWS\?dobe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Computer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nlae]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zgtycggn]
RenV::
----a-w 110,592 2008-01-22 04:53:24 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
File::
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\17PHolmes572.exe
C:\PROGRA~1\ASEMBL~1\javaw.exe
C:\WINDOWS\mrofinu572.exe
Folder::
C:\Program Files\Dot1XCfg
C:\WINDOWS\system32\vx2
C:\WINDOWS\system32\sa3
C:\TEMP\gTiis19
C:\WINDOWS\system32\nGpxx01
C:\TEMP\cXzz9
C:\WINDOWS\?dobe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Computer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nlae]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zgtycggn]
RenV::
----a-w 110,592 2008-01-22 04:53:24 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
#5
- New Member
-
- Group: Member
- Posts: 7
- Joined: 24-January 08
- Operating System:windows xp
Posted 25 January 2008 - 08:14 PM
So I did what you said, is there anything else I have to do?
#6
- Ralphie
-
- Group: GeekU Moderator
- Posts: 47,362
- Joined: 23-March 07
- Location:Dublin
- Operating System:XP
Posted 26 January 2008 - 07:27 AM
Yes
Post me the ComboFix log
Post me the ComboFix log
#7
- New Member
-
- Group: Member
- Posts: 7
- Joined: 24-January 08
- Operating System:windows xp
Posted 26 January 2008 - 11:00 PM
ComboFix 08-01-23.1C - Admin 2008-01-26 23:34:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.259 [GMT -5:00]
Running from: C:\Documents and Settings\admin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.
2008-01-26 01:58 . 2008-01-26 01:58 <DIR> d---s---- C:\Program Files\Xfire
2008-01-26 01:51 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-25 16:33 . 2008-01-25 16:33 <DIR> d-------- C:\Program Files\LimeWire
2008-01-25 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 23:11 . 2008-01-24 23:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 18:54 . 2008-01-21 18:54 <DIR> d-------- C:\WINDOWS\Sun
2008-01-20 02:50 . 2008-01-20 02:50 <DIR> d-------- C:\Program Files\GALA-NET
2008-01-15 01:06 . 2008-01-15 01:06 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-15 01:03 . 2008-01-15 01:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-15 01:03 . 2008-01-15 01:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-15 01:02 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-15 00:22 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-14 22:42 . 2002-09-30 08:00 87,552 --a------ C:\WINDOWS\system32\CNMLM49.DLL
2008-01-14 22:42 . 2002-07-29 20:59 73,728 --a------ C:\WINDOWS\system32\CNMCP49.exe
2008-01-14 22:42 . 2002-07-29 20:59 73,728 --a------ C:\WINDOWS\system32\cnm1B.tmp
2008-01-14 22:42 . 2002-09-30 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS49.DLL
2008-01-14 22:40 . 2008-01-14 22:41 <DIR> d-------- C:\TEMP\i550_XP_v162
2008-01-14 22:40 . 2008-01-14 22:41 <DIR> d-------- C:\TEMP\Canon_i550_XP_v162
2008-01-13 19:52 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-13 19:52 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-13 19:50 . 2008-01-13 19:50 <DIR> d-------- C:\Program Files\Common Files\snpp106
2008-01-13 19:50 . 1998-06-11 23:15 307,200 --a------ C:\WINDOWS\vidcap32.exe
2008-01-13 18:47 . 2008-01-13 18:49 <DIR> d-------- C:\VP-EYE
2008-01-13 18:47 . 2008-01-13 18:49 33,625 --a------ C:\WINDOWS\unvpeye.ini
2008-01-13 18:41 . 2008-01-13 18:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-13 18:33 . 2008-01-25 16:05 <DIR> d-------- C:\Program Files\MSN Messenger
2008-01-13 17:52 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-13 17:52 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 11:47 . 2007-07-12 16:38 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-13 11:46 . 2008-01-13 11:46 <DIR> d-------- C:\Program Files\Common Files\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 06:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 20:36 --------- d-----w C:\Program Files\BGInfo
2008-01-20 07:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-16 22:59 --------- d-----w C:\Program Files\Java
.
((((((((((((((((((((((((((((( snapshot@2008-01-25_15.57.07.66 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 20:20:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 02:01:04 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 20:20:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 02:01:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 20:20:48 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-26 02:01:05 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-25 20:20:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 02:01:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 20:20:49 1,794,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-26 02:01:05 1,794,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-25 20:20:49 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 02:01:05 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-13 23:41:43 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2008-01-25 21:05:18 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
- 2008-01-25 20:45:41 52,164 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 20:57:50 52,164 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-25 20:45:41 375,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 20:57:50 375,862 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\PROGRA~1\CA\ETRUST~1\realmon.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-25 14:59 132496]
"SDJobCheck"="triggusr.exe" []
"NWTRAY"="NWTRAY.EXE" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoThumbNailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoThumbNailCache"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 19:11 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BGInfo]
c:\program files\bginfo\bginfo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2004-08-25 00:37 110592 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
--a------ 2004-08-25 00:37 395776 C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COT_Networking Tool]
C:\Windows\UTLite33.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]
C:\WINDOWS\system32\dpmw32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDJobCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sxplog]
C:\SxpInst\sxpstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2008-01-21 23:53 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-05-14 13:08]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 11:59]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-08-25 00:37]
R2 TimeServ;Time Service;C:\WINDOWS\system32\timeserv.exe [2004-04-28 02:54]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 12:55]
S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 21:28]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 12:25]
S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2002-11-25 17:30]
.
Contents of the 'Scheduled Tasks' folder
"2005-05-21 10:22:48 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2005-03-02 14:28:24 C:\WINDOWS\Tasks\defrag.job"
- C:\WINDOWS\system32\defrag.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 23:48:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-01-26 23:49:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 04:49:25
ComboFix2.txt 2008-01-26 02:05:44
ComboFix3.txt 2008-01-25 20:57:28
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.259 [GMT -5:00]
Running from: C:\Documents and Settings\admin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.
2008-01-26 01:58 . 2008-01-26 01:58 <DIR> d---s---- C:\Program Files\Xfire
2008-01-26 01:51 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-25 16:33 . 2008-01-25 16:33 <DIR> d-------- C:\Program Files\LimeWire
2008-01-25 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 23:11 . 2008-01-24 23:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 18:54 . 2008-01-21 18:54 <DIR> d-------- C:\WINDOWS\Sun
2008-01-20 02:50 . 2008-01-20 02:50 <DIR> d-------- C:\Program Files\GALA-NET
2008-01-15 01:06 . 2008-01-15 01:06 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-15 01:03 . 2008-01-15 01:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-15 01:03 . 2008-01-15 01:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-15 01:02 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-15 00:22 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-14 22:42 . 2002-09-30 08:00 87,552 --a------ C:\WINDOWS\system32\CNMLM49.DLL
2008-01-14 22:42 . 2002-07-29 20:59 73,728 --a------ C:\WINDOWS\system32\CNMCP49.exe
2008-01-14 22:42 . 2002-07-29 20:59 73,728 --a------ C:\WINDOWS\system32\cnm1B.tmp
2008-01-14 22:42 . 2002-09-30 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS49.DLL
2008-01-14 22:40 . 2008-01-14 22:41 <DIR> d-------- C:\TEMP\i550_XP_v162
2008-01-14 22:40 . 2008-01-14 22:41 <DIR> d-------- C:\TEMP\Canon_i550_XP_v162
2008-01-13 19:52 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-13 19:52 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-13 19:50 . 2008-01-13 19:50 <DIR> d-------- C:\Program Files\Common Files\snpp106
2008-01-13 19:50 . 1998-06-11 23:15 307,200 --a------ C:\WINDOWS\vidcap32.exe
2008-01-13 18:47 . 2008-01-13 18:49 <DIR> d-------- C:\VP-EYE
2008-01-13 18:47 . 2008-01-13 18:49 33,625 --a------ C:\WINDOWS\unvpeye.ini
2008-01-13 18:41 . 2008-01-13 18:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-13 18:33 . 2008-01-25 16:05 <DIR> d-------- C:\Program Files\MSN Messenger
2008-01-13 17:52 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-13 17:52 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 11:47 . 2007-07-12 16:38 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-13 11:46 . 2008-01-13 11:46 <DIR> d-------- C:\Program Files\Common Files\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 06:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 20:36 --------- d-----w C:\Program Files\BGInfo
2008-01-20 07:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-16 22:59 --------- d-----w C:\Program Files\Java
.
((((((((((((((((((((((((((((( snapshot@2008-01-25_15.57.07.66 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 20:20:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 02:01:04 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 20:20:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 02:01:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 20:20:48 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-26 02:01:05 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-25 20:20:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 02:01:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 20:20:49 1,794,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-26 02:01:05 1,794,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-25 20:20:49 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 02:01:05 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-13 23:41:43 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2008-01-25 21:05:18 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
- 2008-01-25 20:45:41 52,164 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 20:57:50 52,164 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-25 20:45:41 375,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 20:57:50 375,862 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\PROGRA~1\CA\ETRUST~1\realmon.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-25 14:59 132496]
"SDJobCheck"="triggusr.exe" []
"NWTRAY"="NWTRAY.EXE" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoThumbNailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoThumbNailCache"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 19:11 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BGInfo]
c:\program files\bginfo\bginfo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2004-08-25 00:37 110592 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
--a------ 2004-08-25 00:37 395776 C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COT_Networking Tool]
C:\Windows\UTLite33.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]
C:\WINDOWS\system32\dpmw32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDJobCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sxplog]
C:\SxpInst\sxpstub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2008-01-21 23:53 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-05-14 13:08]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 11:59]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-08-25 00:37]
R2 TimeServ;Time Service;C:\WINDOWS\system32\timeserv.exe [2004-04-28 02:54]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 12:55]
S3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2003-01-20 21:28]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 12:25]
S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2002-11-25 17:30]
.
Contents of the 'Scheduled Tasks' folder
"2005-05-21 10:22:48 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2005-03-02 14:28:24 C:\WINDOWS\Tasks\defrag.job"
- C:\WINDOWS\system32\defrag.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 23:48:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-01-26 23:49:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 04:49:25
ComboFix2.txt 2008-01-26 02:05:44
ComboFix3.txt 2008-01-25 20:57:28
#8
- Ralphie
-
- Group: GeekU Moderator
- Posts: 47,362
- Joined: 23-March 07
- Location:Dublin
- Operating System:XP
Posted 27 January 2008 - 10:50 AM
Hello
Download and scan with SUPERAntiSpyware Free for Home Users
Also post a new HijackThis log
Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Close browsers before scanning.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Preferences, then click the Statistics/Logs tab.
- Click Close to exit the program.
Also post a new HijackThis log
#9
- New Member
-
- Group: Member
- Posts: 7
- Joined: 24-January 08
- Operating System:windows xp
Posted 28 January 2008 - 12:38 AM
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/28/2008 at 01:15 AM
Application Version : 3.9.1008
Core Rules Database Version : 3389
Trace Rules Database Version: 1383
Scan type : Complete Scan
Total Scan Time : 00:36:49
Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 5239
Registry threats detected : 0
File items scanned : 32362
File threats detected : 448
Adware.Tracking Cookie
C:\Documents and Settings\admin\Cookies\admin@casalemedia[2].txt
C:\Documents and Settings\admin\Cookies\admin@tacoda[2].txt
C:\Documents and Settings\admin\Cookies\admin@revsci[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads.adbrite[2].txt
C:\Documents and Settings\admin\Cookies\admin@partygaming.122.2o7[1].txt
C:\Documents and Settings\admin\Cookies\admin@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\admin\Cookies\admin@tripod.lycos[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.techguy[1].txt
C:\Documents and Settings\admin\Cookies\admin@perf.overture[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.tripod.lycos[2].txt
C:\Documents and Settings\admin\Cookies\admin@advertising[1].txt
C:\Documents and Settings\admin\Cookies\admin@atwola[1].txt
C:\Documents and Settings\admin\Cookies\admin@ad[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.veoh[2].txt
C:\Documents and Settings\admin\Cookies\admin@media.top-banners[1].txt
C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads.domainsuite[1].txt
C:\Documents and Settings\admin\Cookies\admin@adserver[1].txt
C:\Documents and Settings\admin\Cookies\admin@adbrite[2].txt
C:\Documents and Settings\admin\Cookies\admin@media6degrees[2].txt
C:\Documents and Settings\admin\Cookies\admin@media.adrevolver[2].txt
C:\Documents and Settings\admin\Cookies\admin@doubleclick[1].txt
C:\Documents and Settings\admin\Cookies\admin@1070765727[1].txt
C:\Documents and Settings\admin\Cookies\admin@partypoker[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads.k8l[1].txt
C:\Documents and Settings\admin\Cookies\admin@adsby.zwoops[1].txt
C:\Documents and Settings\admin\Cookies\admin@statcounter[2].txt
C:\Documents and Settings\admin\Cookies\admin@stat.onestat[2].txt
C:\Documents and Settings\admin\Cookies\admin@smileycentral[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.gamershell[2].txt
C:\Documents and Settings\admin\Cookies\admin@server.cpmstar[2].txt
C:\Documents and Settings\admin\Cookies\admin@888[1].txt
C:\Documents and Settings\admin\Cookies\admin@banners.searchingbooth[1].txt
C:\Documents and Settings\admin\Cookies\admin@1057242773[1].txt
C:\Documents and Settings\admin\Cookies\admin@overture[1].txt
C:\Documents and Settings\admin\Cookies\admin@adrevolver[2].txt
C:\Documents and Settings\admin\Cookies\admin@new-pcp[1].txt
C:\Documents and Settings\admin\Cookies\admin@zbox.zanox[1].txt
C:\Documents and Settings\admin\Cookies\admin@ad.outerinfoads[2].txt
C:\Documents and Settings\admin\Cookies\admin@cgi-bin[2].txt
C:\Documents and Settings\admin\Cookies\admin@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\admin\Cookies\admin@3.adbrite[1].txt
C:\Documents and Settings\admin\Cookies\admin@fastclick[1].txt
C:\Documents and Settings\admin\Cookies\admin@entrepreneur[2].txt
C:\Documents and Settings\admin\Cookies\admin@adrevolver[3].txt
C:\Documents and Settings\admin\Cookies\admin@www.adtrak[1].txt
C:\Documents and Settings\admin\Cookies\admin@1070878818[1].txt
C:\Documents and Settings\admin\Cookies\admin@2o7[2].txt
C:\Documents and Settings\admin\Cookies\admin@revenue[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads2.k8l[1].txt
C:\Documents and Settings\admin\Cookies\admin@mediaplex[1].txt
C:\Documents and Settings\admin\Cookies\admin@mediatraffic[1].txt
C:\Documents and Settings\admin\Cookies\admin@tribalfusion[2].txt
C:\Documents and Settings\admin\Cookies\admin@adopt.euroclick[2].txt
C:\Documents and Settings\admin\Cookies\admin@pacificpoker[1].txt
C:\Documents and Settings\admin\Cookies\admin@www.comprabanner[1].txt
C:\Documents and Settings\admin\Cookies\admin@1070425503[1].txt
C:\Documents and Settings\admin\Cookies\admin@cassava[1].txt
C:\Documents and Settings\admin\Cookies\admin@clickbank[1].txt
C:\Documents and Settings\admin\Cookies\admin@statse.webtrendslive[2].txt
C:\Documents and Settings\admin\Cookies\admin@prospect.adbureau[2].txt
C:\Documents and Settings\admin\Cookies\admin@trafficmp[1].txt
C:\Documents and Settings\admin\Cookies\admin@atlas.entrepreneur[1].txt
C:\Documents and Settings\admin\Cookies\admin@zedo[1].txt
C:\Documents and Settings\admin\Cookies\admin@ad.yieldmanager[1].txt
C:\Documents and Settings\admin\Cookies\admin@apmebf[2].txt
C:\Documents and Settings\admin\Cookies\admin@devart.adbureau[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads.ak.facebook[1].txt
C:\Documents and Settings\admin\Cookies\admin@server.iad.liveperson[2].txt
C:\Documents and Settings\admin\Cookies\admin@cgm.adbureau[1].txt
C:\Documents and Settings\admin\Cookies\admin@azjmp[2].txt
C:\Documents and Settings\admin\Cookies\admin@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\admin\Cookies\admin@hitbox[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@2o7[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@ad.yieldmanager[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@adserver.filefront[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@advertising[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@atdmt[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@azjmp[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@casalemedia[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@doubleclick[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@gaiainteractive.112.2o7[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@statcounter[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@tacoda[2].txt
C:\Documents and Settings\LocalService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adrevolver[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.k8l[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adsby.zwoops[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atlas.entrepreneur[2].txt
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt
C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[1].txt
C:\Documents and Settings\LocalService\Cookies\system@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@entrepreneur[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media.adrevolver[1].txt
C:\Documents and Settings\LocalService\Cookies\system@network-ca.247realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.adtrak[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.entrepreneur[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt
Adware.k8l
C:\PROGRAM FILES\INTERNET EXPLORER\PROMYMYHD.HTML
Malware.LocusSoftware Inc/BestSellerAntivirus
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\WINVSNET .EXE.VIR
Trojan.Vundo/Variant-Installer/A
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\WINVSNET.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\BGINFO\BGINFO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\CA\ETRUST ANTIVIRUS\REALMON.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\THINKPAD\UTILITIES\EZEJMNAP.EXE.VIR
C:\QOOBOX\QUARANTINE\C\SXPINST\SXPSTUB.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU572.EXE.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DPMW32.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HKCMD.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ICO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IGFXTRAY.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NWTRAY.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TP4EX.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TPSHOCKS.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\TEMP\RECOVERFROMREBOOT.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010807.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010808.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010809.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010811.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010812.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010813.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010814.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010816.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010818.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010819.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010820.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010879.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010887.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010892.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010895.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010897.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010898.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010899.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010901.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010905.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010906.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010913.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010921.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010925.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010930.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010933.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010937.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010938.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010939.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010941.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010943.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010945.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010947.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010948.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010958.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010966.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010970.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010972.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010976.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010977.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010979.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010980.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010983.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010985.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010986.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011002.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011010.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011015.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011022.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011023.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011024.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011028.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011030.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012001.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012005.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012006.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012007.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012009.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012010.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012012.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012016.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012017.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012022.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012023.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012024.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012026.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012028.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012029.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012030.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012031.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012032.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012034.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012037.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012065.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012066.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012067.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012068.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012090.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012091.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012092.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012094.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012095.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012096.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012097.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012099.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012101.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012102.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012103.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012106.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012110.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012114.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012115.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012116.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012118.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012119.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012120.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012121.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012123.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012125.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012126.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012188.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012194.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012195.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012196.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012200.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012201.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012204.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012206.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012209.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012210.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012211.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012355.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012365.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012366.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012367.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012369.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012370.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012371.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012373.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012375.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012376.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012377.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012383.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012384.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012385.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012386.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP27\A0012450.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012451.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012471.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012473.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012477.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012485.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012490.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012491.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012492.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012500.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012504.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012505.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012508.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012524.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012546.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012547.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012549.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012550.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012551.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012554.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012555.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012556.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012557.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012558.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012559.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012560.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012561.EXE
Adware.ClickSpring
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ASEMBL~1\JAVAW .EXE.VIR
C:\QooBox\Quarantine\C\WINDOWS\DOBE~1\WAUBOO~1.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XWRDJHLG.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010912.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010994.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011039.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012042.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012381.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012479.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012494.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012510.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012511.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012519.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012568.EXE
Trojan.Vundo/Variant-Installer
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ASEMBL~1\JAVAW.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOT1XCFG\DOT1XCFG.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\THINKPAD\PKGMGR\HOTKEY\TPHKMGR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\THINKPAD\UTILITIES\BMMLREF.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IIIIH.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX39.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX56.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX68.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCXC.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCXD.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UTLITE33.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010805.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010806.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010810.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010815.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010817.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010823.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010884.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010885.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010893.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010900.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010904.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010908.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010923.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010924.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010935.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010942.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010944.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010950.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010960.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010962.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010974.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010982.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010984.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010988.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011004.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011005.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011029.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012003.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012004.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012008.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012015.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012019.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012021.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012027.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012035.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012036.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012088.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012089.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012093.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012098.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012100.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012104.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012112.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012113.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012117.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012122.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012124.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012128.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012190.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012192.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012199.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012205.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012208.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012225.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012361.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012362.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012368.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012372.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012374.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012378.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012453.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012493.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012509.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012523.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012548.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012552.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012553.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012562.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012563.EXE
Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR
Trojan.Downloader-WinPop/SD
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOT1XCFG\DOT1XCFG .EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010911.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011038.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012043.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012219.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012382.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012531.EXE
Trojan.ZQuest
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET EXPLORER\LADUXAN.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012520.DLL
Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETMEETING\HOREF4444.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETMEETING\HOREF83122.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\Q2L0ESBVZIBUB3JVBNRV\COMMAND.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012521.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012522.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012528.EXE
Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012564.EXE
Trojan.Downloader-Gen/MROFIN
C:\QOOBOX\QUARANTINE\C\WINDOWS\17PHOLMES572.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU1000106.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP23\A0010782.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP23\A0010796.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010907.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010987.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011034.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012018.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012045.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012063.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012064.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012072.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012127.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012224.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012387.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012517.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP31\A0012664.EXE
Malware.LocusSoftware Inc-Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N122M2210NETINSTALLER.EXE.VIR
Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\Q2L0ESBVZIBUB3JVBNRV\ASAPPSRV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VX2\SOFTIDNDLL3.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012571.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP31\A0012663.EXE
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\Q2L0ESBVZIBUB3JVBNRV\KZ5XYM1ST21OVALSVBLS.VBS.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SA3\RENAMD83122.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\TTC-4444.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012516.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012572.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012574.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP31\A0012662.EXE
Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EFCDEEE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NNNKJHF.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012525.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012526.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012579.DLL
Trojan.ZQuest-Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\TK58.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012573.EXE
Rogue.StorageProtector/Trace
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010831.EXE
Rogue.LocusSoftware/Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010856.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010862.DLL
Rogue.NoWayVirus-PTask
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010861.EXE
Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012346.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012578.DLL
________________________________________________________________________________
_________________________________________________________________________________
_______
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:36 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
c:\Program Files\CA\eTrust Antivirus\InoRT.exe
c:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\timeserv.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\sdjexec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://insideto.toronto.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Realtime Monitor] c:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://insideto.toronto.ca
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE1281D-8A39-49F8-8009-F4575839E73D}: Domain = toronto.ca
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 4986 bytes
http://www.superantispyware.com
Generated 01/28/2008 at 01:15 AM
Application Version : 3.9.1008
Core Rules Database Version : 3389
Trace Rules Database Version: 1383
Scan type : Complete Scan
Total Scan Time : 00:36:49
Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 5239
Registry threats detected : 0
File items scanned : 32362
File threats detected : 448
Adware.Tracking Cookie
C:\Documents and Settings\admin\Cookies\admin@casalemedia[2].txt
C:\Documents and Settings\admin\Cookies\admin@tacoda[2].txt
C:\Documents and Settings\admin\Cookies\admin@revsci[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads.adbrite[2].txt
C:\Documents and Settings\admin\Cookies\admin@partygaming.122.2o7[1].txt
C:\Documents and Settings\admin\Cookies\admin@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\admin\Cookies\admin@tripod.lycos[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.techguy[1].txt
C:\Documents and Settings\admin\Cookies\admin@perf.overture[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.tripod.lycos[2].txt
C:\Documents and Settings\admin\Cookies\admin@advertising[1].txt
C:\Documents and Settings\admin\Cookies\admin@atwola[1].txt
C:\Documents and Settings\admin\Cookies\admin@ad[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.veoh[2].txt
C:\Documents and Settings\admin\Cookies\admin@media.top-banners[1].txt
C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads.domainsuite[1].txt
C:\Documents and Settings\admin\Cookies\admin@adserver[1].txt
C:\Documents and Settings\admin\Cookies\admin@adbrite[2].txt
C:\Documents and Settings\admin\Cookies\admin@media6degrees[2].txt
C:\Documents and Settings\admin\Cookies\admin@media.adrevolver[2].txt
C:\Documents and Settings\admin\Cookies\admin@doubleclick[1].txt
C:\Documents and Settings\admin\Cookies\admin@1070765727[1].txt
C:\Documents and Settings\admin\Cookies\admin@partypoker[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads.k8l[1].txt
C:\Documents and Settings\admin\Cookies\admin@adsby.zwoops[1].txt
C:\Documents and Settings\admin\Cookies\admin@statcounter[2].txt
C:\Documents and Settings\admin\Cookies\admin@stat.onestat[2].txt
C:\Documents and Settings\admin\Cookies\admin@smileycentral[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.gamershell[2].txt
C:\Documents and Settings\admin\Cookies\admin@server.cpmstar[2].txt
C:\Documents and Settings\admin\Cookies\admin@888[1].txt
C:\Documents and Settings\admin\Cookies\admin@banners.searchingbooth[1].txt
C:\Documents and Settings\admin\Cookies\admin@1057242773[1].txt
C:\Documents and Settings\admin\Cookies\admin@overture[1].txt
C:\Documents and Settings\admin\Cookies\admin@adrevolver[2].txt
C:\Documents and Settings\admin\Cookies\admin@new-pcp[1].txt
C:\Documents and Settings\admin\Cookies\admin@zbox.zanox[1].txt
C:\Documents and Settings\admin\Cookies\admin@ad.outerinfoads[2].txt
C:\Documents and Settings\admin\Cookies\admin@cgi-bin[2].txt
C:\Documents and Settings\admin\Cookies\admin@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\admin\Cookies\admin@3.adbrite[1].txt
C:\Documents and Settings\admin\Cookies\admin@fastclick[1].txt
C:\Documents and Settings\admin\Cookies\admin@entrepreneur[2].txt
C:\Documents and Settings\admin\Cookies\admin@adrevolver[3].txt
C:\Documents and Settings\admin\Cookies\admin@www.adtrak[1].txt
C:\Documents and Settings\admin\Cookies\admin@1070878818[1].txt
C:\Documents and Settings\admin\Cookies\admin@2o7[2].txt
C:\Documents and Settings\admin\Cookies\admin@revenue[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads2.k8l[1].txt
C:\Documents and Settings\admin\Cookies\admin@mediaplex[1].txt
C:\Documents and Settings\admin\Cookies\admin@mediatraffic[1].txt
C:\Documents and Settings\admin\Cookies\admin@tribalfusion[2].txt
C:\Documents and Settings\admin\Cookies\admin@adopt.euroclick[2].txt
C:\Documents and Settings\admin\Cookies\admin@pacificpoker[1].txt
C:\Documents and Settings\admin\Cookies\admin@www.comprabanner[1].txt
C:\Documents and Settings\admin\Cookies\admin@1070425503[1].txt
C:\Documents and Settings\admin\Cookies\admin@cassava[1].txt
C:\Documents and Settings\admin\Cookies\admin@clickbank[1].txt
C:\Documents and Settings\admin\Cookies\admin@statse.webtrendslive[2].txt
C:\Documents and Settings\admin\Cookies\admin@prospect.adbureau[2].txt
C:\Documents and Settings\admin\Cookies\admin@trafficmp[1].txt
C:\Documents and Settings\admin\Cookies\admin@atlas.entrepreneur[1].txt
C:\Documents and Settings\admin\Cookies\admin@zedo[1].txt
C:\Documents and Settings\admin\Cookies\admin@ad.yieldmanager[1].txt
C:\Documents and Settings\admin\Cookies\admin@apmebf[2].txt
C:\Documents and Settings\admin\Cookies\admin@devart.adbureau[2].txt
C:\Documents and Settings\admin\Cookies\admin@ads.ak.facebook[1].txt
C:\Documents and Settings\admin\Cookies\admin@server.iad.liveperson[2].txt
C:\Documents and Settings\admin\Cookies\admin@cgm.adbureau[1].txt
C:\Documents and Settings\admin\Cookies\admin@azjmp[2].txt
C:\Documents and Settings\admin\Cookies\admin@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\admin\Cookies\admin@hitbox[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@2o7[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@ad.yieldmanager[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@adserver.filefront[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@advertising[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@atdmt[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@azjmp[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@casalemedia[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@doubleclick[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@gaiainteractive.112.2o7[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@statcounter[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@tacoda[2].txt
C:\Documents and Settings\LocalService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adrevolver[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.k8l[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adsby.zwoops[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atlas.entrepreneur[2].txt
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt
C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[1].txt
C:\Documents and Settings\LocalService\Cookies\system@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@entrepreneur[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media.adrevolver[1].txt
C:\Documents and Settings\LocalService\Cookies\system@network-ca.247realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.adtrak[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.entrepreneur[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt
Adware.k8l
C:\PROGRAM FILES\INTERNET EXPLORER\PROMYMYHD.HTML
Malware.LocusSoftware Inc/BestSellerAntivirus
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\WINVSNET .EXE.VIR
Trojan.Vundo/Variant-Installer/A
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\WINVSNET.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\BGINFO\BGINFO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\CA\ETRUST ANTIVIRUS\REALMON.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\THINKPAD\UTILITIES\EZEJMNAP.EXE.VIR
C:\QOOBOX\QUARANTINE\C\SXPINST\SXPSTUB.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU572.EXE.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DPMW32.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HKCMD.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ICO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IGFXTRAY.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NWTRAY.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TP4EX.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TPSHOCKS.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\TEMP\RECOVERFROMREBOOT.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010807.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010808.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010809.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010811.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010812.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010813.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010814.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010816.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010818.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010819.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010820.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010879.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010887.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010892.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010895.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010897.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010898.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010899.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010901.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010905.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010906.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010913.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010921.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010925.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010930.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010933.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010937.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010938.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010939.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010941.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010943.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010945.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010947.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010948.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010958.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010966.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010970.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010972.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010976.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010977.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010979.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010980.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010983.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010985.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010986.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011002.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011010.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011015.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011022.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011023.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011024.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011028.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011030.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012001.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012005.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012006.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012007.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012009.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012010.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012012.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012016.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012017.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012022.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012023.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012024.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012026.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012028.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012029.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012030.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012031.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012032.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012034.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012037.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012065.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012066.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012067.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012068.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012090.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012091.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012092.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012094.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012095.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012096.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012097.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012099.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012101.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012102.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012103.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012106.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012110.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012114.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012115.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012116.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012118.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012119.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012120.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012121.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012123.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012125.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012126.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012188.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012194.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012195.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012196.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012200.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012201.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012204.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012206.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012209.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012210.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012211.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012355.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012365.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012366.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012367.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012369.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012370.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012371.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012373.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012375.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012376.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012377.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012383.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012384.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012385.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012386.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP27\A0012450.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012451.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012471.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012473.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012477.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012485.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012490.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012491.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012492.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012500.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012504.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012505.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012508.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012524.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012546.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012547.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012549.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012550.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012551.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012554.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012555.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012556.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012557.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012558.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012559.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012560.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012561.EXE
Adware.ClickSpring
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ASEMBL~1\JAVAW .EXE.VIR
C:\QooBox\Quarantine\C\WINDOWS\DOBE~1\WAUBOO~1.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XWRDJHLG.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010912.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010994.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011039.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012042.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012381.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012479.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012494.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012510.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012511.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012519.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012568.EXE
Trojan.Vundo/Variant-Installer
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ASEMBL~1\JAVAW.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOT1XCFG\DOT1XCFG.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\THINKPAD\PKGMGR\HOTKEY\TPHKMGR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\THINKPAD\UTILITIES\BMMLREF.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IIIIH.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX39.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX56.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX68.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCXC.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCXD.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UTLITE33.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010805.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010806.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010810.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010815.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010817.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010823.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010884.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010885.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010893.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010900.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010904.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010908.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010923.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010924.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010935.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010942.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010944.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010950.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010960.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010962.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010974.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010982.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010984.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010988.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011004.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011005.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011029.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012003.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012004.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012008.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012015.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012019.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012021.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012027.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012035.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012036.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012088.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012089.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012093.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012098.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012100.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012104.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012112.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012113.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012117.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012122.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012124.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012128.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012190.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012192.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012199.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012205.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012208.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012225.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012361.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012362.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012368.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012372.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012374.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012378.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012453.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012493.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP28\A0012509.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012523.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012548.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012552.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012553.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012562.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012563.EXE
Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR
Trojan.Downloader-WinPop/SD
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOT1XCFG\DOT1XCFG .EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010911.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011038.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012043.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012219.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012382.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012531.EXE
Trojan.ZQuest
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET EXPLORER\LADUXAN.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012520.DLL
Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETMEETING\HOREF4444.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETMEETING\HOREF83122.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\Q2L0ESBVZIBUB3JVBNRV\COMMAND.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012521.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012522.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012528.EXE
Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012564.EXE
Trojan.Downloader-Gen/MROFIN
C:\QOOBOX\QUARANTINE\C\WINDOWS\17PHOLMES572.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU1000106.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP23\A0010782.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP23\A0010796.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010907.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010987.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0011034.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0012018.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012045.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012063.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012064.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP25\A0012072.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012127.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012224.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012387.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012517.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP31\A0012664.EXE
Malware.LocusSoftware Inc-Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N122M2210NETINSTALLER.EXE.VIR
Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\Q2L0ESBVZIBUB3JVBNRV\ASAPPSRV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VX2\SOFTIDNDLL3.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012571.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP31\A0012663.EXE
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\Q2L0ESBVZIBUB3JVBNRV\KZ5XYM1ST21OVALSVBLS.VBS.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SA3\RENAMD83122.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\TTC-4444.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012516.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012572.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012574.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP31\A0012662.EXE
Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EFCDEEE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NNNKJHF.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012525.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012526.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012579.DLL
Trojan.ZQuest-Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\TK58.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012573.EXE
Rogue.StorageProtector/Trace
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010831.EXE
Rogue.LocusSoftware/Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010856.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010862.DLL
Rogue.NoWayVirus-PTask
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP24\A0010861.EXE
Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP26\A0012346.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9DD8723F-08A7-4EED-B572-20406E757287}\RP29\A0012578.DLL
________________________________________________________________________________
_________________________________________________________________________________
_______
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:36 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
c:\Program Files\CA\eTrust Antivirus\InoRT.exe
c:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\timeserv.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\sdjexec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://insideto.toronto.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Realtime Monitor] c:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [UserPref] REGEDIT.exe /s c:\windows\system32\userpref.reg (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://insideto.toronto.ca
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE1281D-8A39-49F8-8009-F4575839E73D}: Domain = toronto.ca
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 4986 bytes
#10
- Ralphie
-
- Group: GeekU Moderator
- Posts: 47,362
- Joined: 23-March 07
- Location:Dublin
- Operating System:XP
Posted 28 January 2008 - 07:43 AM
Your logs are clean ! We need to do a few things
You can delete the tools that we used
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here
Now we need to create a new System Restore point.
Click Start Menu > Run > type (or copy and paste)
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.
You can delete the tools that we used
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here
Now we need to create a new System Restore point.
Click Start Menu > Run > type (or copy and paste)
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.
#11
- New Member
-
- Group: Member
- Posts: 7
- Joined: 24-January 08
- Operating System:windows xp
Posted 28 January 2008 - 09:20 AM
Thank you so much for all your help.
#12
- Ralphie
-
- Group: GeekU Moderator
- Posts: 47,362
- Joined: 23-March 07
- Location:Dublin
- Operating System:XP
Posted 28 January 2008 - 09:49 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Share this topic:
Page 1 of 1
- Join to reply or start a new topic
-
This topic is locked
