c000021a fatal error (logon process...)

Unknown

i recently updated my whole computer; changed its motherboard, power supply, cpu and graphics card and erased everything in my harddrive. (basically my whole computer is new)
but since then, my computer keeps on restarting randomly, usually after it has ran for at least 30 minutes

at the last moments before restarting, my computer (which is a XP sp2) would briefly change its setting into windows classic (gray start tab and everything, and then black out and restart.
i unchecked the auto-restart and it now shows a blue screen with STOP c000021a fatal error etc etc.....

ive read similar probs on this forum. it recommended getting a HijackThis log, so here it is:

Logfile of HijackThis v1.99.1 Scan saved at 11:46:34 PM, on 4/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Azureus\Azureus.exe C:\program files\internet explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\k12085252043.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\winhelp1.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208571421358 O23 - Service: A6933495 - Unknown owner - C:\WINDOWS\system32\CF8C34A4.EXE O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Windows XP SP2 Center - Unknown owner - C:\WINDOWS\system32\k12085252032.exe O23 - Service: Windows Accounts Driver (windows_0) - Unknown owner - C:\WINDOWS\system32\k12085252043.exe

Thomas

Welcome to Icrontic flyingsquirrel,

Difficult to read as is, but the log posted shows at least an active SDBot infection loaded there. Let's get a more detailed look then start repairs. Before posting logs, in Notepad please go to Format and uncheck Word Wrap. If you look at other request threads here you will see the difference between the way your log posted and others.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

You can use extra posts here if needed for that.

flyingsquirrel

ok. this is the main.txt:

Deckard's System Scanner v20071014.68
Run by user on 2008-04-19 12:32:46
Computer is in Normal Mode.

---

Backed up registry hives.



-- HijackThis (run as user.exe)

---

Unable to find log (file not found); running clone.
-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-19 12:33:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\k12085252043.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\winhelp1.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [zsmscc] rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208571421358
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: A6933495 - Unknown owner - C:\WINDOWS\system32\CF8C34A4.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows XP SP2 Center - Unknown owner - C:\WINDOWS\system32\k12085252032.exe
O23 - Service: Windows Accounts Driver (windows_0) - Unknown owner - C:\WINDOWS\system32\k12085252043.exe


--
End of file - 8872 bytes

-- File Associations

---

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 acpidisk - c:\windows\system32\drivers\acpidisk.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 windows_0 (Windows Accounts Driver) - c:\windows\system32\k12085252043.exe

S2 A6933495 - c:\windows\system32\cf8c34a4.exe -k
S2 Windows XP SP2 Center - c:\windows\system32\k12085252032.exe


-- Device Manager: Disabled

---

No disabled devices found.


-- Files created between 2008-03-19 and 2008-04-19

---

2008-04-19 12:24:02 70 --ah

---

C:\aaw7boot.cmd
2008-04-19 12:21:03 66576 --a

---

C:\WINDOWS\system32\k12086328626.exe
2008-04-19 12:21:03 226813 --a

---

C:\WINDOWS\system32\k12086328615.exe
2008-04-19 12:21:01 192000 --a

---

C:\WINDOWS\system32\k12086328594.exe <Not Verified; ; Setup ????>
2008-04-19 12:20:59 175325 --a

---

C:\WINDOWS\system32\k12086328551.exe
2008-04-19 12:20:51 73728

---

n--- C:\WINDOWS\system32\47c9ddd5.dll
2008-04-19 11:19:29 66576 --a

---

C:\WINDOWS\system32\k12086291576.exe
2008-04-19 11:19:16 226813 --a

---

C:\WINDOWS\system32\k12086291565.exe
2008-04-19 11:19:15 192000 --a

---

C:\WINDOWS\system32\k12086291554.exe <Not Verified; ; Setup ????>
2008-04-19 11:19:12 175325 --a

---

C:\WINDOWS\system32\k12086291511.exe
2008-04-19 10:13:38 66576 --a

---

C:\WINDOWS\system32\k12086252176.exe
2008-04-19 10:13:38 226813 --a

---

C:\WINDOWS\system32\k12086252165.exe
2008-04-19 10:13:36 192000 --a

---

C:\WINDOWS\system32\k12086252154.exe <Not Verified; ; Setup ????>
2008-04-19 10:13:33 175325 --a

---

C:\WINDOWS\system32\k12086252111.exe
2008-04-19 09:50:00 66576 --a

---

C:\WINDOWS\system32\k12086237996.exe
2008-04-19 09:49:59 226813 --a

---

C:\WINDOWS\system32\k12086237985.exe
2008-04-19 09:49:57 192000 --a

---

C:\WINDOWS\system32\k12086237974.exe <Not Verified; ; Setup ????>
2008-04-19 09:49:53 175325 --a

---

C:\WINDOWS\system32\k12086237921.exe
2008-04-19 09:11:31 226813 --a

---

C:\WINDOWS\system32\k12086214865.exe
2008-04-19 09:11:28 66576 --a

---

C:\WINDOWS\system32\k12086214876.exe
2008-04-19 09:11:27 192000 --a

---

C:\WINDOWS\system32\k12086214854.exe <Not Verified; ; Setup ????>
2008-04-19 09:11:25 175325 --a

---

C:\WINDOWS\system32\k12086214811.exe
2008-04-19 08:35:19 2613 --a

---

C:\WINDOWS\system32\k12086192694.exe
2008-04-19 08:34:33 66576 --a

---

C:\WINDOWS\system32\k12086192716.exe
2008-04-19 08:34:30 21489 --a

---

C:\WINDOWS\system32\k12086192651.exe
2008-04-19 08:11:27 15233 --a

---

C:\WINDOWS\system32\k12086178284.exe
2008-04-19 08:10:48 66576 --a

---

C:\WINDOWS\system32\k12086178316.exe
2008-04-19 08:10:26 9873 --a

---

C:\WINDOWS\system32\k12086178221.exe
2008-04-19 07:46:34 18585 --a

---

C:\WINDOWS\system32\k12086163691.exe
2008-04-19 07:46:17 66576 --a

---

C:\WINDOWS\system32\k12086163766.exe
2008-04-19 07:02:47 2613 --a

---

C:\WINDOWS\system32\k12086137641.exe
2008-04-19 06:11:41 66576 --a

---

C:\WINDOWS\system32\k12086106996.exe
2008-04-19 06:11:38 226813 --a

---

C:\WINDOWS\system32\k12086106975.exe
2008-04-19 06:11:37 192000 --a

---

C:\WINDOWS\system32\k12086106964.exe <Not Verified; ; Setup ????>
2008-04-19 06:11:35 175325 --a

---

C:\WINDOWS\system32\k12086106921.exe
2008-04-19 05:14:18 6969 --a

---

C:\WINDOWS\system32\k12086072574.exe
2008-04-19 05:14:17 118773 --a

---

C:\WINDOWS\system32\k12086072531.exe
2008-04-19 04:40:00 66576 --a

---

C:\WINDOWS\system32\k12086051896.exe
2008-04-19 04:39:48 226813 --a

---

C:\WINDOWS\system32\k12086051885.exe
2008-04-19 04:39:47 192000 --a

---

C:\WINDOWS\system32\k12086051874.exe <Not Verified; ; Setup ????>
2008-04-19 04:39:43 175325 --a

---

C:\WINDOWS\system32\k12086051831.exe
2008-04-19 04:19:31 66576 --a

---

C:\WINDOWS\system32\k12086039666.exe
2008-04-19 04:19:25 226813 --a

---

C:\WINDOWS\system32\k12086039655.exe
2008-04-19 04:19:24 192000 --a

---

C:\WINDOWS\system32\k12086039634.exe <Not Verified; ; Setup ????>
2008-04-19 04:19:21 175325 --a

---

C:\WINDOWS\system32\k12086039591.exe
2008-04-19 03:46:31 66576 --a

---

C:\WINDOWS\system32\k12086019736.exe
2008-04-19 03:46:12 226813 --a

---

C:\WINDOWS\system32\k12086019715.exe
2008-04-19 03:46:11 192000 --a

---

C:\WINDOWS\system32\k12086019704.exe <Not Verified; ; Setup ????>
2008-04-19 03:46:09 175325 --a

---

C:\WINDOWS\system32\k12086019661.exe
2008-04-19 03:30:22 66576 --a

---

C:\WINDOWS\system32\k12086010086.exe
2008-04-19 03:30:08 226813 --a

---

C:\WINDOWS\system32\k12086010075.exe
2008-04-19 03:30:06 192000 --a

---

C:\WINDOWS\system32\k12086010064.exe <Not Verified; ; Setup ????>
2008-04-19 03:30:03 175325 --a

---

C:\WINDOWS\system32\k12086010021.exe
2008-04-19 03:00:12 66576 --a

---

C:\WINDOWS\system32\k12085992106.exe
2008-04-19 03:00:10 226813 --a

---

C:\WINDOWS\system32\k12085992095.exe
2008-04-19 03:00:09 192000 --a

---

C:\WINDOWS\system32\k12085992084.exe <Not Verified; ; Setup ????>
2008-04-19 03:00:07 175325 --a

---

C:\WINDOWS\system32\k12085992041.exe
2008-04-19 01:50:12 66576 --a

---

C:\WINDOWS\system32\k12085950096.exe
2008-04-19 01:50:11 226813 --a

---

C:\WINDOWS\system32\k12085950075.exe
2008-04-19 01:50:07 192000 --a

---

C:\WINDOWS\system32\k12085950064.exe <Not Verified; ; Setup ????>
2008-04-19 01:49:57 175325 --a

---

C:\WINDOWS\system32\k12085949911.exe
2008-04-19 01:32:05 29061 --a

---

C:\WINDOWS\system32\k12085939164.exe
2008-04-19 01:32:00 66576 --a

---

C:\WINDOWS\system32\k12085939196.exe
2008-04-19 01:31:55 11325 --a

---

C:\WINDOWS\system32\k12085939121.exe
2008-04-19 01:28:26 0 d

---

C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-19 01:28:20 9873 --a

---

C:\WINDOWS\system32\k12085936724.exe
2008-04-19 01:27:59 66576 --a

---

C:\WINDOWS\system32\k12085936756.exe
2008-04-19 01:27:53 36009 --a

---

C:\WINDOWS\system32\k12085936681.exe
2008-04-19 01:11:05 66576 --a

---

C:\WINDOWS\system32\k12085926646.exe
2008-04-19 01:11:05 226813 --a

---

C:\WINDOWS\system32\k12085926635.exe
2008-04-19 01:11:04 192000 --a

---

C:\WINDOWS\system32\k12085926624.exe <Not Verified; ; Setup ????>
2008-04-19 01:11:03 175325 --a

---

C:\WINDOWS\system32\k12085926581.exe
2008-04-19 00:48:04 0 d

---

C:\Program Files\Enigma Software Group
2008-04-19 00:34:47 66576 --a

---

C:\WINDOWS\system32\k12085904836.exe
2008-04-19 00:34:43 226813 --a

---

C:\WINDOWS\system32\k12085904825.exe
2008-04-19 00:34:42 192000 --a

---

C:\WINDOWS\system32\k12085904814.exe <Not Verified; ; Setup ????>
2008-04-19 00:34:39 175325 --a

---

C:\WINDOWS\system32\k12085904771.exe
2008-04-19 00:01:53 66576 --a

---

C:\WINDOWS\system32\k12085885086.exe
2008-04-19 00:01:48 226813 --a

---

C:\WINDOWS\system32\k12085885075.exe
2008-04-19 00:01:47 192000 --a

---

C:\WINDOWS\system32\k12085885064.exe <Not Verified; ; Setup ????>
2008-04-19 00:01:45 175325 --a

---

C:\WINDOWS\system32\k12085885011.exe
2008-04-18 23:24:12 0 d

---

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 23:09:15 0 d

---

C:\Program Files\Lavasoft
2008-04-18 23:09:15 0 d

---

C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-18 23:08:53 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 22:31:38 66576 --a

---

C:\WINDOWS\system32\k12085830976.exe
2008-04-18 22:31:37 226813 --a

---

C:\WINDOWS\system32\k12085830965.exe
2008-04-18 22:31:35 192000 --a

---

C:\WINDOWS\system32\k12085830944.exe <Not Verified; ; Setup ????>
2008-04-18 22:31:33 175325 --a

---

C:\WINDOWS\system32\k12085830901.exe
2008-04-18 21:59:17 66576 --a

---

C:\WINDOWS\system32\k12085811566.exe
2008-04-18 21:59:15 226813 --a

---

C:\WINDOWS\system32\k12085811545.exe
2008-04-18 21:59:14 192000 --a

---

C:\WINDOWS\system32\k12085811534.exe <Not Verified; ; Setup ????>
2008-04-18 21:59:11 175325 --a

---

C:\WINDOWS\system32\k12085811491.exe
2008-04-18 21:26:21 226813 --a

---

C:\WINDOWS\system32\k12085791725.exe
2008-04-18 21:26:18 66576 --a

---

C:\WINDOWS\system32\k12085791736.exe
2008-04-18 21:26:13 192000 --a

---

C:\WINDOWS\system32\k12085791714.exe <Not Verified; ; Setup ????>
2008-04-18 21:26:10 175325 --a

---

C:\WINDOWS\system32\k12085791661.exe
2008-04-18 20:49:16 66576 --a

---

C:\WINDOWS\system32\k12085769556.exe
2008-04-18 20:49:14 226813 --a

---

C:\WINDOWS\system32\k12085769535.exe
2008-04-18 20:49:13 192000 --a

---

C:\WINDOWS\system32\k12085769524.exe <Not Verified; ; Setup ????>
2008-04-18 20:49:11 175325 --a

---

C:\WINDOWS\system32\k12085769481.exe
2008-04-18 20:37:23 17153 --a

---

C:\WINDOWS\system32\k12085762164.exe
2008-04-18 20:37:03 18205 --a

---

C:\WINDOWS\system32\k12085762121.exe
2008-04-18 20:37:01 66576 --a

---

C:\WINDOWS\system32\k12085762196.exe
2008-04-18 19:33:04 66576 --a

---

C:\WINDOWS\system32\k12085723836.exe
2008-04-18 19:33:02 226813 --a

---

C:\WINDOWS\system32\k12085723825.exe
2008-04-18 19:33:02 192000 --a

---

C:\WINDOWS\system32\k12085723814.exe <Not Verified; ; Setup ????>
2008-04-18 19:32:59 175325 --a

---

C:\WINDOWS\system32\k12085723771.exe
2008-04-18 19:21:17 66576 --a

---

C:\WINDOWS\system32\k12085716756.exe
2008-04-18 19:21:15 226813 --a

---

C:\WINDOWS\system32\k12085716745.exe
2008-04-18 19:21:13 192000 --a

---

C:\WINDOWS\system32\k12085716734.exe <Not Verified; ; Setup ????>
2008-04-18 19:21:11 175325 --a

---

C:\WINDOWS\system32\k12085716691.exe
2008-04-18 19:19:44 0 d

---

C:\WINDOWS\system32\PreInstall
2008-04-18 19:19:42 0 d--h

---

C:\WINDOWS\$hf_mig$
2008-04-18 19:17:48 0 d

---

C:\WINDOWS\system32\SoftwareDistribution
2008-04-18 19:16:42 0 d---s---- C:\Documents and Settings\user\UserData
2008-04-18 19:15:19 66576 --a

---

C:\WINDOWS\system32\k12085713186.exe
2008-04-18 19:15:17 226813 --a

---

C:\WINDOWS\system32\k12085713175.exe
2008-04-18 19:15:16 192000 --a

---

C:\WINDOWS\system32\k12085713164.exe <Not Verified; ; Setup ????>
2008-04-18 19:15:13 175325 --a

---

C:\WINDOWS\system32\k12085713121.exe
2008-04-18 18:36:13 0 d

---

C:\Documents and Settings\user\Application Data\Desktop Sidebar
2008-04-18 18:35:24 0 d

---

C:\Program Files\Desktop Sidebar
2008-04-18 18:25:30 0 d

---

C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 17:23:26 66576 --a

---

C:\WINDOWS\system32\k12085646056.exe
2008-04-18 17:23:24 226813 --a

---

C:\WINDOWS\system32\k12085646035.exe
2008-04-18 17:23:23 192000 --a

---

C:\WINDOWS\system32\k12085646024.exe <Not Verified; ; Setup ????>
2008-04-18 17:23:20 175325 --a

---

C:\WINDOWS\system32\k12085645981.exe
2008-04-18 16:17:07 66576 --a

---

C:\WINDOWS\system32\k12085606266.exe
2008-04-18 16:17:06 226813 --a

---

C:\WINDOWS\system32\k12085606255.exe
2008-04-18 16:17:05 192000 --a

---

C:\WINDOWS\system32\k12085606244.exe <Not Verified; ; Setup ????>
2008-04-18 16:17:02 175325 --a

---

C:\WINDOWS\system32\k12085606201.exe
2008-04-18 16:10:10 66576 --a

---

C:\WINDOWS\system32\k12085602096.exe
2008-04-18 16:10:09 226813 --a

---

C:\WINDOWS\system32\k12085602085.exe
2008-04-18 16:10:08 192000 --a

---

C:\WINDOWS\system32\k12085602074.exe <Not Verified; ; Setup ????>
2008-04-18 16:10:05 175325 --a

---

C:\WINDOWS\system32\k12085602031.exe
2008-04-18 15:55:56 66576 --a

---

C:\WINDOWS\system32\k12085593556.exe
2008-04-18 15:55:54 226813 --a

---

C:\WINDOWS\system32\k12085593545.exe
2008-04-18 15:55:53 192000 --a

---

C:\WINDOWS\system32\k12085593524.exe <Not Verified; ; Setup ????>
2008-04-18 15:55:50 175325 --a

---

C:\WINDOWS\system32\k12085593491.exe
2008-04-18 15:11:46 226813 --a

---

C:\WINDOWS\system32\k12085566995.exe
2008-04-18 15:11:41 66576 --a

---

C:\WINDOWS\system32\k12085567016.exe
2008-04-18 15:11:39 192000 --a

---

C:\WINDOWS\system32\k12085566984.exe <Not Verified; ; Setup ????>
2008-04-18 15:11:36 175325 --a

---

C:\WINDOWS\system32\k12085566941.exe
2008-04-18 14:41:49 66576 --a

---

C:\WINDOWS\system32\k12085549076.exe
2008-04-18 14:41:46 226813 --a

---

C:\WINDOWS\system32\k12085549065.exe
2008-04-18 14:41:46 192000 --a

---

C:\WINDOWS\system32\k12085549054.exe <Not Verified; ; Setup ????>
2008-04-18 14:41:42 175325 --a

---

C:\WINDOWS\system32\k12085549011.exe
2008-04-18 14:00:05 66576 --a

---

C:\WINDOWS\system32\k12085524046.exe
2008-04-18 14:00:03 226813 --a

---

C:\WINDOWS\system32\k12085524025.exe
2008-04-18 14:00:02 192000 --a

---

C:\WINDOWS\system32\k12085524014.exe <Not Verified; ; Setup ????>
2008-04-18 13:59:59 175325 --a

---

C:\WINDOWS\system32\k12085523971.exe
2008-04-18 13:49:25 0 d

---

C:\Documents and Settings\user\Application Data\vlc
2008-04-18 13:44:21 226813 --a

---

C:\WINDOWS\system32\k12085514585.exe
2008-04-18 13:44:20 66576 --a

---

C:\WINDOWS\system32\k12085514596.exe
2008-04-18 13:44:17 192000 --a

---

C:\WINDOWS\system32\k12085514564.exe <Not Verified; ; Setup ????>
2008-04-18 13:44:15 175325 --a

---

C:\WINDOWS\system32\k12085514531.exe
2008-04-18 13:31:54 0 d

---

C:\Documents and Settings\All Users\progeSOFT
2008-04-18 13:31:46 0 d

---

C:\Documents and Settings\user\Application Data\progeSOFT
2008-04-18 13:23:35 2134016 --a

---

C:\WINDOWS\system32\cdintf251.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-04-18 13:23:23 61440 --a

---

C:\WINDOWS\system32\wintab32.dll
2008-04-18 13:23:23 0 d

---

C:\Program Files\progeSOFT
2008-04-18 13:23:22 368912 --a

---

C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-18 13:23:22 415504 --a

---

C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-04-18 13:23:22 252176 --a

---

C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 24848 --a

---

C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 123664 --a

---

C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 1046288 --a

---

C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 12:58:13 0 d

---

C:\Documents and Settings\user\Application Data\SoundSpectrum
2008-04-18 12:54:25 0 d

---

C:\Program Files\VideoLAN
2008-04-18 12:53:51 0 d

---

C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-18 12:53:47 0 d

---

C:\Documents and Settings\user\Application Data\NCH Swift Sound
2008-04-18 12:53:32 0 d

---

C:\Program Files\NCH Swift Sound
2008-04-18 12:53:23 0 d

---

C:\Program Files\SoundSpectrum
2008-04-18 12:52:39 212480

---

n--- C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-18 12:51:47 0 d

---

C:\Program Files\Serif
2008-04-18 12:45:36 66576 --a

---

C:\WINDOWS\system32\k12085479356.exe
2008-04-18 12:45:36 226813 --a

---

C:\WINDOWS\system32\k12085479345.exe
2008-04-18 12:45:34 192000 --a

---

C:\WINDOWS\system32\k12085479334.exe <Not Verified; ; Setup ????>
2008-04-18 12:45:31 175325 --a

---

C:\WINDOWS\system32\k12085479291.exe
2008-04-18 12:08:21 226813 --a

---

C:\WINDOWS\system32\k12085456905.exe
2008-04-18 12:08:12 66576 --a

---

C:\WINDOWS\system32\k12085456916.exe
2008-04-18 12:08:10 192000 --a

---

C:\WINDOWS\system32\k12085456894.exe <Not Verified; ; Setup ????>
2008-04-18 12:08:09 175325 --a

---

C:\WINDOWS\system32\k12085456851.exe
2008-04-18 11:54:04 192000 --a

---

C:\WINDOWS\system32\k12085448344.exe <Not Verified; ; Setup ????>
2008-04-18 11:54:01 66576 --a

---

C:\WINDOWS\system32\k12085448376.exe
2008-04-18 11:53:56 226813 --a

---

C:\WINDOWS\system32\k12085448355.exe
2008-04-18 11:53:52 175325 --a

---

C:\WINDOWS\system32\k12085448301.exe
2008-04-18 11:12:43 0 d

---

C:\Program Files\NJStar Chinese WP
2008-04-18 11:04:15 66576 --a

---

C:\WINDOWS\system32\k12085418536.exe
2008-04-18 11:04:12 226813 --a

---

C:\WINDOWS\system32\k12085418525.exe
2008-04-18 11:04:11 192000 --a

---

C:\WINDOWS\system32\k12085418514.exe <Not Verified; ; Setup ????>
2008-04-18 11:04:08 70656 --a

---

C:\WINDOWS\system32\k12085418482.exe
2008-04-18 11:04:08 175325 --a

---

C:\WINDOWS\system32\k12085418461.exe
2008-04-18 11:04:02 0 d

---

C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-18 10:57:17 0 d

---

C:\Documents and Settings\user\Application Data\NJStar
2008-04-18 10:57:14 0 d

---

C:\Program Files\NJStar Japanese WP
2008-04-18 10:51:45 0 d

---

C:\Documents and Settings\user\Application Data\Azureus
2008-04-18 10:51:27 0 d

---

C:\Program Files\Azureus
2008-04-18 10:48:21 0 d

---

C:\Documents and Settings\user\Application Data\Talkback
2008-04-18 10:48:15 0 --a

---

C:\WINDOWS\nsreg.dat
2008-04-18 10:48:13 0 d

---

C:\Documents and Settings\user\Application Data\Mozilla
2008-04-18 10:24:17 0 d

---

C:\Program Files\Yahoo!
2008-04-18 10:24:16 0 d

---

C:\Documents and Settings\user\Application Data\ACD Systems
2008-04-18 10:23:47 0 d

---

C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\Common Files\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\ACD Systems
2008-04-18 10:23:40 10368 --a

---

C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-04-18 10:22:06 0 d

---

C:\WINDOWS\Downloaded Installations
2008-04-18 09:32:07 226813 --a

---

C:\WINDOWS\system32\k12085363065.exe
2008-04-18 09:32:03 192000 --a

---

C:\WINDOWS\system32\k12085363054.exe <Not Verified; ; Setup ????>
2008-04-18 09:31:48 66576 --a

---

C:\WINDOWS\system32\k12085363076.exe
2008-04-18 09:28:52 66576 --a

---

C:\WINDOWS\system32\k12085361316.exe
2008-04-18 08:31:41 66576 --a

---

C:\WINDOWS\system32\k12085326906.exe
2008-04-18 08:31:40 226813 --a

---

C:\WINDOWS\system32\k12085326895.exe
2008-04-18 08:31:37 192000 --a

---

C:\WINDOWS\system32\k12085326884.exe <Not Verified; ; Setup ????>
2008-04-18 08:31:33 175325 --a

---

C:\WINDOWS\system32\k12085326831.exe
2008-04-18 08:28:20 226813 --a

---

C:\WINDOWS\system32\k12085324535.exe
2008-04-18 08:27:45 66576 --a

---

C:\WINDOWS\system32\k12085324546.exe
2008-04-18 07:29:49 66576 --a

---

C:\WINDOWS\system32\k12085289886.exe
2008-04-18 07:29:47 226813 --a

---

C:\WINDOWS\system32\k12085289865.exe
2008-04-18 07:29:45 192000 --a

---

C:\WINDOWS\system32\k12085289854.exe <Not Verified; ; Setup ????>
2008-04-18 07:29:40 70656 --a

---

C:\WINDOWS\system32\k12085289792.exe
2008-04-18 07:29:39 175325 --a

---

C:\WINDOWS\system32\k12085289781.exe
2008-04-18 07:23:28 226813 --a

---

C:\WINDOWS\system32\k12085285985.exe
2008-04-18 07:23:21 66576 --a

---

C:\WINDOWS\system32\k12085285996.exe
2008-04-18 07:23:17 192000 --a

---

C:\WINDOWS\system32\k12085285964.exe <Not Verified; ; Setup ????>
2008-04-18 07:23:14 70656 --a

---

C:\WINDOWS\system32\k12085285932.exe
2008-04-18 07:23:14 175325 --a

---

C:\WINDOWS\system32\k12085285921.exe
2008-04-18 07:08:52 66576 --a

---

C:\WINDOWS\system32\k12085277296.exe
2008-04-18 07:08:52 0 d

---

C:\Program Files\smqy
2008-04-18 07:08:49 226813 --a

---

C:\WINDOWS\system32\k12085277285.exe
2008-04-18 07:08:47 192000 --a

---

C:\WINDOWS\system32\k12085277274.exe <Not Verified; ; Setup ????>
2008-04-18 07:08:44 70656 --a

---

C:\WINDOWS\system32\k12085277212.exe
2008-04-18 07:08:44 175325 --a

---

C:\WINDOWS\system32\k12085277201.exe
2008-04-18 06:45:02 66576 --a

---

C:\WINDOWS\system32\k12085263006.exe
2008-04-18 06:45:00 226813 --a

---

C:\WINDOWS\system32\k12085262995.exe
2008-04-18 06:44:58 192000 --a

---

C:\WINDOWS\system32\k12085262984.exe <Not Verified; ; Setup ????>
2008-04-18 06:44:55 70656 --a

---

C:\WINDOWS\system32\k12085262952.exe
2008-04-18 06:44:55 175325 --a

---

C:\WINDOWS\system32\k12085262941.exe
2008-04-18 06:37:34 0 d

---

C:\Documents and Settings\user\Application Data\Google
2008-04-18 06:37:09 0 d

---

C:\Documents and Settings\All Users\Application Data\Google
2008-04-18 06:36:59 66576 --a

---

C:\WINDOWS\system32\k12085258176.exe
2008-04-18 06:36:59 226813 --a

---

C:\WINDOWS\system32\k12085258165.exe
2008-04-18 06:36:57 192000 --a

---

C:\WINDOWS\system32\k12085258154.exe <Not Verified; ; Setup ????>
2008-04-18 06:36:56 12800 --a

---

C:\WINDOWS\system32\k12085258133.exe
2008-04-18 06:36:52 70656 --a

---

C:\WINDOWS\system32\k12085258122.exe
2008-04-18 06:36:52 175325 --a

---

C:\WINDOWS\system32\k12085258111.exe
2008-04-18 06:28:54 0 d

---

C:\Program Files\Common Files\Java
2008-04-18 06:28:52 0 d

---

C:\Program Files\Java
2008-04-18 06:28:29 0 d

---

C:\Documents and Settings\user\Application Data\Sun
2008-04-18 06:27:54 0 d

---

C:\Program Files\Google
2008-04-18 06:26:59 107008 -r-hs---- C:\WINDOWS\system32\zsmscc32.dll
2008-04-18 06:26:56 25600

---

n--- C:\WINDOWS\system32\zsmscc071001.dll
2008-04-18 06:26:54 66576 -r-hs---- C:\WINDOWS\system32\zsmscc071001.exe
2008-04-18 06:26:51 0 d

---

C:\Program Files\woil
2008-04-18 06:26:50 66576 --a

---

C:\WINDOWS\system32\k12085252086.exe
2008-04-18 06:26:50 274 --a

---

C:\WINDOWS\system32\AutoMsi.sys
2008-04-18 06:26:49 380 --a

---

C:\WINDOWS\system32\Msi.sys
2008-04-18 06:26:47 226813 --a

---

C:\WINDOWS\system32\k12085252075.exe
2008-04-18 06:26:47 169988 --a

---

C:\WINDOWS\system32\drivers\acpidisk.sys
2008-04-18 06:26:46 25600 --a

---

C:\WINDOWS\system32\Winsp2.dll
2008-04-18 06:26:46 32768 --a

---

C:\WINDOWS\system32\winhelp1.exe
2008-04-18 06:26:46 0 dr

---

C:\Documents and Settings\LocalService\Favorites
2008-04-18 06:26:45 12800 --a

---

C:\WINDOWS\system32\k12085252043.exe
2008-04-18 06:26:43 70656 --a

---

C:\WINDOWS\system32\k12085252032.exe
2008-04-18 06:26:43 175325 --a

---

C:\WINDOWS\system32\k12085252021.exe
2008-04-18 06:26:39 19591 ---h

---

C:\auto.exe
2008-04-18 06:26:38 19591 --ah

---

C:\WINDOWS\system32\CF8C34A4.EXE
2008-04-18 06:20:02 0 d

---

C:\Documents and Settings\user\Application Data\Ahead
2008-04-18 06:19:29 0 d

---

C:\Program Files\Nero
2008-04-18 06:19:29 0 d

---

C:\Program Files\Common Files\Ahead
2008-04-18 06:15:34 0 d

---

C:\Program Files\Microsoft ActiveSync
2008-04-18 06:14:33 0 d

---

C:\WINDOWS\ShellNew
2008-04-18 06:14:31 0 d

---

C:\Program Files\Common Files\L&H
2008-04-18 06:10:16 0 d

---

C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-18 06:09:41 0 d

---

C:\Program Files\CyberLink
2008-04-18 05:58:47 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-18 05:58:21 0 d

---

C:\WINDOWS\Cache
2008-04-18 05:57:05 0 d

---

C:\WINDOWS\nview
2008-04-18 05:52:17 0 d

---

C:\WINDOWS\system32\Lang
2008-04-18 05:49:50 49152 -r

---

C:\WINDOWS\system32\ChCfg.exe
2008-04-18 05:49:37 0 d

---

C:\WINDOWS\system32\RTCOM
2008-04-18 05:48:42 0 d

---

C:\Program Files\Realtek
2008-04-18 05:48:39 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-04-18 05:48:31 315392 --a

---

C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-18 05:48:30 520192 -r

---

C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-18 05:46:41 1732 -ra

---

C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-18 05:46:16 0 d

---

C:\Documents and Settings\user\Application Data\InstallShield
2008-04-18 05:44:37 0 d

---

C:\WINDOWS\system32\Tools
2008-04-18 05:44:28 0 d

---

C:\Program Files\Common Files\InstallShield
2008-04-18 05:43:38 4864 -ra

---

C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-04-18 05:35:25 0 d

---

C:\Documents and Settings\user\Application Data\Identities
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\NetHood
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\My Documents
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\Local Settings
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\Favorites
2008-04-18 05:35:16 0 d

---

C:\Documents and Settings\user\Desktop
2008-04-18 05:35:16 0 d---s---- C:\Documents and Settings\user\Cookies
2008-04-18 05:35:16 0 dr-h

---

C:\Documents and Settings\user\Application Data
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\Templates
2008-04-18 05:35:15 0 dr

---

C:\Documents and Settings\user\Start Menu
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\SendTo
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\Recent
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\PrintHood
2008-04-18 05:35:15 2621440 --ah

---

C:\Documents and Settings\user\NTUSER.DAT
2008-04-18 05:34:35 0 d

---

C:\WINDOWS\SoftwareDistribution
2008-04-18 05:34:33 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-18 05:34:33 0 d

---

C:\WINDOWS\Prefetch
2008-04-18 05:34:32 229376 --ah

---

C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-18 05:34:32 0 d--h

---

C:\Documents and Settings\LocalService\Local Settings
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-18 05:34:32 0 d

---

C:\Documents and Settings\LocalService\Application Data
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-18 05:34:14 229376 --ah

---

C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-18 05:34:14 0 d--h

---

C:\Documents and Settings\NetworkService\Local Settings
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-18 05:34:14 0 d

---

C:\Documents and Settings\NetworkService\Application Data
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-18 05:32:04 0 d

---

C:\WINDOWS\system32\xircom
2008-04-18 05:32:04 0 d

---

C:\Program Files\microsoft frontpage
2008-04-18 05:31:57 229376 ---h

---

C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-18 05:31:47 0 -rahs---- C:\MSDOS.SYS
2008-04-18 05:31:47 0 -rahs---- C:\IO.SYS
2008-04-18 05:31:47 0 --a

---

C:\CONFIG.SYS
2008-04-18 05:31:47 0 --a

---

C:\AUTOEXEC.BAT
2008-04-18 05:30:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-18 05:30:48 0 dr

---

C:\WINDOWS\Offline Web Pages
2008-04-18 05:30:48 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-18 05:30:38 0 d--h

---

C:\Program Files\WindowsUpdate
2008-04-18 05:30:05 0 d

---

C:\WINDOWS\system32\DirectX
2008-04-18 05:29:10 0 d---s---- C:\WINDOWS\Tasks
2008-04-18 05:29:09 0 d

---

C:\Program Files\Common Files\MSSoap
2008-04-18 05:29:03 0 d

---

C:\WINDOWS\srchasst
2008-04-18 05:29:02 0 d

---

C:\WINDOWS\system32\Macromed
2008-04-18 05:28:46 0 d

---

C:\Program Files\Movie Maker
2008-04-18 05:28:33 0 d

---

C:\WINDOWS\system32\Restore
2008-04-18 05:27:50 21640 --a

---

C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 05:27:30 0 d

---

C:\WINDOWS\Registration
2008-04-18 05:27:22 0 d

---

C:\Program Files\Online Services
2008-04-18 05:27:16 0 d

---

C:\Program Files\Messenger
2008-04-18 05:27:12 0 d

---

C:\Program Files\MSN Gaming Zone
2008-04-18 05:26:17 0 d

---

C:\Program Files\Windows NT
2008-04-18 05:26:12 0 d

---

C:\WINDOWS\system32\MsDtc
2008-04-18 05:26:09 0 d

---

C:\WINDOWS\system32\Com
2008-04-17 22:17:25 0 d--hs---- C:\WINDOWS\Installer
2008-04-17 22:17:24 0 d

---

C:\Program Files\Common Files\ODBC
2008-04-17 22:17:22 0 d

---

C:\Program Files\Common Files\SpeechEngines
2008-04-17 22:17:21 0 dr

---

C:\Program Files
2008-04-17 22:17:21 0 d

---

C:\Program Files\Common Files
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\Default User\Start Menu
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\SendTo
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Recent
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\PrintHood
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\NetHood
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\My Documents
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\Local Settings
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Favorites
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Desktop
2008-04-17 22:16:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\All Users\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Start Menu
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Favorites
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Documents
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Desktop
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot2
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\Default User\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\All Users\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-17 22:16:02 0 d--hs---- C:\System Volume Information
2008-04-17 22:16:02 0 d

---

C:\Documents and Settings
2008-04-17 22:10:24 0 d

---

C:\WINDOWS
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\WinSxS
2008-04-17 22:10:24 0 dr

---

C:\WINDOWS\Web
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\twain_32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wbem
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\usmt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\spool
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ShellExt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\Setup
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ras
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\oobe
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\npp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\inetsrv
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\IME
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\icsxml
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ias
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\export
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\etc
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\disdn
2008-04-17 22:10:24 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\dhcp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3com_dmi
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3076
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\2052
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1054
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1042
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1041
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1037
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1033
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1031
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1028
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1025
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\security
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Resources
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\repair
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Provisioning
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\PeerNet
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\pchealth
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msapps
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msagent
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Media
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\java
2008-04-17 22:10:24 0 d--h

---

C:\WINDOWS\inf
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ime
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Help
2008-04-17 22:10:24 0 dr--s---- C:\WINDOWS\Fonts
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ehome
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Driver Cache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Debug
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Cursors
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Connection Wizard
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\AppPatch
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\addins


-- Find3M Report

---

2008-04-17 22:16:51 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 01:08 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 01:45 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/26/2007 03:35 PM]
"nwiz"="nwiz.exe" [12/26/2007 03:35 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/26/2007 03:35 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [04/18/2008 06:29 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [04/21/2006 05:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/18/2008 06:28 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/18/2008 06:37 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [1/13/2007 4:14:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/18/2008 6:28:08 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zsmscc"=rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
btnq
xrvd


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{696b5fae-0d05-11dd-befc-806d6172696f}]
Auto\command- C:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{696b5faf-0d05-11dd-befc-806d6172696f}]
Auto\command- D:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c48a4dd4-0d48-11dd-a8b2-001e9001a4f2}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe




-- End of Deckard's System Scanner: finished at 2008-04-19 12:34:03

---

flyingsquirrel

and the extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2047.23 MiB / 1434.51 MiB
Pagefile Memory (total/avail): 3940.26 MiB / 3505.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.1 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 117.19 GiB total, 93.81 GiB free.
D: is Fixed (NTFS) - 72.72 GiB total, 72.19 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L200R0 - 189.92 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 117.19 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 72.72 GiB - D:



-- Security Center

---

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VICTORTANG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\VICTORTANG
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=VICTORTANG
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles

---

user (admin)


-- Add/Remove Programs

---

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 9 Photo Manager --> MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Desktop Sidebar --> MsiExec.exe /I{4A389F44-8E35-49C8-9359-839A2B7550F5}
Google Desktop Search --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1033}
NJStar Chinese WP --> C:\Program Files\NJStar Chinese WP\uninst.exe
NJStar Japanese WP --> C:\Program Files\NJStar Japanese WP\uninst.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
progeCAD 2008 Smart! ENG --> C:\PROGRA~1\PROGES~1\PROGEC~1\UNWISE.EXE C:\PROGRA~1\PROGES~1\PROGEC~1\install.log
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Serif PhotoPlus 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WhiteCap --> C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe
Windows btnq UnInstall --> C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\woil\gysv.dll,Service -u
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log

---

No Errors/Warnings found.


-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type1574 / Error
Event Submitted/Written: 04/19/2008 00:21:35 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Windows XP SP2 Center service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type1572 / Warning
Event Submitted/Written: 04/19/2008 00:21:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1554 / Warning
Event Submitted/Written: 04/19/2008 00:06:57 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1553 / Warning
Event Submitted/Written: 04/19/2008 11:39:39 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1552 / Error
Event Submitted/Written: 04/19/2008 11:19:51 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Windows XP SP2 Center service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-04-19 12:34:03

---

Thomas

Goodness. What did you try to install on 4-18? There is a rootkit process installed there hooked into and monitoring all running process, so we will have to see how each step works out as we go. Not reasonable for us to attempt to manually remove what appears to be many duplicated malware files, so we will let a scan choose for us there.


Download The Avenger by Swandog from here and save it to your Desktop.

===================================================


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


In Safe Mode, close all open programs and unzip the downloaded avenger.zip file. Then in the new avenger folder created locate and click on avenger.exe to run the tool.

Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.

Drivers to delete:
acpidisk
windows_0
A6933495
Windows XP SP2 Center
Files to delete:
c:\windows\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\zsmscc071001.dll
Folders to delete:
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools
Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run | zsmscc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs | btnq
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs | xrvd
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}

Your system may reboot twice to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.

---

After the reboot reboot again into Safe Mode with Networking (so this time you will have net access).

Disable your antivirus program (remember to re-enable it once this scan is complete) and go here (be sure to re-enable it after the scan completes) and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and take a break for a while.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export the scan report". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here.

---

Reboot to normal mode and, still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes except this one:

Security Center

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Post back the that log along with the BitDefender log and the avenger.txt log please.

flyingsquirrel

a'ight lotsa stuff comin in...
AVENGER

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "acpidisk" deleted successfully.
Driver "windows_0" deleted successfully.
Driver "A6933495" deleted successfully.
Driver "Windows XP SP2 Center" deleted successfully.
File "c:\windows\system32\drivers\acpidisk.sys" deleted successfully.
File "C:\WINDOWS\system32\zsmscc071001.dll" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run|zsmscc" deleted successfully.

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs|btnq"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs|btnq" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs|xrvd"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs|xrvd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



this is the main and extra.txt for dss:

Deckard's System Scanner v20071014.68
Run by user on 2008-04-19 17:08:36
Computer is in Normal Mode.

---

-- HijackThis (run as user.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 5:08:38 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\desktop\dss.exe
C:\PROGRA~1\HIJACK~1\user.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208571421358
O23 - Service: A6933495 - Unknown owner - C:\WINDOWS\system32\CF8C34A4.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IE Security Service (msyaxk) - Unknown owner - C:\WINDOWS\system32\mstreg.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- File Associations

---

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 acpidisk - c:\windows\system32\drivers\acpidisk.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

S2 A6933495 - c:\windows\system32\cf8c34a4.exe -k (file missing)
S2 msyaxk (IE Security Service) - c:\windows\system32\mstreg.exe (file missing)


-- Device Manager: Disabled

---

No disabled devices found.


-- Files created between 2008-03-19 and 2008-04-19

---

2008-04-19 16:36:51 0 d

---

C:\WINDOWS\BDOSCAN8
2008-04-19 16:32:28 0 d

---

C:\WINDOWS\CSC
2008-04-19 16:30:15 226813 --a

---

C:\WINDOWS\system32\k12086478125.exe
2008-04-19 16:30:14 169988 --a

---

C:\WINDOWS\system32\drivers\acpidisk.sys
2008-04-19 16:28:13 0 d

---

C:\Documents and Settings\user\WINDOWS
2008-04-19 16:28:13 0 d

---

C:\Application Data
2008-04-19 16:27:15 6460 --a

---

C:\backup.reg
2008-04-19 16:18:15 226813 --a

---

C:\WINDOWS\system32\k12086470925.exe
2008-04-19 16:14:51 226813 --a

---

C:\WINDOWS\system32\k12086468885.exe
2008-04-19 16:10:17 226813 --a

---

C:\WINDOWS\system32\k12086466155.exe
2008-04-19 15:31:52 226813 --a

---

C:\WINDOWS\system32\k12086443115.exe
2008-04-19 15:05:20 226813 --a

---

C:\WINDOWS\system32\k12086427185.exe
2008-04-19 14:34:44 226813 --a

---

C:\WINDOWS\system32\k12086408835.exe
2008-04-19 12:21:03 226813 --a

---

C:\WINDOWS\system32\k12086328615.exe
2008-04-19 11:19:16 226813 --a

---

C:\WINDOWS\system32\k12086291565.exe
2008-04-19 10:13:38 226813 --a

---

C:\WINDOWS\system32\k12086252165.exe
2008-04-19 09:49:59 226813 --a

---

C:\WINDOWS\system32\k12086237985.exe
2008-04-19 09:11:31 226813 --a

---

C:\WINDOWS\system32\k12086214865.exe
2008-04-19 08:35:19 2613 --a

---

C:\WINDOWS\system32\k12086192694.exe
2008-04-19 08:34:30 21489 --a

---

C:\WINDOWS\system32\k12086192651.exe
2008-04-19 08:11:27 15233 --a

---

C:\WINDOWS\system32\k12086178284.exe
2008-04-19 08:10:26 9873 --a

---

C:\WINDOWS\system32\k12086178221.exe
2008-04-19 07:46:34 18585 --a

---

C:\WINDOWS\system32\k12086163691.exe
2008-04-19 07:02:47 2613 --a

---

C:\WINDOWS\system32\k12086137641.exe
2008-04-19 06:11:38 226813 --a

---

C:\WINDOWS\system32\k12086106975.exe
2008-04-19 05:14:18 6969 --a

---

C:\WINDOWS\system32\k12086072574.exe
2008-04-19 05:14:17 118773 --a

---

C:\WINDOWS\system32\k12086072531.exe
2008-04-19 04:39:48 226813 --a

---

C:\WINDOWS\system32\k12086051885.exe
2008-04-19 04:19:25 226813 --a

---

C:\WINDOWS\system32\k12086039655.exe
2008-04-19 03:46:12 226813 --a

---

C:\WINDOWS\system32\k12086019715.exe
2008-04-19 03:30:08 226813 --a

---

C:\WINDOWS\system32\k12086010075.exe
2008-04-19 03:00:10 226813 --a

---

C:\WINDOWS\system32\k12085992095.exe
2008-04-19 01:50:11 226813 --a

---

C:\WINDOWS\system32\k12085950075.exe
2008-04-19 01:32:05 29061 --a

---

C:\WINDOWS\system32\k12085939164.exe
2008-04-19 01:31:55 11325 --a

---

C:\WINDOWS\system32\k12085939121.exe
2008-04-19 01:28:26 0 d

---

C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-19 01:28:20 9873 --a

---

C:\WINDOWS\system32\k12085936724.exe
2008-04-19 01:27:53 36009 --a

---

C:\WINDOWS\system32\k12085936681.exe
2008-04-19 01:11:05 226813 --a

---

C:\WINDOWS\system32\k12085926635.exe
2008-04-19 00:48:04 0 d

---

C:\Program Files\Enigma Software Group
2008-04-19 00:34:43 226813 --a

---

C:\WINDOWS\system32\k12085904825.exe
2008-04-19 00:01:48 226813 --a

---

C:\WINDOWS\system32\k12085885075.exe
2008-04-18 23:24:12 0 d

---

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 23:09:15 0 d

---

C:\Program Files\Lavasoft
2008-04-18 23:09:15 0 d

---

C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-18 23:08:53 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 22:31:37 226813 --a

---

C:\WINDOWS\system32\k12085830965.exe
2008-04-18 21:59:15 226813 --a

---

C:\WINDOWS\system32\k12085811545.exe
2008-04-18 21:26:21 226813 --a

---

C:\WINDOWS\system32\k12085791725.exe
2008-04-18 20:49:14 226813 --a

---

C:\WINDOWS\system32\k12085769535.exe
2008-04-18 20:37:23 17153 --a

---

C:\WINDOWS\system32\k12085762164.exe
2008-04-18 20:37:03 18205 --a

---

C:\WINDOWS\system32\k12085762121.exe
2008-04-18 19:33:02 226813 --a

---

C:\WINDOWS\system32\k12085723825.exe
2008-04-18 19:21:15 226813 --a

---

C:\WINDOWS\system32\k12085716745.exe
2008-04-18 19:19:44 0 d

---

C:\WINDOWS\system32\PreInstall
2008-04-18 19:19:42 0 d--h

---

C:\WINDOWS\$hf_mig$
2008-04-18 19:17:48 0 d

---

C:\WINDOWS\system32\SoftwareDistribution
2008-04-18 19:16:42 0 d---s---- C:\Documents and Settings\user\UserData
2008-04-18 19:15:17 226813 --a

---

C:\WINDOWS\system32\k12085713175.exe
2008-04-18 18:36:13 0 d

---

C:\Documents and Settings\user\Application Data\Desktop Sidebar
2008-04-18 18:35:24 0 d

---

C:\Program Files\Desktop Sidebar
2008-04-18 18:25:30 0 d

---

C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 17:23:24 226813 --a

---

C:\WINDOWS\system32\k12085646035.exe
2008-04-18 16:17:06 226813 --a

---

C:\WINDOWS\system32\k12085606255.exe
2008-04-18 16:10:09 226813 --a

---

C:\WINDOWS\system32\k12085602085.exe
2008-04-18 15:55:54 226813 --a

---

C:\WINDOWS\system32\k12085593545.exe
2008-04-18 15:11:46 226813 --a

---

C:\WINDOWS\system32\k12085566995.exe
2008-04-18 14:41:46 226813 --a

---

C:\WINDOWS\system32\k12085549065.exe
2008-04-18 14:00:03 226813 --a

---

C:\WINDOWS\system32\k12085524025.exe
2008-04-18 13:49:25 0 d

---

C:\Documents and Settings\user\Application Data\vlc
2008-04-18 13:44:21 226813 --a

---

C:\WINDOWS\system32\k12085514585.exe
2008-04-18 13:31:54 0 d

---

C:\Documents and Settings\All Users\progeSOFT
2008-04-18 13:31:46 0 d

---

C:\Documents and Settings\user\Application Data\progeSOFT
2008-04-18 13:23:35 2134016 --a

---

C:\WINDOWS\system32\cdintf251.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-04-18 13:23:23 61440 --a

---

C:\WINDOWS\system32\wintab32.dll
2008-04-18 13:23:23 0 d

---

C:\Program Files\progeSOFT
2008-04-18 13:23:22 368912 --a

---

C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-18 13:23:22 415504 --a

---

C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-04-18 13:23:22 252176 --a

---

C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 24848 --a

---

C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 123664 --a

---

C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 1046288 --a

---

C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 12:58:13 0 d

---

C:\Documents and Settings\user\Application Data\SoundSpectrum
2008-04-18 12:54:25 0 d

---

C:\Program Files\VideoLAN
2008-04-18 12:53:51 0 d

---

C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-18 12:53:47 0 d

---

C:\Documents and Settings\user\Application Data\NCH Swift Sound
2008-04-18 12:53:32 0 d

---

C:\Program Files\NCH Swift Sound
2008-04-18 12:53:23 0 d

---

C:\Program Files\SoundSpectrum
2008-04-18 12:52:39 212480

---

n--- C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-18 12:51:47 0 d

---

C:\Program Files\Serif
2008-04-18 12:45:36 226813 --a

---

C:\WINDOWS\system32\k12085479345.exe
2008-04-18 12:08:21 226813 --a

---

C:\WINDOWS\system32\k12085456905.exe
2008-04-18 11:53:56 226813 --a

---

C:\WINDOWS\system32\k12085448355.exe
2008-04-18 11:12:43 0 d

---

C:\Program Files\NJStar Chinese WP
2008-04-18 11:04:12 226813 --a

---

C:\WINDOWS\system32\k12085418525.exe
2008-04-18 11:04:02 0 d

---

C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-18 10:57:17 0 d

---

C:\Documents and Settings\user\Application Data\NJStar
2008-04-18 10:57:14 0 d

---

C:\Program Files\NJStar Japanese WP
2008-04-18 10:51:45 0 d

---

C:\Documents and Settings\user\Application Data\Azureus
2008-04-18 10:51:27 0 d

---

C:\Program Files\Azureus
2008-04-18 10:48:21 0 d

---

C:\Documents and Settings\user\Application Data\Talkback
2008-04-18 10:48:15 0 --a

---

C:\WINDOWS\nsreg.dat
2008-04-18 10:48:13 0 d

---

C:\Documents and Settings\user\Application Data\Mozilla
2008-04-18 10:24:17 0 d

---

C:\Program Files\Yahoo!
2008-04-18 10:24:16 0 d

---

C:\Documents and Settings\user\Application Data\ACD Systems
2008-04-18 10:23:47 0 d

---

C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\Common Files\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\ACD Systems
2008-04-18 10:23:40 10368 --a

---

C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-04-18 10:22:06 0 d

---

C:\WINDOWS\Downloaded Installations
2008-04-18 09:32:07 226813 --a

---

C:\WINDOWS\system32\k12085363065.exe
2008-04-18 08:31:40 226813 --a

---

C:\WINDOWS\system32\k12085326895.exe
2008-04-18 08:28:20 226813 --a

---

C:\WINDOWS\system32\k12085324535.exe
2008-04-18 07:29:47 226813 --a

---

C:\WINDOWS\system32\k12085289865.exe
2008-04-18 07:23:28 226813 --a

---

C:\WINDOWS\system32\k12085285985.exe
2008-04-18 07:08:52 0 d

---

C:\Program Files\smqy
2008-04-18 07:08:49 226813 --a

---

C:\WINDOWS\system32\k12085277285.exe
2008-04-18 06:45:00 226813 --a

---

C:\WINDOWS\system32\k12085262995.exe
2008-04-18 06:37:34 0 d

---

C:\Documents and Settings\user\Application Data\Google
2008-04-18 06:37:09 0 d

---

C:\Documents and Settings\All Users\Application Data\Google
2008-04-18 06:36:59 226813 --a

---

C:\WINDOWS\system32\k12085258165.exe
2008-04-18 06:28:54 0 d

---

C:\Program Files\Common Files\Java
2008-04-18 06:28:52 0 d

---

C:\Program Files\Java
2008-04-18 06:28:29 0 d

---

C:\Documents and Settings\user\Application Data\Sun
2008-04-18 06:27:54 0 d

---

C:\Program Files\Google
2008-04-18 06:26:59 107008 -r-hs---- C:\WINDOWS\system32\zsmscc32.dll
2008-04-18 06:26:51 0 d

---

C:\Program Files\woil
2008-04-18 06:26:50 274 --a

---

C:\WINDOWS\system32\AutoMsi.sys
2008-04-18 06:26:49 380 --a

---

C:\WINDOWS\system32\Msi.sys
2008-04-18 06:26:47 226813 --a

---

C:\WINDOWS\system32\k12085252075.exe
2008-04-18 06:26:46 25600 --a

---

C:\WINDOWS\system32\Winsp2.dll
2008-04-18 06:26:46 32768 --a

---

C:\WINDOWS\system32\winhelp1.exe
2008-04-18 06:26:46 0 dr

---

C:\Documents and Settings\LocalService\Favorites
2008-04-18 06:20:02 0 d

---

C:\Documents and Settings\user\Application Data\Ahead
2008-04-18 06:19:29 0 d

---

C:\Program Files\Nero
2008-04-18 06:19:29 0 d

---

C:\Program Files\Common Files\Ahead
2008-04-18 06:15:34 0 d

---

C:\Program Files\Microsoft ActiveSync
2008-04-18 06:14:33 0 d

---

C:\WINDOWS\ShellNew
2008-04-18 06:14:31 0 d

---

C:\Program Files\Common Files\L&H
2008-04-18 06:10:16 0 d

---

C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-18 06:09:41 0 d

---

C:\Program Files\CyberLink
2008-04-18 05:58:47 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-18 05:58:21 0 d

---

C:\WINDOWS\Cache
2008-04-18 05:57:05 0 d

---

C:\WINDOWS\nview
2008-04-18 05:52:17 0 d

---

C:\WINDOWS\system32\Lang
2008-04-18 05:49:50 49152 -r

---

C:\WINDOWS\system32\ChCfg.exe
2008-04-18 05:49:37 0 d

---

C:\WINDOWS\system32\RTCOM
2008-04-18 05:48:42 0 d

---

C:\Program Files\Realtek
2008-04-18 05:48:39 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-04-18 05:48:31 315392 --a

---

C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-18 05:48:30 520192 -r

---

C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-18 05:46:41 1732 -ra

---

C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-18 05:46:16 0 d

---

C:\Documents and Settings\user\Application Data\InstallShield
2008-04-18 05:44:37 0 d

---

C:\WINDOWS\system32\Tools
2008-04-18 05:44:28 0 d

---

C:\Program Files\Common Files\InstallShield
2008-04-18 05:43:38 4864 -ra

---

C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-04-18 05:35:25 0 d

---

C:\Documents and Settings\user\Application Data\Identities
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\NetHood
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\My Documents
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\Local Settings
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\Favorites
2008-04-18 05:35:16 0 d

---

C:\Documents and Settings\user\Desktop
2008-04-18 05:35:16 0 d---s---- C:\Documents and Settings\user\Cookies
2008-04-18 05:35:16 0 dr-h

---

C:\Documents and Settings\user\Application Data
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\Templates
2008-04-18 05:35:15 0 dr

---

C:\Documents and Settings\user\Start Menu
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\SendTo
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\Recent
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\PrintHood
2008-04-18 05:35:15 2883584 --ah

---

C:\Documents and Settings\user\NTUSER.DAT
2008-04-18 05:34:35 0 d

---

C:\WINDOWS\SoftwareDistribution
2008-04-18 05:34:33 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-18 05:34:33 0 d

---

C:\WINDOWS\Prefetch
2008-04-18 05:34:32 229376 --ah

---

C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-18 05:34:32 0 d--h

---

C:\Documents and Settings\LocalService\Local Settings
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-18 05:34:32 0 d

---

C:\Documents and Settings\LocalService\Application Data
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-18 05:34:14 229376 --ah

---

C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-18 05:34:14 0 d--h

---

C:\Documents and Settings\NetworkService\Local Settings
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-18 05:34:14 0 d

---

C:\Documents and Settings\NetworkService\Application Data
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-18 05:32:04 0 d

---

C:\WINDOWS\system32\xircom
2008-04-18 05:32:04 0 d

---

C:\Program Files\microsoft frontpage
2008-04-18 05:31:57 229376 ---h

---

C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-18 05:31:47 0 -rahs---- C:\MSDOS.SYS
2008-04-18 05:31:47 0 -rahs---- C:\IO.SYS
2008-04-18 05:31:47 0 --a

---

C:\CONFIG.SYS
2008-04-18 05:31:47 0 --a

---

C:\AUTOEXEC.BAT
2008-04-18 05:30:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-18 05:30:48 0 dr

---

C:\WINDOWS\Offline Web Pages
2008-04-18 05:30:48 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-18 05:30:38 0 d--h

---

C:\Program Files\WindowsUpdate
2008-04-18 05:30:05 0 d

---

C:\WINDOWS\system32\DirectX
2008-04-18 05:29:10 0 d---s---- C:\WINDOWS\Tasks
2008-04-18 05:29:09 0 d

---

C:\Program Files\Common Files\MSSoap
2008-04-18 05:29:03 0 d

---

C:\WINDOWS\srchasst
2008-04-18 05:29:02 0 d

---

C:\WINDOWS\system32\Macromed
2008-04-18 05:28:46 0 d

---

C:\Program Files\Movie Maker
2008-04-18 05:28:33 0 d

---

C:\WINDOWS\system32\Restore
2008-04-18 05:27:50 21640 --a

---

C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 05:27:30 0 d

---

C:\WINDOWS\Registration
2008-04-18 05:27:22 0 d

---

C:\Program Files\Online Services
2008-04-18 05:27:16 0 d

---

C:\Program Files\Messenger
2008-04-18 05:27:12 0 d

---

C:\Program Files\MSN Gaming Zone
2008-04-18 05:26:17 0 d

---

C:\Program Files\Windows NT
2008-04-18 05:26:12 0 d

---

C:\WINDOWS\system32\MsDtc
2008-04-18 05:26:09 0 d

---

C:\WINDOWS\system32\Com
2008-04-17 22:17:25 0 d--hs---- C:\WINDOWS\Installer
2008-04-17 22:17:24 0 d

---

C:\Program Files\Common Files\ODBC
2008-04-17 22:17:22 0 d

---

C:\Program Files\Common Files\SpeechEngines
2008-04-17 22:17:21 0 dr

---

C:\Program Files
2008-04-17 22:17:21 0 d

---

C:\Program Files\Common Files
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\Default User\Start Menu
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\SendTo
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Recent
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\PrintHood
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\NetHood
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\My Documents
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\Local Settings
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Favorites
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Desktop
2008-04-17 22:16:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\All Users\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Start Menu
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Favorites
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Documents
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Desktop
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot2
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\Default User\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\All Users\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-17 22:16:02 0 d--hs---- C:\System Volume Information
2008-04-17 22:16:02 0 d

---

C:\Documents and Settings
2008-04-17 22:10:24 0 d

---

C:\WINDOWS
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\WinSxS
2008-04-17 22:10:24 0 dr

---

C:\WINDOWS\Web
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\twain_32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wbem
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\usmt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\spool
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ShellExt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\Setup
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ras
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\oobe
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\npp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\inetsrv
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\IME
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\icsxml
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ias
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\export
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\etc
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\disdn
2008-04-17 22:10:24 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\dhcp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3com_dmi
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3076
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\2052
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1054
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1042
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1041
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1037
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1033
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1031
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1028
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1025
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\security
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Resources
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\repair
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Provisioning
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\PeerNet
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\pchealth
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msapps
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msagent
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Media
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\java
2008-04-17 22:10:24 0 d--h

---

C:\WINDOWS\inf
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ime
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Help
2008-04-17 22:10:24 0 dr--s---- C:\WINDOWS\Fonts
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ehome
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Driver Cache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Debug
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Cursors
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Connection Wizard
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\AppPatch
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\addins


-- Find3M Report

---

2008-04-17 22:16:51 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 01:08 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 01:45 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/26/2007 03:35 PM]
"nwiz"="nwiz.exe" [12/26/2007 03:35 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/26/2007 03:35 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [04/18/2008 06:29 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [04/21/2006 05:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/18/2008 06:28 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/18/2008 06:37 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [1/13/2007 4:14:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/18/2008 6:28:08 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zsmscc"=rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
btnq
xrvd


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c48a4dd4-0d48-11dd-a8b2-001e9001a4f2}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe




-- End of Deckard's System Scanner: finished at 2008-04-19 17:09:05

---

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- Security Center

---

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"


-- End of Deckard's System Scanner: finished at 2008-04-19 17:09:05

---

flyingsquirrel

here's the HUGE bitDefender file
(and i never believed that worms and trojans existed b4 lol)


BitDefender Online Scanner


Scan report generated at: Sat, Apr 19, 2008 - 17:02:07



Scan path: A:\;C:\;D:\;E:\;F:\;





Statistics
Time
00:16:06
Files
89932
Folders
2136
Boot Sectors
3
Archives
941
Packed Files
3761


Results
Identified Viruses
12
Infected Files
318
Suspect Files
5
Warnings
0
Disinfected
0
Deleted Files
323


Engines Info
Virus Definitions
1165729
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5


Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes


Scanned File

Status

C:\auto.exe
Infected with: Win32.Worm.Winko.I
C:\auto.exe
Deleted
C:\Avenger\zsmscc071001.dll
Infected with: Trojan.PWS.OnlineGames.NYC
C:\Avenger\zsmscc071001.dll
Disinfection failed
C:\Avenger\zsmscc071001.dll
Deleted
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\C36P8TEW\8080[1].exe
Suspected of: GenPack:Generic.Malware.Fdld.6D91A5E5
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\C36P8TEW\8080[1].exe
Disinfection failed
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\C36P8TEW\8080[1].exe
Deleted
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GBRVEIYB\13[1].exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GBRVEIYB\13[1].exe
Disinfection failed
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GBRVEIYB\13[1].exe
Deleted
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GBRVEIYB\setup1046[1].exe
Infected with: Trojan.Downloader.Small.AANJ
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GBRVEIYB\setup1046[1].exe
Disinfection failed
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GBRVEIYB\setup1046[1].exe
Deleted
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cao[1].exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cao[1].exe
Disinfection failed
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cao[1].exe
Deleted
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)
Update failed
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\jia[1].exe
Infected with: Trojan.Agent.AIBP
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\jia[1].exe
Deleted
C:\Deckard\System Scanner\20080419122824\backup\WINDOWS\temp\~my3.tmp
Infected with: Generic.Adw.Cinmus.2.B751B287
C:\Deckard\System Scanner\20080419122824\backup\WINDOWS\temp\~my3.tmp
Disinfection failed
C:\Deckard\System Scanner\20080419122824\backup\WINDOWS\temp\~my3.tmp
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080418 232043.aawqff=>(Embedded EXE g)
Infected with: Win32.Worm.Winko.I
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080418 232043.aawqff=>(Embedded EXE g)
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080418 232043.aawqff
Update failed
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 000004.aawqff=>(Embedded EXE g)
Infected with: Win32.Worm.Winko.I
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 000004.aawqff=>(Embedded EXE g)
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 000004.aawqff
Update failed
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 003549.aawqff=>(Embedded EXE g)
Infected with: Win32.Worm.Winko.I
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 003549.aawqff=>(Embedded EXE g)
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 003549.aawqff
Update failed
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 011338.aawqff=>(Embedded EXE g)
Infected with: Win32.Worm.Winko.I
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 011338.aawqff=>(Embedded EXE g)
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 011338.aawqff
Update failed
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 011416.aawqff=>(Embedded EXE g)
Infected with: Win32.Worm.Winko.I
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 011416.aawqff=>(Embedded EXE g)
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 011416.aawqff
Update failed
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 121900.aawqff=>(Embedded EXE g)
Infected with: Win32.Worm.Winko.I
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 121900.aawqff=>(Embedded EXE g)
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080419 121900.aawqff
Update failed
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6M207HID\cx[1].exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6M207HID\cx[1].exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6M207HID\cx[1].exe=>(NSIS o)
Update failed
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6M207HID\jia[1].exe
Infected with: Trojan.Agent.AIBP
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6M207HID\jia[1].exe
Deleted
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GPE38HER\cao[1].exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GPE38HER\cao[1].exe
Disinfection failed
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GPE38HER\cao[1].exe
Deleted
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\KXA74L6N\13[1].exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\KXA74L6N\13[1].exe
Disinfection failed
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\KXA74L6N\13[1].exe
Deleted
C:\Program Files\smqy\cwai.dll
Detected with: Adware.Boran.XTH
C:\Program Files\smqy\cwai.dll
Deleted
C:\Program Files\smqy\fzdl.dll
Detected with: Adware.Boran.XTH
C:\Program Files\smqy\fzdl.dll
Deleted
C:\Program Files\smqy\hbfn.dll
Detected with: Adware.Boran.XTH
C:\Program Files\smqy\hbfn.dll
Deleted
C:\Program Files\smqy\keiq.dll
Detected with: Adware.Boran.XTH
C:\Program Files\smqy\keiq.dll
Deleted
C:\Program Files\smqy\yswe.dll
Detected with: Adware.Boran.XTH
C:\Program Files\smqy\yswe.dll
Deleted
C:\Program Files\woil\cuor.dll
Detected with: Adware.Boran.XTH
C:\Program Files\woil\cuor.dll
Deleted
C:\Program Files\woil\gysv.dll
Detected with: Adware.Boran.XTH
C:\Program Files\woil\gysv.dll
Deleted
C:\Program Files\woil\jbvy.dll
Detected with: Adware.Boran.XTH
C:\Program Files\woil\jbvy.dll
Deleted
C:\Program Files\woil\ldxa.dll
Detected with: Adware.Boran.XTH
C:\Program Files\woil\ldxa.dll
Deleted
C:\Program Files\woil\ogad.dll
Detected with: Adware.Boran.XTH
C:\Program Files\woil\ogad.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP12\A0000871.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP12\A0000871.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP14\A0001146.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP14\A0001146.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP14\A0001246.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP14\A0001246.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP14\A0001276.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP14\A0001276.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001330.exe
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001330.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001331.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001331.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001335.dll
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001335.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001374.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001374.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001395.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001395.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001396.dll
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001396.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001403.dll
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001403.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001455.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001455.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001464.dll
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001464.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001496.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001496.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001522.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001522.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001557.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001557.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001585.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001585.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001616.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001616.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001646.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001646.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001677.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001677.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001706.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001706.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001730.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001730.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001758.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001758.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001783.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001783.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001812.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001812.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001838.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001838.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001847.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001847.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001876.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001876.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001907.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001907.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001937.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001937.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001965.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001965.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001983.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001983.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001985.dll
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP15\A0001985.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002026.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002026.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002031.exe
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002031.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002038.dll
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002038.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002077.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002077.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002103.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002103.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002134.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002134.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002167.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002167.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002192.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002192.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002223.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002223.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002258.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002258.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002259.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002259.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002273.exe
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002273.exe
Deleted

flyingsquirrel

C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002274.dll
Infected with: Trojan.PWS.OnlineGames.NYC
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002274.dll
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002274.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002275.exe
Suspected of: GenPack:Generic.Malware.Fdld.6D91A5E5
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002275.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002275.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002276.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002276.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002276.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002277.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002277.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002277.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002278.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002278.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002278.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002279.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002279.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002280.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002280.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002281.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002281.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002282.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002282.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002283.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002283.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002284.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002284.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002285.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002285.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002286.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002286.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002287.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002287.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002288.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002288.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002289.dll
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002289.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP8\A0000552.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP8\A0000552.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP9\A0000563.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP9\A0000563.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP9\A0000594.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP9\A0000594.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP9\A0000631.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP9\A0000631.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP9\A0000664.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP9\A0000664.EXE
Deleted
C:\WINDOWS\system32\47C9DDD5.DLL
Infected with: Win32.Worm.Winko.I
C:\WINDOWS\system32\47C9DDD5.DLL
Deleted
C:\WINDOWS\system32\CF8C34A4.EXE
Infected with: Win32.Worm.Winko.I
C:\WINDOWS\system32\CF8C34A4.EXE
Deleted
C:\WINDOWS\system32\k11882845351.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k11882845351.exe
Disinfection failed
C:\WINDOWS\system32\k11882845351.exe
Deleted
C:\WINDOWS\system32\k11882845362.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\WINDOWS\system32\k11882845362.exe
Disinfection failed
C:\WINDOWS\system32\k11882845362.exe
Deleted
C:\WINDOWS\system32\k11882845373.exe
Suspected of: GenPack:Generic.Malware.Fdld.6D91A5E5
C:\WINDOWS\system32\k11882845373.exe
Disinfection failed
C:\WINDOWS\system32\k11882845373.exe
Deleted
C:\WINDOWS\system32\k11882845394.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k11882845394.exe
Deleted
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k11882845426.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k11882845426.exe
Disinfection failed
C:\WINDOWS\system32\k11882845426.exe
Deleted
C:\WINDOWS\system32\k12085252021.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085252021.exe
Disinfection failed
C:\WINDOWS\system32\k12085252021.exe
Deleted
C:\WINDOWS\system32\k12085252032.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\WINDOWS\system32\k12085252032.exe
Disinfection failed
C:\WINDOWS\system32\k12085252032.exe
Deleted
C:\WINDOWS\system32\k12085252043.exe
Suspected of: GenPack:Generic.Malware.Fdld.6D91A5E5
C:\WINDOWS\system32\k12085252043.exe
Disinfection failed
C:\WINDOWS\system32\k12085252043.exe
Deleted
C:\WINDOWS\system32\k12085252075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085252075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085252075.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085252086.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085252086.exe
Disinfection failed
C:\WINDOWS\system32\k12085252086.exe
Deleted
C:\WINDOWS\system32\k12085258111.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085258111.exe
Disinfection failed
C:\WINDOWS\system32\k12085258111.exe
Deleted
C:\WINDOWS\system32\k12085258122.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\WINDOWS\system32\k12085258122.exe
Disinfection failed
C:\WINDOWS\system32\k12085258122.exe
Deleted
C:\WINDOWS\system32\k12085258133.exe
Suspected of: GenPack:Generic.Malware.Fdld.6D91A5E5
C:\WINDOWS\system32\k12085258133.exe
Disinfection failed
C:\WINDOWS\system32\k12085258133.exe
Deleted
C:\WINDOWS\system32\k12085258154.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085258154.exe
Deleted
C:\WINDOWS\system32\k12085258165.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085258165.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085258165.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085258176.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085258176.exe
Disinfection failed
C:\WINDOWS\system32\k12085258176.exe
Deleted
C:\WINDOWS\system32\k12085262941.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085262941.exe
Disinfection failed
C:\WINDOWS\system32\k12085262941.exe
Deleted
C:\WINDOWS\system32\k12085262952.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\WINDOWS\system32\k12085262952.exe
Disinfection failed
C:\WINDOWS\system32\k12085262952.exe
Deleted
C:\WINDOWS\system32\k12085262984.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085262984.exe
Deleted
C:\WINDOWS\system32\k12085262995.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085262995.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085262995.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085263006.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085263006.exe
Disinfection failed
C:\WINDOWS\system32\k12085263006.exe
Deleted
C:\WINDOWS\system32\k12085277201.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085277201.exe
Disinfection failed
C:\WINDOWS\system32\k12085277201.exe
Deleted
C:\WINDOWS\system32\k12085277212.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\WINDOWS\system32\k12085277212.exe
Disinfection failed
C:\WINDOWS\system32\k12085277212.exe
Deleted
C:\WINDOWS\system32\k12085277274.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085277274.exe
Deleted
C:\WINDOWS\system32\k12085277285.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085277285.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085277285.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085277296.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085277296.exe
Disinfection failed
C:\WINDOWS\system32\k12085277296.exe
Deleted
C:\WINDOWS\system32\k12085285921.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085285921.exe
Disinfection failed
C:\WINDOWS\system32\k12085285921.exe
Deleted
C:\WINDOWS\system32\k12085285932.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\WINDOWS\system32\k12085285932.exe
Disinfection failed
C:\WINDOWS\system32\k12085285932.exe
Deleted
C:\WINDOWS\system32\k12085285964.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085285964.exe
Deleted
C:\WINDOWS\system32\k12085285985.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085285985.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085285985.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085285996.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085285996.exe
Disinfection failed
C:\WINDOWS\system32\k12085285996.exe
Deleted
C:\WINDOWS\system32\k12085289781.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085289781.exe
Disinfection failed
C:\WINDOWS\system32\k12085289781.exe
Deleted
C:\WINDOWS\system32\k12085289792.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\WINDOWS\system32\k12085289792.exe
Disinfection failed
C:\WINDOWS\system32\k12085289792.exe
Deleted
C:\WINDOWS\system32\k12085289854.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085289854.exe
Deleted
C:\WINDOWS\system32\k12085289865.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085289865.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085289865.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085289886.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085289886.exe
Disinfection failed
C:\WINDOWS\system32\k12085289886.exe
Deleted
C:\WINDOWS\system32\k12085324535.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085324535.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085324535.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085324546.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085324546.exe
Disinfection failed
C:\WINDOWS\system32\k12085324546.exe
Deleted
C:\WINDOWS\system32\k12085326831.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085326831.exe
Disinfection failed
C:\WINDOWS\system32\k12085326831.exe
Deleted
C:\WINDOWS\system32\k12085326884.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085326884.exe
Deleted
C:\WINDOWS\system32\k12085326895.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085326895.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085326895.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085326906.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085326906.exe
Disinfection failed
C:\WINDOWS\system32\k12085326906.exe
Deleted
C:\WINDOWS\system32\k12085361316.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085361316.exe
Disinfection failed
C:\WINDOWS\system32\k12085361316.exe
Deleted
C:\WINDOWS\system32\k12085363054.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085363054.exe
Deleted
C:\WINDOWS\system32\k12085363065.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085363065.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085363065.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085363076.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085363076.exe
Disinfection failed
C:\WINDOWS\system32\k12085363076.exe
Deleted
C:\WINDOWS\system32\k12085418461.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085418461.exe
Disinfection failed
C:\WINDOWS\system32\k12085418461.exe
Deleted
C:\WINDOWS\system32\k12085418482.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\WINDOWS\system32\k12085418482.exe
Disinfection failed
C:\WINDOWS\system32\k12085418482.exe
Deleted
C:\WINDOWS\system32\k12085418514.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085418514.exe
Deleted
C:\WINDOWS\system32\k12085418525.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085418525.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085418525.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085418536.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085418536.exe
Disinfection failed
C:\WINDOWS\system32\k12085418536.exe
Deleted
C:\WINDOWS\system32\k12085448301.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085448301.exe
Disinfection failed
C:\WINDOWS\system32\k12085448301.exe
Deleted
C:\WINDOWS\system32\k12085448344.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085448344.exe
Deleted
C:\WINDOWS\system32\k12085448355.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085448355.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085448355.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085448376.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085448376.exe
Disinfection failed
C:\WINDOWS\system32\k12085448376.exe
Deleted
C:\WINDOWS\system32\k12085456851.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085456851.exe
Disinfection failed
C:\WINDOWS\system32\k12085456851.exe
Deleted
C:\WINDOWS\system32\k12085456894.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085456894.exe
Deleted
C:\WINDOWS\system32\k12085456905.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085456905.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085456905.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085456916.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085456916.exe
Disinfection failed
C:\WINDOWS\system32\k12085456916.exe
Deleted
C:\WINDOWS\system32\k12085479291.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085479291.exe
Disinfection failed
C:\WINDOWS\system32\k12085479291.exe
Deleted
C:\WINDOWS\system32\k12085479334.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085479334.exe
Deleted
C:\WINDOWS\system32\k12085479345.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085479345.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085479345.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085479356.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085479356.exe
Disinfection failed
C:\WINDOWS\system32\k12085479356.exe
Deleted
C:\WINDOWS\system32\k12085514531.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085514531.exe
Disinfection failed
C:\WINDOWS\system32\k12085514531.exe
Deleted

flyingsquirrel

C:\WINDOWS\system32\k12085514564.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085514564.exe
Deleted
C:\WINDOWS\system32\k12085514585.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085514585.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085514585.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085514596.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085514596.exe
Disinfection failed
C:\WINDOWS\system32\k12085514596.exe
Deleted
C:\WINDOWS\system32\k12085523971.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085523971.exe
Disinfection failed
C:\WINDOWS\system32\k12085523971.exe
Deleted
C:\WINDOWS\system32\k12085524014.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085524014.exe
Deleted
C:\WINDOWS\system32\k12085524025.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085524025.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085524025.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085524046.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085524046.exe
Disinfection failed
C:\WINDOWS\system32\k12085524046.exe
Deleted
C:\WINDOWS\system32\k12085549011.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085549011.exe
Disinfection failed
C:\WINDOWS\system32\k12085549011.exe
Deleted
C:\WINDOWS\system32\k12085549054.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085549054.exe
Deleted
C:\WINDOWS\system32\k12085549065.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085549065.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085549065.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085549076.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085549076.exe
Disinfection failed
C:\WINDOWS\system32\k12085549076.exe
Deleted
C:\WINDOWS\system32\k12085566941.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085566941.exe
Disinfection failed
C:\WINDOWS\system32\k12085566941.exe
Deleted
C:\WINDOWS\system32\k12085566984.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085566984.exe
Deleted
C:\WINDOWS\system32\k12085566995.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085566995.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085566995.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085567016.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085567016.exe
Disinfection failed
C:\WINDOWS\system32\k12085567016.exe
Deleted
C:\WINDOWS\system32\k12085593491.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085593491.exe
Disinfection failed
C:\WINDOWS\system32\k12085593491.exe
Deleted
C:\WINDOWS\system32\k12085593524.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085593524.exe
Deleted
C:\WINDOWS\system32\k12085593545.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085593545.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085593545.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085593556.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085593556.exe
Disinfection failed
C:\WINDOWS\system32\k12085593556.exe
Deleted
C:\WINDOWS\system32\k12085602031.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085602031.exe
Disinfection failed
C:\WINDOWS\system32\k12085602031.exe
Deleted
C:\WINDOWS\system32\k12085602074.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085602074.exe
Deleted
C:\WINDOWS\system32\k12085602085.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085602085.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085602085.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085602096.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085602096.exe
Disinfection failed
C:\WINDOWS\system32\k12085602096.exe
Deleted
C:\WINDOWS\system32\k12085606201.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085606201.exe
Disinfection failed
C:\WINDOWS\system32\k12085606201.exe
Deleted
C:\WINDOWS\system32\k12085606244.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085606244.exe
Deleted
C:\WINDOWS\system32\k12085606255.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085606255.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085606255.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085606266.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085606266.exe
Disinfection failed
C:\WINDOWS\system32\k12085606266.exe
Deleted
C:\WINDOWS\system32\k12085645981.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085645981.exe
Disinfection failed
C:\WINDOWS\system32\k12085645981.exe
Deleted
C:\WINDOWS\system32\k12085646024.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085646024.exe
Deleted
C:\WINDOWS\system32\k12085646035.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085646035.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085646035.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085646056.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085646056.exe
Disinfection failed
C:\WINDOWS\system32\k12085646056.exe
Deleted
C:\WINDOWS\system32\k12085713121.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085713121.exe
Disinfection failed
C:\WINDOWS\system32\k12085713121.exe
Deleted
C:\WINDOWS\system32\k12085713164.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085713164.exe
Deleted
C:\WINDOWS\system32\k12085713175.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085713175.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085713175.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085713186.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085713186.exe
Disinfection failed
C:\WINDOWS\system32\k12085713186.exe
Deleted
C:\WINDOWS\system32\k12085716691.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085716691.exe
Disinfection failed
C:\WINDOWS\system32\k12085716691.exe
Deleted
C:\WINDOWS\system32\k12085716734.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085716734.exe
Deleted
C:\WINDOWS\system32\k12085716745.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085716745.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085716745.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085716756.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085716756.exe
Disinfection failed
C:\WINDOWS\system32\k12085716756.exe
Deleted
C:\WINDOWS\system32\k12085723771.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085723771.exe
Disinfection failed
C:\WINDOWS\system32\k12085723771.exe
Deleted
C:\WINDOWS\system32\k12085723814.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085723814.exe
Deleted
C:\WINDOWS\system32\k12085723825.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085723825.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085723825.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085723836.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085723836.exe
Disinfection failed
C:\WINDOWS\system32\k12085723836.exe
Deleted
C:\WINDOWS\system32\k12085762196.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085762196.exe
Disinfection failed
C:\WINDOWS\system32\k12085762196.exe
Deleted
C:\WINDOWS\system32\k12085769481.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085769481.exe
Disinfection failed
C:\WINDOWS\system32\k12085769481.exe
Deleted
C:\WINDOWS\system32\k12085769524.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085769524.exe
Deleted
C:\WINDOWS\system32\k12085769535.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085769535.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085769535.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085769556.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085769556.exe
Disinfection failed
C:\WINDOWS\system32\k12085769556.exe
Deleted
C:\WINDOWS\system32\k12085791661.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085791661.exe
Disinfection failed
C:\WINDOWS\system32\k12085791661.exe
Deleted
C:\WINDOWS\system32\k12085791714.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085791714.exe
Deleted
C:\WINDOWS\system32\k12085791725.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085791725.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085791725.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085791736.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085791736.exe
Disinfection failed
C:\WINDOWS\system32\k12085791736.exe
Deleted
C:\WINDOWS\system32\k12085811491.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085811491.exe
Disinfection failed
C:\WINDOWS\system32\k12085811491.exe
Deleted
C:\WINDOWS\system32\k12085811534.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085811534.exe
Deleted
C:\WINDOWS\system32\k12085811545.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085811545.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085811545.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085811566.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085811566.exe
Disinfection failed
C:\WINDOWS\system32\k12085811566.exe
Deleted
C:\WINDOWS\system32\k12085830901.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085830901.exe
Disinfection failed
C:\WINDOWS\system32\k12085830901.exe
Deleted
C:\WINDOWS\system32\k12085830944.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085830944.exe
Deleted
C:\WINDOWS\system32\k12085830965.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085830965.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085830965.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085830976.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085830976.exe
Disinfection failed
C:\WINDOWS\system32\k12085830976.exe
Deleted
C:\WINDOWS\system32\k12085885011.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085885011.exe
Disinfection failed
C:\WINDOWS\system32\k12085885011.exe
Deleted
C:\WINDOWS\system32\k12085885064.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085885064.exe
Deleted
C:\WINDOWS\system32\k12085885075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085885075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085885075.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085885086.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085885086.exe
Disinfection failed
C:\WINDOWS\system32\k12085885086.exe
Deleted
C:\WINDOWS\system32\k12085904771.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085904771.exe
Disinfection failed
C:\WINDOWS\system32\k12085904771.exe
Deleted
C:\WINDOWS\system32\k12085904814.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085904814.exe
Deleted
C:\WINDOWS\system32\k12085904825.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085904825.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085904825.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085904836.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085904836.exe
Disinfection failed
C:\WINDOWS\system32\k12085904836.exe
Deleted
C:\WINDOWS\system32\k12085926581.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085926581.exe
Disinfection failed
C:\WINDOWS\system32\k12085926581.exe
Deleted
C:\WINDOWS\system32\k12085926624.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085926624.exe
Deleted
C:\WINDOWS\system32\k12085926635.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085926635.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085926635.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085926646.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085926646.exe
Disinfection failed
C:\WINDOWS\system32\k12085926646.exe
Deleted
C:\WINDOWS\system32\k12085936756.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085936756.exe
Disinfection failed
C:\WINDOWS\system32\k12085936756.exe
Deleted
C:\WINDOWS\system32\k12085939196.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085939196.exe
Disinfection failed
C:\WINDOWS\system32\k12085939196.exe
Deleted
C:\WINDOWS\system32\k12085949911.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085949911.exe
Disinfection failed
C:\WINDOWS\system32\k12085949911.exe
Deleted
C:\WINDOWS\system32\k12085950064.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085950064.exe
Deleted
C:\WINDOWS\system32\k12085950075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085950075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085950075.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085950096.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085950096.exe
Disinfection failed
C:\WINDOWS\system32\k12085950096.exe
Deleted
C:\WINDOWS\system32\k12085992041.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12085992041.exe
Disinfection failed
C:\WINDOWS\system32\k12085992041.exe
Deleted
C:\WINDOWS\system32\k12085992084.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12085992084.exe
Deleted
C:\WINDOWS\system32\k12085992095.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085992095.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085992095.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085992106.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12085992106.exe
Disinfection failed
C:\WINDOWS\system32\k12085992106.exe
Deleted
C:\WINDOWS\system32\k12086010021.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086010021.exe
Disinfection failed
C:\WINDOWS\system32\k12086010021.exe
Deleted
C:\WINDOWS\system32\k12086010064.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086010064.exe
Deleted
C:\WINDOWS\system32\k12086010075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086010075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086010075.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086010086.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086010086.exe
Disinfection failed
C:\WINDOWS\system32\k12086010086.exe
Deleted
C:\WINDOWS\system32\k12086019661.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086019661.exe
Disinfection failed
C:\WINDOWS\system32\k12086019661.exe
Deleted
C:\WINDOWS\system32\k12086019704.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086019704.exe
Deleted
C:\WINDOWS\system32\k12086019715.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086019715.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086019715.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086019736.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086019736.exe
Disinfection failed
C:\WINDOWS\system32\k12086019736.exe
Deleted

flyingsquirrel

C:\WINDOWS\system32\k12086039591.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086039591.exe
Disinfection failed
C:\WINDOWS\system32\k12086039591.exe
Deleted
C:\WINDOWS\system32\k12086039634.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086039634.exe
Deleted
C:\WINDOWS\system32\k12086039655.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086039655.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086039655.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086039666.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086039666.exe
Disinfection failed
C:\WINDOWS\system32\k12086039666.exe
Deleted
C:\WINDOWS\system32\k12086051831.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086051831.exe
Disinfection failed
C:\WINDOWS\system32\k12086051831.exe
Deleted
C:\WINDOWS\system32\k12086051874.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086051874.exe
Deleted
C:\WINDOWS\system32\k12086051885.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086051885.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086051885.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086051896.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086051896.exe
Disinfection failed
C:\WINDOWS\system32\k12086051896.exe
Deleted
C:\WINDOWS\system32\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.Cinmus.XY
C:\WINDOWS\system32\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed
C:\WINDOWS\system32\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted
C:\WINDOWS\system32\k12086072531.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086106921.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086106921.exe
Disinfection failed
C:\WINDOWS\system32\k12086106921.exe
Deleted
C:\WINDOWS\system32\k12086106964.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086106964.exe
Deleted
C:\WINDOWS\system32\k12086106975.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086106975.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086106975.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086106996.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086106996.exe
Disinfection failed
C:\WINDOWS\system32\k12086106996.exe
Deleted
C:\WINDOWS\system32\k12086163766.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086163766.exe
Disinfection failed
C:\WINDOWS\system32\k12086163766.exe
Deleted
C:\WINDOWS\system32\k12086178316.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086178316.exe
Disinfection failed
C:\WINDOWS\system32\k12086178316.exe
Deleted
C:\WINDOWS\system32\k12086192716.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086192716.exe
Disinfection failed
C:\WINDOWS\system32\k12086192716.exe
Deleted
C:\WINDOWS\system32\k12086214811.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086214811.exe
Disinfection failed
C:\WINDOWS\system32\k12086214811.exe
Deleted
C:\WINDOWS\system32\k12086214854.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086214854.exe
Deleted
C:\WINDOWS\system32\k12086214865.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086214865.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086214865.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086214876.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086214876.exe
Disinfection failed
C:\WINDOWS\system32\k12086214876.exe
Deleted
C:\WINDOWS\system32\k12086237921.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086237921.exe
Disinfection failed
C:\WINDOWS\system32\k12086237921.exe
Deleted
C:\WINDOWS\system32\k12086237974.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086237974.exe
Deleted
C:\WINDOWS\system32\k12086237985.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086237985.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086237985.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086237996.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086237996.exe
Disinfection failed
C:\WINDOWS\system32\k12086237996.exe
Deleted
C:\WINDOWS\system32\k12086252111.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086252111.exe
Disinfection failed
C:\WINDOWS\system32\k12086252111.exe
Deleted
C:\WINDOWS\system32\k12086252154.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086252154.exe
Deleted
C:\WINDOWS\system32\k12086252165.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086252165.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086252165.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086252176.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086252176.exe
Disinfection failed
C:\WINDOWS\system32\k12086252176.exe
Deleted
C:\WINDOWS\system32\k12086291511.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086291511.exe
Disinfection failed
C:\WINDOWS\system32\k12086291511.exe
Deleted
C:\WINDOWS\system32\k12086291554.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086291554.exe
Deleted
C:\WINDOWS\system32\k12086291565.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086291565.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086291565.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086291576.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086291576.exe
Disinfection failed
C:\WINDOWS\system32\k12086291576.exe
Deleted
C:\WINDOWS\system32\k12086328551.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086328551.exe
Disinfection failed
C:\WINDOWS\system32\k12086328551.exe
Deleted
C:\WINDOWS\system32\k12086328594.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086328594.exe
Deleted
C:\WINDOWS\system32\k12086328615.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086328615.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086328615.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086328626.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086328626.exe
Disinfection failed
C:\WINDOWS\system32\k12086328626.exe
Deleted
C:\WINDOWS\system32\k12086408751.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086408751.exe
Disinfection failed
C:\WINDOWS\system32\k12086408751.exe
Deleted
C:\WINDOWS\system32\k12086408824.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086408824.exe
Deleted
C:\WINDOWS\system32\k12086408835.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086408835.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086408835.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086408846.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086408846.exe
Disinfection failed
C:\WINDOWS\system32\k12086408846.exe
Deleted
C:\WINDOWS\system32\k12086427131.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086427131.exe
Disinfection failed
C:\WINDOWS\system32\k12086427131.exe
Deleted
C:\WINDOWS\system32\k12086427174.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086427174.exe
Deleted
C:\WINDOWS\system32\k12086427185.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086427185.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086427185.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086427196.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086427196.exe
Disinfection failed
C:\WINDOWS\system32\k12086427196.exe
Deleted
C:\WINDOWS\system32\k12086443061.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086443061.exe
Disinfection failed
C:\WINDOWS\system32\k12086443061.exe
Deleted
C:\WINDOWS\system32\k12086443104.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086443104.exe
Deleted
C:\WINDOWS\system32\k12086443115.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086443115.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086443115.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086443136.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086443136.exe
Disinfection failed
C:\WINDOWS\system32\k12086443136.exe
Deleted
C:\WINDOWS\system32\k12086466081.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086466081.exe
Disinfection failed
C:\WINDOWS\system32\k12086466081.exe
Deleted
C:\WINDOWS\system32\k12086466134.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086466134.exe
Deleted
C:\WINDOWS\system32\k12086466155.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086466155.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086466155.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086466166.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086466166.exe
Disinfection failed
C:\WINDOWS\system32\k12086466166.exe
Deleted
C:\WINDOWS\system32\k12086468821.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086468821.exe
Disinfection failed
C:\WINDOWS\system32\k12086468821.exe
Deleted
C:\WINDOWS\system32\k12086468874.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086468874.exe
Deleted
C:\WINDOWS\system32\k12086468885.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086468885.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086468885.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086468896.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086468896.exe
Disinfection failed
C:\WINDOWS\system32\k12086468896.exe
Deleted
C:\WINDOWS\system32\k12086470861.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086470861.exe
Disinfection failed
C:\WINDOWS\system32\k12086470861.exe
Deleted
C:\WINDOWS\system32\k12086470904.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086470904.exe
Deleted
C:\WINDOWS\system32\k12086470925.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086470925.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086470925.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086470936.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086470936.exe
Disinfection failed
C:\WINDOWS\system32\k12086470936.exe
Deleted
C:\WINDOWS\system32\k12086478071.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\WINDOWS\system32\k12086478071.exe
Disinfection failed
C:\WINDOWS\system32\k12086478071.exe
Deleted
C:\WINDOWS\system32\k12086478114.exe
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\k12086478114.exe
Deleted
C:\WINDOWS\system32\k12086478125.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086478125.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086478125.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086478146.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\k12086478146.exe
Disinfection failed
C:\WINDOWS\system32\k12086478146.exe
Deleted
C:\WINDOWS\system32\mstreg.dll
Infected with: Backdoor.Delf.HNY
C:\WINDOWS\system32\mstreg.dll
Deleted
C:\WINDOWS\system32\mstreg.exe
Infected with: Trojan.Proxy.Delf.DP
C:\WINDOWS\system32\mstreg.exe
Disinfection failed
C:\WINDOWS\system32\mstreg.exe
Deleted
C:\WINDOWS\system32\mstrega.dll
Infected with: Trojan.Agent.AIBP
C:\WINDOWS\system32\mstrega.dll
Deleted
C:\WINDOWS\system32\zsmscc071001.dll
Infected with: Trojan.PWS.OnlineGames.NYC
C:\WINDOWS\system32\zsmscc071001.dll
Disinfection failed
C:\WINDOWS\system32\zsmscc071001.dll
Deleted
C:\WINDOWS\system32\zsmscc071001.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\WINDOWS\system32\zsmscc071001.exe
Disinfection failed
C:\WINDOWS\system32\zsmscc071001.exe
Deleted
D:\auto.exe
Infected with: Win32.Worm.Winko.I
D:\auto.exe
Deleted
D:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002464.exe
Infected with: Win32.Worm.Winko.I
D:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002464.exe
Deleted


thats all. long huh?

Thomas

Nothing like some copy and pasting to get the circulation going I say. You have done really good work so far, but I can see the malware has other unseen components, and is recreating itself. Just need to remove it a different way, and get in a stealth view of what might be hidden as well.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download SDFix.exe and save it to your desktop.

Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now.

===================================================


Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script.

Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here.

=============================

After the reboot reconnect to net access and Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---

I would like to have you do a BitDefender scan again at this point, but if the hidden components have survived these previous steps it will not be worth the effort. Instead, after running the MBAM scan, and still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes except this one:

Security Center

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Post those along with the MBAM log and the SDFix report.txt log please.

flyingsquirrel

SDFix report:


SDFix: Version 1.172
Run by user on Sat 04/19/2008 at 06:09 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 18:11:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 19 Apr 2008 107,008 ..SHR --- "C:\WINDOWS\system32\zsmscc32.dll"

Finished!

MBAM:

Malwarebytes' Anti-Malware 1.11
Database version: 660

Scan type: Quick Scan
Objects scanned: 30074
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0c5c8e9a-48ba-4d26-aa01-2e1d4dc14718} (Adware.Boran) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpidisk (Rootkit.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acpidisk (Rootkit.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Rootkit.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Adware.Cinmus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools (Trojan.Yigather) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\acpidisk.sys (Rootkit.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~my1.tmp (Adware.Cinmus) -> Delete on reboot.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Malware.Trace) -> Quarantined and deleted successfully.


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- Security Center

---

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"


-- End of Deckard's System Scanner: finished at 2008-04-19 18:23:57

---

flyingsquirrel

and the main.txt

Deckard's System Scanner v20071014.68
Run by user on 2008-04-19 18:23:17
Computer is in Normal Mode.

---

-- HijackThis (run as user.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 6:23:20 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\desktop\dss.exe
C:\PROGRA~1\HIJACK~1\user.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208571421358
O23 - Service: A6933495 - Unknown owner - C:\WINDOWS\system32\CF8C34A4.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IE Security Service (msyaxk) - Unknown owner - C:\WINDOWS\system32\mstreg.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- File Associations

---

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 catchme - c:\docume~1\user\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

S2 A6933495 - c:\windows\system32\cf8c34a4.exe -k (file missing)
S2 msyaxk (IE Security Service) - c:\windows\system32\mstreg.exe (file missing)


-- Device Manager: Disabled

---

No disabled devices found.


-- Files created between 2008-03-19 and 2008-04-19

---

2008-04-19 18:17:00 0 d

---

C:\WINDOWS\Sun
2008-04-19 18:16:17 0 d

---

C:\Documents and Settings\user\Application Data\Malwarebytes
2008-04-19 18:16:10 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 18:16:10 0 d

---

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 18:15:55 0 d

---

C:\Program Files\Common Files\Download Manager
2008-04-19 18:07:53 0 d

---

C:\WINDOWS\ERUNT
2008-04-19 18:01:24 0 d

---

C:\Program Files\DAEMON Tools Lite
2008-04-19 17:46:57 717296 --a

---

C:\WINDOWS\system32\drivers\sptd.sys
2008-04-19 17:46:53 0 d

---

C:\Documents and Settings\user\Application Data\DAEMON Tools
2008-04-19 16:36:51 0 d

---

C:\WINDOWS\BDOSCAN8
2008-04-19 16:32:28 0 d

---

C:\WINDOWS\CSC
2008-04-19 16:30:15 226813 --a

---

C:\WINDOWS\system32\k12086478125.exe
2008-04-19 16:28:13 0 d

---

C:\Documents and Settings\user\WINDOWS
2008-04-19 16:28:13 0 d

---

C:\Application Data
2008-04-19 16:27:15 6460 --a

---

C:\backup.reg
2008-04-19 16:18:15 226813 --a

---

C:\WINDOWS\system32\k12086470925.exe
2008-04-19 16:14:51 226813 --a

---

C:\WINDOWS\system32\k12086468885.exe
2008-04-19 16:10:17 226813 --a

---

C:\WINDOWS\system32\k12086466155.exe
2008-04-19 15:31:52 226813 --a

---

C:\WINDOWS\system32\k12086443115.exe
2008-04-19 15:05:20 226813 --a

---

C:\WINDOWS\system32\k12086427185.exe
2008-04-19 14:34:44 226813 --a

---

C:\WINDOWS\system32\k12086408835.exe
2008-04-19 12:21:03 226813 --a

---

C:\WINDOWS\system32\k12086328615.exe
2008-04-19 11:19:16 226813 --a

---

C:\WINDOWS\system32\k12086291565.exe
2008-04-19 10:13:38 226813 --a

---

C:\WINDOWS\system32\k12086252165.exe
2008-04-19 09:49:59 226813 --a

---

C:\WINDOWS\system32\k12086237985.exe
2008-04-19 09:11:31 226813 --a

---

C:\WINDOWS\system32\k12086214865.exe
2008-04-19 08:35:19 2613 --a

---

C:\WINDOWS\system32\k12086192694.exe
2008-04-19 08:34:30 21489 --a

---

C:\WINDOWS\system32\k12086192651.exe
2008-04-19 08:11:27 15233 --a

---

C:\WINDOWS\system32\k12086178284.exe
2008-04-19 08:10:26 9873 --a

---

C:\WINDOWS\system32\k12086178221.exe
2008-04-19 07:46:34 18585 --a

---

C:\WINDOWS\system32\k12086163691.exe
2008-04-19 07:02:47 2613 --a

---

C:\WINDOWS\system32\k12086137641.exe
2008-04-19 06:11:38 226813 --a

---

C:\WINDOWS\system32\k12086106975.exe
2008-04-19 05:14:18 6969 --a

---

C:\WINDOWS\system32\k12086072574.exe
2008-04-19 05:14:17 118773 --a

---

C:\WINDOWS\system32\k12086072531.exe
2008-04-19 04:39:48 226813 --a

---

C:\WINDOWS\system32\k12086051885.exe
2008-04-19 04:19:25 226813 --a

---

C:\WINDOWS\system32\k12086039655.exe
2008-04-19 03:46:12 226813 --a

---

C:\WINDOWS\system32\k12086019715.exe
2008-04-19 03:30:08 226813 --a

---

C:\WINDOWS\system32\k12086010075.exe
2008-04-19 03:00:10 226813 --a

---

C:\WINDOWS\system32\k12085992095.exe
2008-04-19 01:50:11 226813 --a

---

C:\WINDOWS\system32\k12085950075.exe
2008-04-19 01:32:05 29061 --a

---

C:\WINDOWS\system32\k12085939164.exe
2008-04-19 01:31:55 11325 --a

---

C:\WINDOWS\system32\k12085939121.exe
2008-04-19 01:28:26 0 d

---

C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-19 01:28:20 9873 --a

---

C:\WINDOWS\system32\k12085936724.exe
2008-04-19 01:27:53 36009 --a

---

C:\WINDOWS\system32\k12085936681.exe
2008-04-19 01:11:05 226813 --a

---

C:\WINDOWS\system32\k12085926635.exe
2008-04-19 00:48:04 0 d

---

C:\Program Files\Enigma Software Group
2008-04-19 00:34:43 226813 --a

---

C:\WINDOWS\system32\k12085904825.exe
2008-04-19 00:01:48 226813 --a

---

C:\WINDOWS\system32\k12085885075.exe
2008-04-18 23:24:12 0 d

---

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 23:09:15 0 d

---

C:\Program Files\Lavasoft
2008-04-18 23:09:15 0 d

---

C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-18 23:08:53 0 d

---

C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 22:31:37 226813 --a

---

C:\WINDOWS\system32\k12085830965.exe
2008-04-18 21:59:15 226813 --a

---

C:\WINDOWS\system32\k12085811545.exe
2008-04-18 21:26:21 226813 --a

---

C:\WINDOWS\system32\k12085791725.exe
2008-04-18 20:49:14 226813 --a

---

C:\WINDOWS\system32\k12085769535.exe
2008-04-18 20:37:23 17153 --a

---

C:\WINDOWS\system32\k12085762164.exe
2008-04-18 20:37:03 18205 --a

---

C:\WINDOWS\system32\k12085762121.exe
2008-04-18 19:33:02 226813 --a

---

C:\WINDOWS\system32\k12085723825.exe
2008-04-18 19:21:15 226813 --a

---

C:\WINDOWS\system32\k12085716745.exe
2008-04-18 19:19:44 0 d

---

C:\WINDOWS\system32\PreInstall
2008-04-18 19:19:42 0 d--h

---

C:\WINDOWS\$hf_mig$
2008-04-18 19:17:48 0 d

---

C:\WINDOWS\system32\SoftwareDistribution
2008-04-18 19:16:42 0 d---s---- C:\Documents and Settings\user\UserData
2008-04-18 19:15:17 226813 --a

---

C:\WINDOWS\system32\k12085713175.exe
2008-04-18 18:36:13 0 d

---

C:\Documents and Settings\user\Application Data\Desktop Sidebar
2008-04-18 18:35:24 0 d

---

C:\Program Files\Desktop Sidebar
2008-04-18 18:25:30 0 d

---

C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 17:23:24 226813 --a

---

C:\WINDOWS\system32\k12085646035.exe
2008-04-18 16:17:06 226813 --a

---

C:\WINDOWS\system32\k12085606255.exe
2008-04-18 16:10:09 226813 --a

---

C:\WINDOWS\system32\k12085602085.exe
2008-04-18 15:55:54 226813 --a

---

C:\WINDOWS\system32\k12085593545.exe
2008-04-18 15:11:46 226813 --a

---

C:\WINDOWS\system32\k12085566995.exe
2008-04-18 14:41:46 226813 --a

---

C:\WINDOWS\system32\k12085549065.exe
2008-04-18 14:00:03 226813 --a

---

C:\WINDOWS\system32\k12085524025.exe
2008-04-18 13:49:25 0 d

---

C:\Documents and Settings\user\Application Data\vlc
2008-04-18 13:44:21 226813 --a

---

C:\WINDOWS\system32\k12085514585.exe
2008-04-18 13:31:54 0 d

---

C:\Documents and Settings\All Users\progeSOFT
2008-04-18 13:31:46 0 d

---

C:\Documents and Settings\user\Application Data\progeSOFT
2008-04-18 13:23:35 2134016 --a

---

C:\WINDOWS\system32\cdintf251.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-04-18 13:23:23 61440 --a

---

C:\WINDOWS\system32\wintab32.dll
2008-04-18 13:23:23 0 d

---

C:\Program Files\progeSOFT
2008-04-18 13:23:22 368912 --a

---

C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-18 13:23:22 415504 --a

---

C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-04-18 13:23:22 252176 --a

---

C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 24848 --a

---

C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 123664 --a

---

C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 13:23:22 1046288 --a

---

C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-18 12:58:13 0 d

---

C:\Documents and Settings\user\Application Data\SoundSpectrum
2008-04-18 12:54:25 0 d

---

C:\Program Files\VideoLAN
2008-04-18 12:53:51 0 d

---

C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-18 12:53:47 0 d

---

C:\Documents and Settings\user\Application Data\NCH Swift Sound
2008-04-18 12:53:32 0 d

---

C:\Program Files\NCH Swift Sound
2008-04-18 12:53:23 0 d

---

C:\Program Files\SoundSpectrum
2008-04-18 12:52:39 212480

---

n--- C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-18 12:51:47 0 d

---

C:\Program Files\Serif
2008-04-18 12:45:36 226813 --a

---

C:\WINDOWS\system32\k12085479345.exe
2008-04-18 12:08:21 226813 --a

---

C:\WINDOWS\system32\k12085456905.exe
2008-04-18 11:53:56 226813 --a

---

C:\WINDOWS\system32\k12085448355.exe
2008-04-18 11:12:43 0 d

---

C:\Program Files\NJStar Chinese WP
2008-04-18 11:04:12 226813 --a

---

C:\WINDOWS\system32\k12085418525.exe
2008-04-18 11:04:02 0 d

---

C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-18 10:57:17 0 d

---

C:\Documents and Settings\user\Application Data\NJStar
2008-04-18 10:57:14 0 d

---

C:\Program Files\NJStar Japanese WP
2008-04-18 10:51:45 0 d

---

C:\Documents and Settings\user\Application Data\Azureus
2008-04-18 10:51:27 0 d

---

C:\Program Files\Azureus
2008-04-18 10:48:21 0 d

---

C:\Documents and Settings\user\Application Data\Talkback
2008-04-18 10:48:15 0 --a

---

C:\WINDOWS\nsreg.dat
2008-04-18 10:48:13 0 d

---

C:\Documents and Settings\user\Application Data\Mozilla
2008-04-18 10:24:17 0 d

---

C:\Program Files\Yahoo!
2008-04-18 10:24:16 0 d

---

C:\Documents and Settings\user\Application Data\ACD Systems
2008-04-18 10:23:47 0 d

---

C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\Common Files\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\ACD Systems
2008-04-18 10:23:40 10368 --a

---

C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-04-18 10:22:06 0 d

---

C:\WINDOWS\Downloaded Installations
2008-04-18 09:32:07 226813 --a

---

C:\WINDOWS\system32\k12085363065.exe
2008-04-18 08:31:40 226813 --a

---

C:\WINDOWS\system32\k12085326895.exe
2008-04-18 08:28:20 226813 --a

---

C:\WINDOWS\system32\k12085324535.exe
2008-04-18 07:29:47 226813 --a

---

C:\WINDOWS\system32\k12085289865.exe
2008-04-18 07:23:28 226813 --a

---

C:\WINDOWS\system32\k12085285985.exe
2008-04-18 07:08:52 0 d

---

C:\Program Files\smqy
2008-04-18 07:08:49 226813 --a

---

C:\WINDOWS\system32\k12085277285.exe
2008-04-18 06:45:00 226813 --a

---

C:\WINDOWS\system32\k12085262995.exe
2008-04-18 06:37:34 0 d

---

C:\Documents and Settings\user\Application Data\Google
2008-04-18 06:37:09 0 d

---

C:\Documents and Settings\All Users\Application Data\Google
2008-04-18 06:36:59 226813 --a

---

C:\WINDOWS\system32\k12085258165.exe
2008-04-18 06:28:54 0 d

---

C:\Program Files\Common Files\Java
2008-04-18 06:28:52 0 d

---

C:\Program Files\Java
2008-04-18 06:28:29 0 d

---

C:\Documents and Settings\user\Application Data\Sun
2008-04-18 06:27:54 0 d

---

C:\Program Files\Google
2008-04-18 06:26:59 107008 -r-hs---- C:\WINDOWS\system32\zsmscc32.dll
2008-04-18 06:26:51 0 d

---

C:\Program Files\woil
2008-04-18 06:26:50 274 --a

---

C:\WINDOWS\system32\AutoMsi.sys
2008-04-18 06:26:49 380 --a

---

C:\WINDOWS\system32\Msi.sys
2008-04-18 06:26:47 226813 --a

---

C:\WINDOWS\system32\k12085252075.exe
2008-04-18 06:26:46 25600 --a

---

C:\WINDOWS\system32\Winsp2.dll
2008-04-18 06:26:46 32768 --a

---

C:\WINDOWS\system32\winhelp1.exe
2008-04-18 06:26:46 0 dr

---

C:\Documents and Settings\LocalService\Favorites
2008-04-18 06:20:02 0 d

---

C:\Documents and Settings\user\Application Data\Ahead
2008-04-18 06:19:29 0 d

---

C:\Program Files\Nero
2008-04-18 06:19:29 0 d

---

C:\Program Files\Common Files\Ahead
2008-04-18 06:15:34 0 d

---

C:\Program Files\Microsoft ActiveSync
2008-04-18 06:14:33 0 d

---

C:\WINDOWS\ShellNew
2008-04-18 06:14:31 0 d

---

C:\Program Files\Common Files\L&H
2008-04-18 06:10:16 0 d

---

C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-18 06:09:41 0 d

---

C:\Program Files\CyberLink
2008-04-18 05:58:47 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-18 05:58:21 0 d

---

C:\WINDOWS\Cache
2008-04-18 05:57:05 0 d

---

C:\WINDOWS\nview
2008-04-18 05:52:17 0 d

---

C:\WINDOWS\system32\Lang
2008-04-18 05:49:50 49152 -r

---

C:\WINDOWS\system32\ChCfg.exe
2008-04-18 05:49:37 0 d

---

C:\WINDOWS\system32\RTCOM
2008-04-18 05:48:42 0 d

---

C:\Program Files\Realtek
2008-04-18 05:48:39 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-04-18 05:48:31 315392 --a

---

C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-18 05:48:30 520192 -r

---

C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-18 05:46:41 1732 -ra

---

C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-18 05:46:16 0 d

---

C:\Documents and Settings\user\Application Data\InstallShield
2008-04-18 05:44:37 0 d

---

C:\WINDOWS\system32\Tools
2008-04-18 05:44:28 0 d

---

C:\Program Files\Common Files\InstallShield
2008-04-18 05:43:38 4864 -ra

---

C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-04-18 05:35:25 0 d

---

C:\Documents and Settings\user\Application Data\Identities
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\NetHood
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\My Documents
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\Local Settings
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\Favorites
2008-04-18 05:35:16 0 d

---

C:\Documents and Settings\user\Desktop
2008-04-18 05:35:16 0 d---s---- C:\Documents and Settings\user\Cookies
2008-04-18 05:35:16 0 dr-h

---

C:\Documents and Settings\user\Application Data
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\Templates
2008-04-18 05:35:15 0 dr

---

C:\Documents and Settings\user\Start Menu
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\SendTo
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\Recent
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\PrintHood
2008-04-18 05:35:15 2883584 --ah

---

C:\Documents and Settings\user\NTUSER.DAT
2008-04-18 05:34:35 0 d

---

C:\WINDOWS\SoftwareDistribution
2008-04-18 05:34:33 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-18 05:34:33 0 d

---

C:\WINDOWS\Prefetch
2008-04-18 05:34:32 229376 --ah

---

C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-18 05:34:32 0 d--h

---

C:\Documents and Settings\LocalService\Local Settings
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-18 05:34:32 0 d

---

C:\Documents and Settings\LocalService\Application Data
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-18 05:34:14 229376 --ah

---

C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-18 05:34:14 0 d--h

---

C:\Documents and Settings\NetworkService\Local Settings
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-18 05:34:14 0 d

---

C:\Documents and Settings\NetworkService\Application Data
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-18 05:32:04 0 d

---

C:\WINDOWS\system32\xircom
2008-04-18 05:32:04 0 d

---

C:\Program Files\microsoft frontpage
2008-04-18 05:31:57 229376 ---h

---

C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-18 05:31:47 0 -rahs---- C:\MSDOS.SYS
2008-04-18 05:31:47 0 -rahs---- C:\IO.SYS
2008-04-18 05:31:47 0 --a

---

C:\CONFIG.SYS
2008-04-18 05:31:47 0 --a

---

C:\AUTOEXEC.BAT
2008-04-18 05:30:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-18 05:30:48 0 dr

---

C:\WINDOWS\Offline Web Pages
2008-04-18 05:30:48 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-18 05:30:38 0 d--h

---

C:\Program Files\WindowsUpdate
2008-04-18 05:30:05 0 d

---

C:\WINDOWS\system32\DirectX
2008-04-18 05:29:10 0 d---s---- C:\WINDOWS\Tasks
2008-04-18 05:29:09 0 d

---

C:\Program Files\Common Files\MSSoap
2008-04-18 05:29:03 0 d

---

C:\WINDOWS\srchasst
2008-04-18 05:29:02 0 d

---

C:\WINDOWS\system32\Macromed
2008-04-18 05:28:46 0 d

---

C:\Program Files\Movie Maker
2008-04-18 05:28:33 0 d

---

C:\WINDOWS\system32\Restore
2008-04-18 05:27:50 21640 --a

---

C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 05:27:30 0 d

---

C:\WINDOWS\Registration
2008-04-18 05:27:22 0 d

---

C:\Program Files\Online Services
2008-04-18 05:27:16 0 d

---

C:\Program Files\Messenger
2008-04-18 05:27:12 0 d

---

C:\Program Files\MSN Gaming Zone
2008-04-18 05:26:17 0 d

---

C:\Program Files\Windows NT
2008-04-18 05:26:12 0 d

---

C:\WINDOWS\system32\MsDtc
2008-04-18 05:26:09 0 d

---

C:\WINDOWS\system32\Com
2008-04-17 22:17:25 0 d--hs---- C:\WINDOWS\Installer
2008-04-17 22:17:24 0 d

---

C:\Program Files\Common Files\ODBC
2008-04-17 22:17:22 0 d

---

C:\Program Files\Common Files\SpeechEngines
2008-04-17 22:17:21 0 dr

---

C:\Program Files
2008-04-17 22:17:21 0 d

---

C:\Program Files\Common Files
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\Default User\Start Menu
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\SendTo
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Recent
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\PrintHood
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\NetHood
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\My Documents
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\Local Settings
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Favorites
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Desktop
2008-04-17 22:16:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\All Users\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Start Menu
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Favorites
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Documents
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Desktop
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot2
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\Default User\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\All Users\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-17 22:16:02 0 d--hs---- C:\System Volume Information
2008-04-17 22:16:02 0 d

---

C:\Documents and Settings
2008-04-17 22:10:24 0 d

---

C:\WINDOWS
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\WinSxS
2008-04-17 22:10:24 0 dr

---

C:\WINDOWS\Web
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\twain_32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wbem
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\usmt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\spool
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ShellExt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\Setup
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ras
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\oobe
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\npp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\inetsrv
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\IME
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\icsxml
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ias
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\export
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\etc
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\disdn
2008-04-17 22:10:24 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\dhcp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3com_dmi
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3076
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\2052
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1054
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1042
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1041
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1037
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1033
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1031
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1028
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1025
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\security
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Resources
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\repair
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Provisioning
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\PeerNet
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\pchealth
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msapps
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msagent
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Media
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\java
2008-04-17 22:10:24 0 d--h

---

C:\WINDOWS\inf
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ime
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Help
2008-04-17 22:10:24 0 dr--s---- C:\WINDOWS\Fonts
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ehome
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Driver Cache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Debug
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Cursors
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Connection Wizard
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\AppPatch
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\addins


-- Find3M Report

---

2008-04-17 22:16:51 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 01:08 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 01:45 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/26/2007 03:35 PM]
"nwiz"="nwiz.exe" [12/26/2007 03:35 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/26/2007 03:35 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [04/18/2008 06:29 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [04/21/2006 05:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/18/2008 06:28 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/18/2008 06:37 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [03/21/2008 01:30 AM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [1/13/2007 4:14:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/18/2008 6:28:08 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=&quot;Service"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
btnq
xrvd


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c48a4dd4-0d48-11dd-a8b2-001e9001a4f2}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe




-- End of Deckard's System Scanner: finished at 2008-04-19 18:23:57

---

Thomas

Chipping away at it. My turn for copy/paste, since those malware files need to be listed out now. This malware is Chinese sourced, and I do see the Chinese software indicating a recent install. Where did you get the copies of that? A concern is if we are doing this work really for nothing because you have infection bundled software installed there.


Go here and download Flash_Disinfector.exe and save it to your desktop.

Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program.

The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.

---

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs\btnq]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs\xrvd]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c48a4dd4-0d48-11dd-a8b2-001e9001a4f2}]

Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it newfixer.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.

---

Disconnect from net access and then click on avenger.exe to run the tool.

Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.

Drivers to delete:
A6933495
msyaxk
Files to delete:
C:\WINDOWS\system32\zsmscc32.dll
C:\WINDOWS\system32\AutoMsi.sys
C:\WINDOWS\system32\Msi.sys
C:\WINDOWS\system32\k12085252075.exe
C:\WINDOWS\system32\Winsp2.dll
C:\WINDOWS\system32\winhelp1.exe
C:\WINDOWS\system32\k12085363065.exe  
C:\WINDOWS\system32\k12085326895.exe  
C:\WINDOWS\system32\k12085324535.exe  
C:\WINDOWS\system32\k12085289865.exe  
C:\WINDOWS\system32\k12085285985.exe  
C:\WINDOWS\system32\k12085277285.exe  
C:\WINDOWS\system32\k12085262995.exe  
C:\WINDOWS\system32\k12085258165.exe  
C:\WINDOWS\system32\k12085479345.exe
C:\WINDOWS\system32\k12085456905.exe
C:\WINDOWS\system32\k12085448355.exe
C:\WINDOWS\system32\k12085418525.exe
C:\WINDOWS\system32\svch0st.exe
C:\WINDOWS\system32\k12085606255.exe  
C:\WINDOWS\system32\k12085602085.exe  
C:\WINDOWS\system32\k12085593545.exe  
C:\WINDOWS\system32\k12085566995.exe  
C:\WINDOWS\system32\k12085549065.exe  
C:\WINDOWS\system32\k12085524025.exe  
C:\WINDOWS\system32\k12085514585.exe  
C:\WINDOWS\system32\k12085713175.exe
C:\WINDOWS\system32\k12085830965.exe  
C:\WINDOWS\system32\k12085811545.exe  
C:\WINDOWS\system32\k12085791725.exe  
C:\WINDOWS\system32\k12085769535.exe  
C:\WINDOWS\system32\k12085762164.exe  
C:\WINDOWS\system32\k12085762121.exe  
C:\WINDOWS\system32\k12085723825.exe  
C:\WINDOWS\system32\k12085716745.exe
C:\WINDOWS\system32\k12086328615.exe  
C:\WINDOWS\system32\k12086291565.exe  
C:\WINDOWS\system32\k12086252165.exe  
C:\WINDOWS\system32\k12086237985.exe  
C:\WINDOWS\system32\k12086214865.exe  
C:\WINDOWS\system32\k12086192694.exe  
C:\WINDOWS\system32\k12086192651.exe  
C:\WINDOWS\system32\k12086178284.exe  
C:\WINDOWS\system32\k12086178221.exe  
C:\WINDOWS\system32\k12086163691.exe  
C:\WINDOWS\system32\k12086137641.exe  
C:\WINDOWS\system32\k12086106975.exe  
C:\WINDOWS\system32\k12086072574.exe  
C:\WINDOWS\system32\k12086072531.exe  
C:\WINDOWS\system32\k12086051885.exe  
C:\WINDOWS\system32\k12086039655.exe  
C:\WINDOWS\system32\k12086019715.exe  
C:\WINDOWS\system32\k12086010075.exe  
C:\WINDOWS\system32\k12085992095.exe  
C:\WINDOWS\system32\k12085950075.exe  
C:\WINDOWS\system32\k12085939164.exe  
C:\WINDOWS\system32\k12085939121.exe  
C:\WINDOWS\system32\k12085936724.exe  
C:\WINDOWS\system32\k12085936681.exe  
C:\WINDOWS\system32\k12085926635.exe  
C:\WINDOWS\system32\k12085904825.exe  
C:\WINDOWS\system32\k12085885075.exe  
C:\WINDOWS\system32\k12086478125.exe
Folders to delete:
C:\Program Files\smqy 
C:\Program Files\woil

Your system may reboot twice to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.

---

Then reconnect to net access and again disable your antivirus program (remember to re-enable it once this scan is complete) and go here (be sure to re-enable it after the scan completes) and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and take a break for a while.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export the scan report". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here.

---

Just to be sure run an MBAM scan again, again saving that log to post back here.

Then still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes.

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Post back that log along with the BitDefender log, the avenger.txt log and the MBAM log please.

flyingsquirrel

mbam:

Malwarebytes' Anti-Malware 1.11
Database version: 660

Scan type: Quick Scan
Objects scanned: 29818
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


main.txt:

Deckard's System Scanner v20071014.68
Run by user on 2008-04-19 20:36:49
Computer is in Normal Mode.

---

-- HijackThis (run as user.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 20:36:51, on 2008/04/19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\user\desktop\dss.exe
C:\PROGRA~1\HIJACK~1\user.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208571421358
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- File Associations

---

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 catchme - c:\docume~1\user\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

All services whitelisted.


-- Device Manager: Disabled

---

No disabled devices found.


-- Files created between 2008-03-19 and 2008-04-19

---

2008-04-19 20:01:31 0 drahs---- C:\autorun.inf
2008-04-19 18:55:26 0 d

---

C:\WINDOWS\system32\appmgmt
2008-04-19 18:50:05 0 d

---

C:\KEY
2008-04-19 18:17:00 0 d

---

C:\WINDOWS\Sun
2008-04-19 18:16:17 0 d

---

C:\Documents and Settings\user\Application Data\Malwarebytes
2008-04-19 18:16:10 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 18:16:10 0 d

---

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 18:15:55 0 d

---

C:\Program Files\Common Files\Download Manager
2008-04-19 18:07:53 0 d

---

C:\WINDOWS\ERUNT
2008-04-19 18:01:24 0 d

---

C:\Program Files\DAEMON Tools Lite
2008-04-19 17:46:57 717296 --a

---

C:\WINDOWS\system32\drivers\sptd.sys
2008-04-19 17:46:53 0 d

---

C:\Documents and Settings\user\Application Data\DAEMON Tools
2008-04-19 16:36:51 0 d

---

C:\WINDOWS\BDOSCAN8
2008-04-19 16:32:28 0 d

---

C:\WINDOWS\CSC
2008-04-19 16:28:13 0 d

---

C:\Documents and Settings\user\WINDOWS
2008-04-19 16:28:13 0 d

---

C:\Application Data
2008-04-19 16:18:15 226813 --a

---

C:\WINDOWS\system32\k12086470925.exe
2008-04-19 16:14:51 226813 --a

---

C:\WINDOWS\system32\k12086468885.exe
2008-04-19 16:10:17 226813 --a

---

C:\WINDOWS\system32\k12086466155.exe
2008-04-19 15:31:52 226813 --a

---

C:\WINDOWS\system32\k12086443115.exe
2008-04-19 15:05:20 226813 --a

---

C:\WINDOWS\system32\k12086427185.exe
2008-04-19 14:34:44 226813 --a

---

C:\WINDOWS\system32\k12086408835.exe
2008-04-19 01:28:26 0 d

---

C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-19 00:48:04 0 d

---

C:\Program Files\Enigma Software Group
2008-04-18 23:24:12 0 d

---

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 23:09:15 0 d

---

C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-18 19:19:44 0 d

---

C:\WINDOWS\system32\PreInstall
2008-04-18 19:19:42 0 d--h

---

C:\WINDOWS\$hf_mig$
2008-04-18 19:17:48 0 d

---

C:\WINDOWS\system32\SoftwareDistribution
2008-04-18 19:16:42 0 d---s---- C:\Documents and Settings\user\UserData
2008-04-18 18:36:13 0 d

---

C:\Documents and Settings\user\Application Data\Desktop Sidebar
2008-04-18 18:35:24 0 d

---

C:\Program Files\Desktop Sidebar
2008-04-18 18:25:30 0 d

---

C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 17:23:24 226813 --a

---

C:\WINDOWS\system32\k12085646035.exe
2008-04-18 13:49:25 0 d

---

C:\Documents and Settings\user\Application Data\vlc
2008-04-18 13:31:54 0 d

---

C:\Documents and Settings\All Users\progeSOFT
2008-04-18 13:31:46 0 d

---

C:\Documents and Settings\user\Application Data\progeSOFT
2008-04-18 13:23:35 2134016 --a

---

C:\WINDOWS\system32\cdintf251.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-04-18 13:23:23 61440 --a

---

C:\WINDOWS\system32\wintab32.dll
2008-04-18 13:23:23 348160 --a

---

C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 499712 --a

---

C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 1060864 --a

---

C:\WINDOWS\system32\mfc71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 0 d

---

C:\Program Files\progeSOFT
2008-04-18 13:23:22 368912 --a

---

C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-18 13:23:22 415504 --a

---

C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; MicrosoftR Access>
2008-04-18 13:23:22 252176 --a

---

C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 24848 --a

---

C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 123664 --a

---

C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 1046288 --a

---

C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 12:58:13 0 d

---

C:\Documents and Settings\user\Application Data\SoundSpectrum
2008-04-18 12:54:25 0 d

---

C:\Program Files\VideoLAN
2008-04-18 12:53:51 0 d

---

C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-18 12:53:47 0 d

---

C:\Documents and Settings\user\Application Data\NCH Swift Sound
2008-04-18 12:53:32 0 d

---

C:\Program Files\NCH Swift Sound
2008-04-18 12:53:23 0 d

---

C:\Program Files\SoundSpectrum
2008-04-18 12:52:39 212480

---

n--- C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-18 12:51:47 0 d

---

C:\Program Files\Serif
2008-04-18 11:12:43 0 d

---

C:\Program Files\NJStar Chinese WP
2008-04-18 11:04:02 0 d

---

C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-18 10:57:17 0 d

---

C:\Documents and Settings\user\Application Data\NJStar
2008-04-18 10:57:14 0 d

---

C:\Program Files\NJStar Japanese WP
2008-04-18 10:51:45 0 d

---

C:\Documents and Settings\user\Application Data\Azureus
2008-04-18 10:51:27 0 d

---

C:\Program Files\Azureus
2008-04-18 10:48:21 0 d

---

C:\Documents and Settings\user\Application Data\Talkback
2008-04-18 10:48:15 0 --a

---

C:\WINDOWS\nsreg.dat
2008-04-18 10:48:13 0 d

---

C:\Documents and Settings\user\Application Data\Mozilla
2008-04-18 10:24:17 0 d

---

C:\Program Files\Yahoo!
2008-04-18 10:24:16 0 d

---

C:\Documents and Settings\user\Application Data\ACD Systems
2008-04-18 10:23:47 0 d

---

C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\Common Files\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\ACD Systems
2008-04-18 10:23:40 10368 --a

---

C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-04-18 10:22:06 0 d

---

C:\WINDOWS\Downloaded Installations
2008-04-18 06:37:34 0 d

---

C:\Documents and Settings\user\Application Data\Google
2008-04-18 06:37:09 0 d

---

C:\Documents and Settings\All Users\Application Data\Google
2008-04-18 06:28:54 0 d

---

C:\Program Files\Common Files\Java
2008-04-18 06:28:52 0 d

---

C:\Program Files\Java
2008-04-18 06:28:29 0 d

---

C:\Documents and Settings\user\Application Data\Sun
2008-04-18 06:27:54 0 d

---

C:\Program Files\Google
2008-04-18 06:26:46 0 dr

---

C:\Documents and Settings\LocalService\Favorites
2008-04-18 06:20:02 0 d

---

C:\Documents and Settings\user\Application Data\Ahead
2008-04-18 06:19:29 0 d

---

C:\Program Files\Nero
2008-04-18 06:19:29 0 d

---

C:\Program Files\Common Files\Ahead
2008-04-18 06:15:34 0 d

---

C:\Program Files\Microsoft ActiveSync
2008-04-18 06:14:33 0 d

---

C:\WINDOWS\ShellNew
2008-04-18 06:14:31 0 d

---

C:\Program Files\Common Files\L&H
2008-04-18 06:10:16 0 d

---

C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-18 06:09:41 0 d

---

C:\Program Files\CyberLink
2008-04-18 05:58:47 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-18 05:58:21 0 d

---

C:\WINDOWS\Cache
2008-04-18 05:57:05 0 d

---

C:\WINDOWS\nview
2008-04-18 05:52:17 0 d

---

C:\WINDOWS\system32\Lang
2008-04-18 05:49:50 49152 -r

---

C:\WINDOWS\system32\ChCfg.exe
2008-04-18 05:49:37 0 d

---

C:\WINDOWS\system32\RTCOM
2008-04-18 05:48:42 0 d

---

C:\Program Files\Realtek
2008-04-18 05:48:39 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-04-18 05:48:31 315392 --a

---

C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-18 05:48:30 520192 -r

---

C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-18 05:46:41 1732 -ra

---

C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-18 05:46:16 0 d

---

C:\Documents and Settings\user\Application Data\InstallShield
2008-04-18 05:44:37 0 d

---

C:\WINDOWS\system32\Tools
2008-04-18 05:44:28 0 d

---

C:\Program Files\Common Files\InstallShield
2008-04-18 05:43:38 4864 -ra

---

C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-04-18 05:35:25 0 d

---

C:\Documents and Settings\user\Application Data\Identities
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\NetHood
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\My Documents
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\Local Settings
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\Favorites
2008-04-18 05:35:16 0 d

---

C:\Documents and Settings\user\Desktop
2008-04-18 05:35:16 0 d---s---- C:\Documents and Settings\user\Cookies
2008-04-18 05:35:16 0 dr-h

---

C:\Documents and Settings\user\Application Data
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\Templates
2008-04-18 05:35:15 0 dr

---

C:\Documents and Settings\user\Start Menu
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\SendTo
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\Recent
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\PrintHood
2008-04-18 05:35:15 2883584 --ah

---

C:\Documents and Settings\user\NTUSER.DAT
2008-04-18 05:34:35 0 d

---

C:\WINDOWS\SoftwareDistribution
2008-04-18 05:34:33 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-18 05:34:33 0 d

---

C:\WINDOWS\Prefetch
2008-04-18 05:34:32 229376 --ah

---

C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-18 05:34:32 0 d--h

---

C:\Documents and Settings\LocalService\Local Settings
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-18 05:34:32 0 d

---

C:\Documents and Settings\LocalService\Application Data
2008-04-18 05:34:14 229376 --ah

---

C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-18 05:34:14 0 d--h

---

C:\Documents and Settings\NetworkService\Local Settings
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-18 05:34:14 0 d

---

C:\Documents and Settings\NetworkService\Application Data
2008-04-18 05:32:04 0 d

---

C:\WINDOWS\system32\xircom
2008-04-18 05:32:04 0 d

---

C:\Program Files\microsoft frontpage
2008-04-18 05:31:57 262144 --ah

---

C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-18 05:31:47 0 -rahs---- C:\MSDOS.SYS
2008-04-18 05:31:47 0 -rahs---- C:\IO.SYS
2008-04-18 05:31:47 0 --a

---

C:\CONFIG.SYS
2008-04-18 05:31:47 0 --a

---

C:\AUTOEXEC.BAT
2008-04-18 05:30:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-18 05:30:48 0 dr

---

C:\WINDOWS\Offline Web Pages
2008-04-18 05:30:48 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-18 05:30:38 0 d--h

---

C:\Program Files\WindowsUpdate
2008-04-18 05:30:05 0 d

---

C:\WINDOWS\system32\DirectX
2008-04-18 05:29:10 0 d---s---- C:\WINDOWS\Tasks
2008-04-18 05:29:09 0 d

---

C:\Program Files\Common Files\MSSoap
2008-04-18 05:29:03 0 d

---

C:\WINDOWS\srchasst
2008-04-18 05:29:02 0 d

---

C:\WINDOWS\system32\Macromed
2008-04-18 05:28:46 0 d

---

C:\Program Files\Movie Maker
2008-04-18 05:28:33 0 d

---

C:\WINDOWS\system32\Restore
2008-04-18 05:27:50 21640 --a

---

C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 05:27:30 0 d

---

C:\WINDOWS\Registration
2008-04-18 05:27:22 0 d

---

C:\Program Files\Online Services
2008-04-18 05:27:16 0 d

---

C:\Program Files\Messenger
2008-04-18 05:27:12 0 d

---

C:\Program Files\MSN Gaming Zone
2008-04-18 05:26:17 0 d

---

C:\Program Files\Windows NT
2008-04-18 05:26:12 0 d

---

C:\WINDOWS\system32\MsDtc
2008-04-18 05:26:09 0 d

---

C:\WINDOWS\system32\Com
2008-04-17 22:17:25 0 d--hs---- C:\WINDOWS\Installer
2008-04-17 22:17:24 0 d

---

C:\Program Files\Common Files\ODBC
2008-04-17 22:17:22 0 d

---

C:\Program Files\Common Files\SpeechEngines
2008-04-17 22:17:21 0 d

---

C:\Program Files\Common Files
2008-04-17 22:17:21 0 dr

---

C:\Program Files
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\Default User\Start Menu
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\SendTo
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Recent
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\PrintHood
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\NetHood
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\My Documents
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\Local Settings
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Favorites
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Desktop
2008-04-17 22:16:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\All Users\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Start Menu
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Favorites
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Documents
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Desktop
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot2
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\Default User\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\All Users\Application Data
2008-04-17 22:16:02 0 d--hs---- C:\System Volume Information
2008-04-17 22:16:02 0 d

---

C:\Documents and Settings
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\WinSxS
2008-04-17 22:10:24 0 dr

---

C:\WINDOWS\Web
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\twain_32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wbem
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\usmt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\spool
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ShellExt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\Setup
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ras
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\oobe
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\npp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\inetsrv
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\IME
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\icsxml
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ias
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\export
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\etc
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\disdn
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers
2008-04-17 22:10:24 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\dhcp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3com_dmi
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3076
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\2052
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1054
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1042
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1041
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1037
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1033
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1031
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1028
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1025
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\security
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Resources
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\repair
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Provisioning
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\PeerNet
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\pchealth
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msapps
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msagent
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Media
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\java
2008-04-17 22:10:24 0 d--h

---

C:\WINDOWS\inf
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ime
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Help
2008-04-17 22:10:24 0 dr--s---- C:\WINDOWS\Fonts
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ehome
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Driver Cache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Debug
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Cursors
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Connection Wizard
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\AppPatch
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\addins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS


-- Find3M Report

---

2008-04-17 22:16:51 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004/08/03 22:32]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004/08/03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004/08/03 22:32]
"RTHDCPL"="RTHDCPL.EXE" [2007/07/05 01:08 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007/06/15 01:45 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005/05/03 03:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007/12/26 15:35]
"nwiz"="nwiz.exe" [2007/12/26 15:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007/12/26 15:35]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004/11/02 20:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006/01/12 16:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008/04/18 06:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006/04/21 17:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004/08/04 00:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008/04/18 06:28]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008/04/18 06:37]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004/08/04 01:06]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008/03/21 01:30]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [2007/01/13 16:14:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001/02/13 1:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008/04/18 6:28:08]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
btnq
xrvd




-- End of Deckard's System Scanner: finished at 2008-04-19 20:37:22

---

flyingsquirrel

avenger.txt:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "A6933495" deleted successfully.
Driver "msyaxk" deleted successfully.
File "C:\WINDOWS\system32\zsmscc32.dll" deleted successfully.
File "C:\WINDOWS\system32\AutoMsi.sys" deleted successfully.
File "C:\WINDOWS\system32\Msi.sys" deleted successfully.
File "C:\WINDOWS\system32\k12085252075.exe" deleted successfully.
File "C:\WINDOWS\system32\Winsp2.dll" deleted successfully.
File "C:\WINDOWS\system32\winhelp1.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085363065.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085326895.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085324535.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085289865.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085285985.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085277285.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085262995.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085258165.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085479345.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085456905.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085448355.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085418525.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\svch0st.exe" not found!
Deletion of file "C:\WINDOWS\system32\svch0st.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\k12085606255.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085602085.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085593545.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085566995.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085549065.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085524025.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085514585.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085713175.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085830965.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085811545.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085791725.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085769535.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085762164.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085762121.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085723825.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085716745.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086328615.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086291565.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086252165.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086237985.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086214865.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086192694.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086192651.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086178284.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086178221.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086163691.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086137641.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086106975.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086072574.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086072531.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086051885.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086039655.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086019715.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086010075.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085992095.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085950075.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085939164.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085939121.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085936724.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085936681.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085926635.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085904825.exe" deleted successfully.
File "C:\WINDOWS\system32\k12085885075.exe" deleted successfully.
File "C:\WINDOWS\system32\k12086478125.exe" deleted successfully.
Folder "C:\Program Files\smqy" deleted successfully.
Folder "C:\Program Files\woil" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

flyingsquirrel

BitDefender Online Scanner


Scan report generated at: Sat, Apr 19, 2008 - 20:29:41



Scan path: A:\;C:\;D:\;E:\;F:\;G:\;





Statistics
Time
00:16:01
Files
93233
Folders
2273
Boot Sectors
3
Archives
944
Packed Files
3873


Results
Identified Viruses
10
Infected Files
224
Suspect Files
3
Warnings
0
Disinfected
0
Deleted Files
227


Engines Info
Virus Definitions
1165966
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5


Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes


Scanned File

Status

C:\Avenger\k12085252075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085252075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085252075.exe=>(NSIS o)
Update failed
C:\Avenger\k12085258165.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085258165.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085258165.exe=>(NSIS o)
Update failed
C:\Avenger\k12085262995.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085262995.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085262995.exe=>(NSIS o)
Update failed
C:\Avenger\k12085277285.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085277285.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085277285.exe=>(NSIS o)
Update failed
C:\Avenger\k12085285985.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085285985.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085285985.exe=>(NSIS o)
Update failed
C:\Avenger\k12085289865.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085289865.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085289865.exe=>(NSIS o)
Update failed
C:\Avenger\k12085324535.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085324535.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085324535.exe=>(NSIS o)
Update failed
C:\Avenger\k12085326895.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085326895.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085326895.exe=>(NSIS o)
Update failed
C:\Avenger\k12085363065.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085363065.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085363065.exe=>(NSIS o)
Update failed
C:\Avenger\k12085418525.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085418525.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085418525.exe=>(NSIS o)
Update failed
C:\Avenger\k12085448355.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085448355.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085448355.exe=>(NSIS o)
Update failed
C:\Avenger\k12085456905.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085456905.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085456905.exe=>(NSIS o)
Update failed
C:\Avenger\k12085479345.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085479345.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085479345.exe=>(NSIS o)
Update failed
C:\Avenger\k12085514585.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085514585.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085514585.exe=>(NSIS o)
Update failed
C:\Avenger\k12085524025.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085524025.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085524025.exe=>(NSIS o)
Update failed
C:\Avenger\k12085549065.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085549065.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085549065.exe=>(NSIS o)
Update failed
C:\Avenger\k12085566995.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085566995.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085566995.exe=>(NSIS o)
Update failed
C:\Avenger\k12085593545.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085593545.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085593545.exe=>(NSIS o)
Update failed
C:\Avenger\k12085602085.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085602085.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085602085.exe=>(NSIS o)
Update failed
C:\Avenger\k12085606255.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085606255.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085606255.exe=>(NSIS o)
Update failed
C:\Avenger\k12085713175.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085713175.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085713175.exe=>(NSIS o)
Update failed
C:\Avenger\k12085716745.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085716745.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085716745.exe=>(NSIS o)
Update failed
C:\Avenger\k12085723825.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085723825.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085723825.exe=>(NSIS o)
Update failed
C:\Avenger\k12085769535.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085769535.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085769535.exe=>(NSIS o)
Update failed
C:\Avenger\k12085791725.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085791725.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085791725.exe=>(NSIS o)
Update failed
C:\Avenger\k12085811545.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085811545.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085811545.exe=>(NSIS o)
Update failed
C:\Avenger\k12085830965.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085830965.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085830965.exe=>(NSIS o)
Update failed
C:\Avenger\k12085885075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085885075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085885075.exe=>(NSIS o)
Update failed
C:\Avenger\k12085904825.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085904825.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085904825.exe=>(NSIS o)
Update failed
C:\Avenger\k12085926635.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085926635.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085926635.exe=>(NSIS o)
Update failed
C:\Avenger\k12085950075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085950075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085950075.exe=>(NSIS o)
Update failed
C:\Avenger\k12085992095.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085992095.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085992095.exe=>(NSIS o)
Update failed
C:\Avenger\k12086010075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086010075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086010075.exe=>(NSIS o)
Update failed
C:\Avenger\k12086019715.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086019715.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086019715.exe=>(NSIS o)
Update failed
C:\Avenger\k12086039655.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086039655.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086039655.exe=>(NSIS o)
Update failed
C:\Avenger\k12086051885.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086051885.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086051885.exe=>(NSIS o)
Update failed
C:\Avenger\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.Cinmus.XY
C:\Avenger\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed
C:\Avenger\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted
C:\Avenger\k12086072531.exe=>(NSIS o)
Update failed
C:\Avenger\k12086106975.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086106975.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086106975.exe=>(NSIS o)
Update failed
C:\Avenger\k12086214865.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086214865.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086214865.exe=>(NSIS o)
Update failed
C:\Avenger\k12086237985.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086237985.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086237985.exe=>(NSIS o)
Update failed
C:\Avenger\k12086252165.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086252165.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086252165.exe=>(NSIS o)
Update failed
C:\Avenger\k12086291565.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086291565.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086291565.exe=>(NSIS o)
Update failed
C:\Avenger\k12086328615.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086328615.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086328615.exe=>(NSIS o)
Update failed
C:\Avenger\k12086478125.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086478125.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086478125.exe=>(NSIS o)
Update failed
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002290.DLL
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002290.DLL
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002291.EXE
Infected with: Win32.Worm.Winko.I
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002291.EXE
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002292.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002292.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002292.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002293.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002293.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002293.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002294.exe
Suspected of: GenPack:Generic.Malware.Fdld.6D91A5E5
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002294.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002294.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002295.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002295.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002296.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002296.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002296.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002297.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002297.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002297.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002298.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002298.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002298.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002299.exe
Suspected of: GenPack:Generic.Malware.Fdld.6D91A5E5
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002299.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002299.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002300.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002300.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002300.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002301.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002301.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002301.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002302.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002302.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002302.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002303.exe
Suspected of: GenPack:Generic.Malware.Fdld.6D91A5E5
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002303.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002303.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002304.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002304.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002305.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002305.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002305.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002306.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002306.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002306.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002307.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002307.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002307.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002308.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002308.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002309.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002309.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002309.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002310.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002310.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002310.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002311.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002311.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002311.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002312.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002312.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002313.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002313.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002313.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002314.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002314.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002314.exe
Deleted

flyingsquirrel

C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002315.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002315.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002315.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002316.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002316.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002317.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002317.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002317.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002318.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002318.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002318.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002319.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002319.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002319.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002320.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002320.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002321.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002321.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002321.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002322.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002322.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002322.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002323.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002323.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002323.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002324.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002324.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002325.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002325.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002325.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002326.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002326.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002326.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002327.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002327.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002328.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002328.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002328.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002329.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002329.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002329.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002330.exe
Infected with: Trojan.Downloader.Small.AANJ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002330.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002330.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002331.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002331.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002332.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002332.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002332.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002333.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002333.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002333.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002334.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002334.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002335.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002335.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002335.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002336.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002336.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002336.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002337.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002337.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002338.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002338.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002338.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002339.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002339.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002339.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002340.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002340.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002341.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002341.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002341.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002342.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002342.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002342.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002343.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002343.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002344.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002344.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002344.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002345.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002345.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002345.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002346.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002346.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002347.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002347.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002347.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002348.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002348.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002348.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002349.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002349.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002350.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002350.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002350.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002351.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002351.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002351.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002352.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002352.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002353.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002353.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002353.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002354.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002354.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002354.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002355.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002355.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002356.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002356.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002356.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002357.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002357.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002357.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002358.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002358.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002359.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002359.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002359.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002360.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002360.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002360.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002361.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002361.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002362.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002362.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002362.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002363.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002363.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002363.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002364.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002364.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002365.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002365.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002365.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002366.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002366.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002366.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002367.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002367.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002368.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002368.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002368.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002369.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002369.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002369.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002370.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002370.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002371.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002371.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002371.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002372.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002372.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002372.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002373.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002373.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002374.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002374.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002374.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002375.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002375.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002375.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002376.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002376.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002376.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002377.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002377.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002378.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002378.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002378.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002379.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002379.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002379.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002380.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002380.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002381.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002381.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002381.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002382.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002382.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002382.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002383.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002383.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002384.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002384.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002384.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002385.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002385.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002385.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002386.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002386.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002387.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002387.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002387.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002388.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002388.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002388.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002389.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002389.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002390.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002390.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002390.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002391.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002391.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002391.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002392.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002392.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002393.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002393.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002393.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002394.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002394.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002394.exe
Deleted

flyingsquirrel

C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002395.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002395.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002396.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002396.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002396.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002397.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002397.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002397.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002398.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002398.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002398.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002399.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002399.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002399.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002400.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002400.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002401.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002401.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002401.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002402.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002402.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002402.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002403.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002403.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002404.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002404.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002404.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002405.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002405.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002405.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002406.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002406.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002407.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002407.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002407.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002408.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002408.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002408.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002409.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002409.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002410.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002410.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002410.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002411.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002411.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002411.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002412.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002412.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002413.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002413.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002413.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002414.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002414.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002414.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002415.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002415.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002416.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002416.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002416.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002417.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002417.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002417.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002418.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002418.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002419.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002419.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002419.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002420.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002420.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002420.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002421.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002421.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002421.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002422.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002422.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002422.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002423.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002423.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002423.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002424.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002424.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002425.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002425.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002425.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002426.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002426.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002426.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002427.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002427.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002428.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002428.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002428.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002429.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002429.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002429.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002430.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002430.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002431.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002431.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002431.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002432.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002432.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002432.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002433.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002433.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002434.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002434.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002434.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002435.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002435.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002435.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002436.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002436.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002437.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002437.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002437.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002438.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002438.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002438.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002439.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002439.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002440.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002440.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002440.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002441.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002441.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002441.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002442.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002442.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002443.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002443.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002443.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002444.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002444.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002444.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002445.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002445.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002446.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002446.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002446.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002447.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002447.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002447.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002448.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002448.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002449.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002449.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002449.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002450.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002450.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002450.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002451.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002451.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002452.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002452.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002452.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002453.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002453.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002453.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002454.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002454.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002455.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002455.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002455.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002456.exe
Infected with: Dropped:Adware.Cinmus.XZ
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002456.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002456.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002457.exe
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002457.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002458.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002458.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002458.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002459.dll
Infected with: Backdoor.Delf.HNY
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002459.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002460.exe
Infected with: Trojan.Proxy.Delf.DP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002460.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002460.exe
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002461.dll
Infected with: Trojan.Agent.AIBP
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002461.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002462.dll
Infected with: Trojan.PWS.OnlineGames.NYC
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002462.dll
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002462.dll
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002463.exe
Infected with: Generic.Malware.SFEVdldg.8380C639
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002463.exe
Disinfection failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP16\A0002463.exe
Deleted
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12085646035.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12085646035.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12085646035.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086408835.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086408835.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086408835.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086427185.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086427185.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086427185.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086443115.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086443115.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086443115.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086466155.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086466155.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086466155.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086468885.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086468885.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086468885.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k12086470925.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k12086470925.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k12086470925.exe=>(NSIS o)
Update failed

dats all ^

about the chinese programs, which are you suspecting as harmful? all i know that i have is that:
nj star chinese is a chinese word processor that didnt harm my old computer
i have the east asian languages pack installed (thru win XP disc)

Thomas

Not the Chinese software itself, but the source of that, if not from a legit source.


But looks better each time, as hidden items are removed as well as all the mass of repeat infection.


Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)

---

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files (shown in Bold), and if found, delete them.

C:\WINDOWS\system32\k12086470925.exe
C:\WINDOWS\system32\k12086468885.exe
C:\WINDOWS\system32\k12086466155.exe
C:\WINDOWS\system32\k12086443115.exe
C:\WINDOWS\system32\k12086427185.exe
C:\WINDOWS\system32\k12086408835.exe
C:\WINDOWS\system32\k12085646035.exe

---

Go Here and download ATF cleaner. Close all open browsers, then click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, you can also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

---

Run a new BitDefender scan again, being sure to save that log to post back here.

Then reboot, and still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Process Modules

Then under Extra Log, uncheck all the boxes.

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Cleanup will run during this scan, so be sure to allow that.

Then post back that log along with the new BitDefender log please.

flyingsquirrel

main.txt

Deckard's System Scanner v20071014.68
Run by user on 2008-04-20 16:06:55
Computer is in Normal Mode.

---

Performed disk cleanup.



-- HijackThis (run as user.exe)

---

Logfile of HijackThis v1.99.1
Scan saved at 16:07:03, on 2008/04/20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\desktop\dss.exe
C:\PROGRA~1\HIJACK~1\user.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208571421358
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\)

---

backup-20080420-154037-422 O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)

-- File Associations

---

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 catchme - c:\docume~1\user\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

All services whitelisted.


-- Device Manager: Disabled

---

No disabled devices found.


-- Files created between 2008-03-20 and 2008-04-20

---

2008-04-20 15:28:05 0 d

---

C:\Program Files\Common Files\xing shared
2008-04-20 15:27:54 0 d

---

C:\Program Files\Real
2008-04-20 15:27:52 0 d

---

C:\Program Files\Common Files\Real
2008-04-20 15:27:52 0 d

---

C:\Documents and Settings\user\Application Data\Real
2008-04-19 22:52:37 0 d

---

C:\Documents and Settings\user\Application Data\AdobeUM
2008-04-19 22:50:33 0 d

---

C:\Program Files\Common Files\Adobe
2008-04-19 22:50:33 0 d

---

C:\Documents and Settings\user\Application Data\Adobe
2008-04-19 20:01:31 0 drahs---- C:\autorun.inf
2008-04-19 18:55:26 0 d

---

C:\WINDOWS\system32\appmgmt
2008-04-19 18:50:05 0 d

---

C:\KEY
2008-04-19 18:17:00 0 d

---

C:\WINDOWS\Sun
2008-04-19 18:16:17 0 d

---

C:\Documents and Settings\user\Application Data\Malwarebytes
2008-04-19 18:16:10 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 18:16:10 0 d

---

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 18:15:55 0 d

---

C:\Program Files\Common Files\Download Manager
2008-04-19 18:07:53 0 d

---

C:\WINDOWS\ERUNT
2008-04-19 18:01:24 0 d

---

C:\Program Files\DAEMON Tools Lite
2008-04-19 17:46:57 717296 --a

---

C:\WINDOWS\system32\drivers\sptd.sys
2008-04-19 17:46:53 0 d

---

C:\Documents and Settings\user\Application Data\DAEMON Tools
2008-04-19 16:36:51 0 d

---

C:\WINDOWS\BDOSCAN8
2008-04-19 16:32:28 0 d

---

C:\WINDOWS\CSC
2008-04-19 16:28:13 0 d

---

C:\Documents and Settings\user\WINDOWS
2008-04-19 16:28:13 0 d

---

C:\Application Data
2008-04-19 01:28:26 0 d

---

C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-19 00:48:04 0 d

---

C:\Program Files\Enigma Software Group
2008-04-18 23:24:12 0 d

---

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 23:09:15 0 d

---

C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-18 19:19:44 0 d

---

C:\WINDOWS\system32\PreInstall
2008-04-18 19:19:42 0 d--h

---

C:\WINDOWS\$hf_mig$
2008-04-18 19:17:48 0 d

---

C:\WINDOWS\system32\SoftwareDistribution
2008-04-18 19:16:42 0 d---s---- C:\Documents and Settings\user\UserData
2008-04-18 18:36:13 0 d

---

C:\Documents and Settings\user\Application Data\Desktop Sidebar
2008-04-18 18:35:24 0 d

---

C:\Program Files\Desktop Sidebar
2008-04-18 18:25:30 0 d

---

C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 13:49:25 0 d

---

C:\Documents and Settings\user\Application Data\vlc
2008-04-18 13:31:54 0 d

---

C:\Documents and Settings\All Users\progeSOFT
2008-04-18 13:31:46 0 d

---

C:\Documents and Settings\user\Application Data\progeSOFT
2008-04-18 13:23:35 2134016 --a

---

C:\WINDOWS\system32\cdintf251.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-04-18 13:23:23 61440 --a

---

C:\WINDOWS\system32\wintab32.dll
2008-04-18 13:23:23 348160 --a

---

C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 499712 --a

---

C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 1060864 --a

---

C:\WINDOWS\system32\mfc71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 0 d

---

C:\Program Files\progeSOFT
2008-04-18 13:23:22 368912 --a

---

C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-18 13:23:22 415504 --a

---

C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; MicrosoftR Access>
2008-04-18 13:23:22 252176 --a

---

C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 24848 --a

---

C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 123664 --a

---

C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 1046288 --a

---

C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 12:58:13 0 d

---

C:\Documents and Settings\user\Application Data\SoundSpectrum
2008-04-18 12:54:25 0 d

---

C:\Program Files\VideoLAN
2008-04-18 12:53:51 0 d

---

C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-18 12:53:47 0 d

---

C:\Documents and Settings\user\Application Data\NCH Swift Sound
2008-04-18 12:53:32 0 d

---

C:\Program Files\NCH Swift Sound
2008-04-18 12:53:23 0 d

---

C:\Program Files\SoundSpectrum
2008-04-18 12:52:39 212480

---

n--- C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-18 12:51:47 0 d

---

C:\Program Files\Serif
2008-04-18 11:12:43 0 d

---

C:\Program Files\NJStar Chinese WP
2008-04-18 11:04:02 0 d

---

C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-18 10:57:17 0 d

---

C:\Documents and Settings\user\Application Data\NJStar
2008-04-18 10:57:14 0 d

---

C:\Program Files\NJStar Japanese WP
2008-04-18 10:51:45 0 d

---

C:\Documents and Settings\user\Application Data\Azureus
2008-04-18 10:51:27 0 d

---

C:\Program Files\Azureus
2008-04-18 10:48:21 0 d

---

C:\Documents and Settings\user\Application Data\Talkback
2008-04-18 10:48:15 0 --a

---

C:\WINDOWS\nsreg.dat
2008-04-18 10:48:13 0 d

---

C:\Documents and Settings\user\Application Data\Mozilla
2008-04-18 10:24:17 0 d

---

C:\Program Files\Yahoo!
2008-04-18 10:24:16 0 d

---

C:\Documents and Settings\user\Application Data\ACD Systems
2008-04-18 10:23:47 0 d

---

C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\Common Files\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\ACD Systems
2008-04-18 10:23:40 10368 --a

---

C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-04-18 10:22:06 0 d

---

C:\WINDOWS\Downloaded Installations
2008-04-18 06:37:34 0 d

---

C:\Documents and Settings\user\Application Data\Google
2008-04-18 06:37:09 0 d

---

C:\Documents and Settings\All Users\Application Data\Google
2008-04-18 06:28:54 0 d

---

C:\Program Files\Common Files\Java
2008-04-18 06:28:52 0 d

---

C:\Program Files\Java
2008-04-18 06:28:29 0 d

---

C:\Documents and Settings\user\Application Data\Sun
2008-04-18 06:27:54 0 d

---

C:\Program Files\Google
2008-04-18 06:26:46 0 dr

---

C:\Documents and Settings\LocalService\Favorites
2008-04-18 06:20:02 0 d

---

C:\Documents and Settings\user\Application Data\Ahead
2008-04-18 06:19:29 0 d

---

C:\Program Files\Nero
2008-04-18 06:19:29 0 d

---

C:\Program Files\Common Files\Ahead
2008-04-18 06:15:34 0 d

---

C:\Program Files\Microsoft ActiveSync
2008-04-18 06:14:33 0 d

---

C:\WINDOWS\ShellNew
2008-04-18 06:14:31 0 d

---

C:\Program Files\Common Files\L&H
2008-04-18 06:10:16 0 d

---

C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-18 06:09:41 0 d

---

C:\Program Files\CyberLink
2008-04-18 05:58:47 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-18 05:58:21 0 d

---

C:\WINDOWS\Cache
2008-04-18 05:57:05 0 d

---

C:\WINDOWS\nview
2008-04-18 05:52:17 0 d

---

C:\WINDOWS\system32\Lang
2008-04-18 05:49:50 49152 -r

---

C:\WINDOWS\system32\ChCfg.exe
2008-04-18 05:49:37 0 d

---

C:\WINDOWS\system32\RTCOM
2008-04-18 05:48:42 0 d

---

C:\Program Files\Realtek
2008-04-18 05:48:39 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-04-18 05:48:31 315392 --a

---

C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-18 05:48:30 520192 -r

---

C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-18 05:46:41 1732 -ra

---

C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-18 05:46:16 0 d

---

C:\Documents and Settings\user\Application Data\InstallShield
2008-04-18 05:44:37 0 d

---

C:\WINDOWS\system32\Tools
2008-04-18 05:44:28 0 d

---

C:\Program Files\Common Files\InstallShield
2008-04-18 05:43:38 4864 -ra

---

C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-04-18 05:35:25 0 d

---

C:\Documents and Settings\user\Application Data\Identities
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\NetHood
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\My Documents
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\Local Settings
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\Favorites
2008-04-18 05:35:16 0 d

---

C:\Documents and Settings\user\Desktop
2008-04-18 05:35:16 0 d---s---- C:\Documents and Settings\user\Cookies
2008-04-18 05:35:16 0 dr-h

---

C:\Documents and Settings\user\Application Data
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\Templates
2008-04-18 05:35:15 0 dr

---

C:\Documents and Settings\user\Start Menu
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\SendTo
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\Recent
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\PrintHood
2008-04-18 05:35:15 3407872 --ah

---

C:\Documents and Settings\user\NTUSER.DAT
2008-04-18 05:34:35 0 d

---

C:\WINDOWS\SoftwareDistribution
2008-04-18 05:34:33 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-18 05:34:33 0 d

---

C:\WINDOWS\Prefetch
2008-04-18 05:34:32 229376 --ah

---

C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-18 05:34:32 0 d--h

---

C:\Documents and Settings\LocalService\Local Settings
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-18 05:34:32 0 d

---

C:\Documents and Settings\LocalService\Application Data
2008-04-18 05:34:14 229376 --ah

---

C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-18 05:34:14 0 d--h

---

C:\Documents and Settings\NetworkService\Local Settings
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-18 05:34:14 0 d

---

C:\Documents and Settings\NetworkService\Application Data
2008-04-18 05:32:04 0 d

---

C:\WINDOWS\system32\xircom
2008-04-18 05:32:04 0 d

---

C:\Program Files\microsoft frontpage
2008-04-18 05:31:57 262144 --ah

---

C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-18 05:31:47 0 -rahs---- C:\MSDOS.SYS
2008-04-18 05:31:47 0 -rahs---- C:\IO.SYS
2008-04-18 05:31:47 0 --a

---

C:\CONFIG.SYS
2008-04-18 05:31:47 0 --a

---

C:\AUTOEXEC.BAT
2008-04-18 05:30:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-18 05:30:48 0 dr

---

C:\WINDOWS\Offline Web Pages
2008-04-18 05:30:48 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-18 05:30:38 0 d--h

---

C:\Program Files\WindowsUpdate
2008-04-18 05:30:05 0 d

---

C:\WINDOWS\system32\DirectX
2008-04-18 05:29:10 0 d---s---- C:\WINDOWS\Tasks
2008-04-18 05:29:09 0 d

---

C:\Program Files\Common Files\MSSoap
2008-04-18 05:29:03 0 d

---

C:\WINDOWS\srchasst
2008-04-18 05:29:02 0 d

---

C:\WINDOWS\system32\Macromed
2008-04-18 05:28:46 0 d

---

C:\Program Files\Movie Maker
2008-04-18 05:28:33 0 d

---

C:\WINDOWS\system32\Restore
2008-04-18 05:27:50 21640 --a

---

C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 05:27:30 0 d

---

C:\WINDOWS\Registration
2008-04-18 05:27:22 0 d

---

C:\Program Files\Online Services
2008-04-18 05:27:16 0 d

---

C:\Program Files\Messenger
2008-04-18 05:27:12 0 d

---

C:\Program Files\MSN Gaming Zone
2008-04-18 05:26:17 0 d

---

C:\Program Files\Windows NT
2008-04-18 05:26:12 0 d

---

C:\WINDOWS\system32\MsDtc
2008-04-18 05:26:09 0 d

---

C:\WINDOWS\system32\Com
2008-04-17 22:17:25 0 d--hs---- C:\WINDOWS\Installer
2008-04-17 22:17:24 0 d

---

C:\Program Files\Common Files\ODBC
2008-04-17 22:17:22 0 d

---

C:\Program Files\Common Files\SpeechEngines
2008-04-17 22:17:21 0 d

---

C:\Program Files\Common Files
2008-04-17 22:17:21 0 dr

---

C:\Program Files
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\Default User\Start Menu
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\SendTo
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Recent
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\PrintHood
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\NetHood
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\My Documents
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\Local Settings
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Favorites
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Desktop
2008-04-17 22:16:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\All Users\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Start Menu
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Favorites
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Documents
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Desktop
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot2
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\Default User\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\All Users\Application Data
2008-04-17 22:16:02 0 d--hs---- C:\System Volume Information
2008-04-17 22:16:02 0 d

---

C:\Documents and Settings
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\WinSxS
2008-04-17 22:10:24 0 dr

---

C:\WINDOWS\Web
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\twain_32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wbem
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\usmt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\spool
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ShellExt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\Setup
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ras
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\oobe
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\npp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\inetsrv
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\IME
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\icsxml
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ias
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\export
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\etc
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\disdn
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers
2008-04-17 22:10:24 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\dhcp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3com_dmi
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3076
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\2052
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1054
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1042
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1041
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1037
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1033
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1031
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1028
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1025
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\security
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Resources
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\repair
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Provisioning
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\PeerNet
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\pchealth
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msapps
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msagent
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Media
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\java
2008-04-17 22:10:24 0 d--h

---

C:\WINDOWS\inf
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ime
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Help
2008-04-17 22:10:24 0 dr--s---- C:\WINDOWS\Fonts
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ehome
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Driver Cache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Debug
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Cursors
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Connection Wizard
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\AppPatch
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\addins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS


-- Find3M Report

---

2008-04-17 22:16:51 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004/08/03 22:32]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004/08/03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004/08/03 22:32]
"RTHDCPL"="RTHDCPL.EXE" [2007/07/05 01:08 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007/06/15 01:45 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005/05/03 03:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007/12/26 15:35]
"nwiz"="nwiz.exe" [2007/12/26 15:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007/12/26 15:35]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004/11/02 20:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006/01/12 16:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008/04/18 06:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008/04/20 15:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006/04/21 17:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004/08/04 00:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008/04/18 06:28]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008/04/18 06:37]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004/08/04 01:06]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008/03/21 01:30]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [2007/01/13 16:14:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001/02/13 1:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
btnq
xrvd




-- End of Deckard's System Scanner: finished at 2008-04-20 16:07:40

---

flyingsquirrel

BitDefender Online Scanner


Scan report generated at: Sun, Apr 20, 2008 - 16:03:26



Scan path: A:\;C:\;D:\;E:\;F:\;G:\;





Statistics
Time
00:14:51
Files
94848
Folders
2407
Boot Sectors
3
Archives
944
Packed Files
3929


Results
Identified Viruses
2
Infected Files
53
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
53


Engines Info
Virus Definitions
1167447
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5


Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes


Scanned File

Status

C:\Avenger\k12085252075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085252075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085252075.exe=>(NSIS o)
Update failed
C:\Avenger\k12085258165.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085258165.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085258165.exe=>(NSIS o)
Update failed
C:\Avenger\k12085262995.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085262995.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085262995.exe=>(NSIS o)
Update failed
C:\Avenger\k12085277285.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085277285.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085277285.exe=>(NSIS o)
Update failed
C:\Avenger\k12085285985.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085285985.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085285985.exe=>(NSIS o)
Update failed
C:\Avenger\k12085289865.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085289865.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085289865.exe=>(NSIS o)
Update failed
C:\Avenger\k12085324535.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085324535.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085324535.exe=>(NSIS o)
Update failed
C:\Avenger\k12085326895.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085326895.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085326895.exe=>(NSIS o)
Update failed
C:\Avenger\k12085363065.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085363065.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085363065.exe=>(NSIS o)
Update failed
C:\Avenger\k12085418525.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085418525.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085418525.exe=>(NSIS o)
Update failed
C:\Avenger\k12085448355.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085448355.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085448355.exe=>(NSIS o)
Update failed
C:\Avenger\k12085456905.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085456905.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085456905.exe=>(NSIS o)
Update failed
C:\Avenger\k12085479345.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085479345.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085479345.exe=>(NSIS o)
Update failed
C:\Avenger\k12085514585.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085514585.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085514585.exe=>(NSIS o)
Update failed
C:\Avenger\k12085524025.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085524025.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085524025.exe=>(NSIS o)
Update failed
C:\Avenger\k12085549065.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085549065.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085549065.exe=>(NSIS o)
Update failed
C:\Avenger\k12085566995.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085566995.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085566995.exe=>(NSIS o)
Update failed
C:\Avenger\k12085593545.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085593545.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085593545.exe=>(NSIS o)
Update failed
C:\Avenger\k12085602085.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085602085.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085602085.exe=>(NSIS o)
Update failed
C:\Avenger\k12085606255.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085606255.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085606255.exe=>(NSIS o)
Update failed
C:\Avenger\k12085713175.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085713175.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085713175.exe=>(NSIS o)
Update failed
C:\Avenger\k12085716745.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085716745.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085716745.exe=>(NSIS o)
Update failed
C:\Avenger\k12085723825.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085723825.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085723825.exe=>(NSIS o)
Update failed
C:\Avenger\k12085769535.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085769535.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085769535.exe=>(NSIS o)
Update failed
C:\Avenger\k12085791725.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085791725.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085791725.exe=>(NSIS o)
Update failed
C:\Avenger\k12085811545.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085811545.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085811545.exe=>(NSIS o)
Update failed
C:\Avenger\k12085830965.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085830965.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085830965.exe=>(NSIS o)
Update failed
C:\Avenger\k12085885075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085885075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085885075.exe=>(NSIS o)
Update failed
C:\Avenger\k12085904825.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085904825.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085904825.exe=>(NSIS o)
Update failed
C:\Avenger\k12085926635.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085926635.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085926635.exe=>(NSIS o)
Update failed
C:\Avenger\k12085950075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085950075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085950075.exe=>(NSIS o)
Update failed
C:\Avenger\k12085992095.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12085992095.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12085992095.exe=>(NSIS o)
Update failed
C:\Avenger\k12086010075.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086010075.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086010075.exe=>(NSIS o)
Update failed
C:\Avenger\k12086019715.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086019715.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086019715.exe=>(NSIS o)
Update failed
C:\Avenger\k12086039655.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086039655.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086039655.exe=>(NSIS o)
Update failed
C:\Avenger\k12086051885.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086051885.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086051885.exe=>(NSIS o)
Update failed
C:\Avenger\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.Cinmus.XY
C:\Avenger\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed
C:\Avenger\k12086072531.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted
C:\Avenger\k12086072531.exe=>(NSIS o)
Update failed
C:\Avenger\k12086106975.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086106975.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086106975.exe=>(NSIS o)
Update failed
C:\Avenger\k12086214865.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086214865.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086214865.exe=>(NSIS o)
Update failed
C:\Avenger\k12086237985.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086237985.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086237985.exe=>(NSIS o)
Update failed
C:\Avenger\k12086252165.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086252165.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086252165.exe=>(NSIS o)
Update failed
C:\Avenger\k12086291565.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086291565.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086291565.exe=>(NSIS o)
Update failed
C:\Avenger\k12086328615.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086328615.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086328615.exe=>(NSIS o)
Update failed
C:\Avenger\k12086478125.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Avenger\k12086478125.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Avenger\k12086478125.exe=>(NSIS o)
Update failed
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\Deckard\System Scanner\20080419122824\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\T6V2OAZ6\cx[1].exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002707.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002707.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002707.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002708.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002708.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002708.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002709.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002709.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002709.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002710.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002710.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002710.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002711.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002711.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002711.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002712.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002712.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002712.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002713.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002713.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\System Volume Information\_restore{E3F9F25D-5B81-4FFC-96D0-2251FF120275}\RP18\A0002713.exe=>(NSIS o)
Update failed
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)=>lzma_solid_nsis0001
Detected with: Adware.Boran.XTH
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted
C:\WINDOWS\system32\k11882845405.exe=>(NSIS o)
Update failed

Thomas

Looking good, and none of the malware files showing any longer. Very good work so far. Either I am getting a wrong read on one registry item there, or something is holding onto it still.

@ECHO OFF
if exist Regsearch2.txt del /q Regsearch2.txt
regedit /e Regsearch1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs"
Notepad Regsearch2.txt

Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text into the open text box, then save this to your desktop as "netcheck.bat"

Be sure to include the "" quotes in the name. Then click on netcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.

For the above, tell me if the textbox posted this way is easier, or the method above with the larger text. Do the step using either one - I would just like some feedback on methods here if you would.

[SIZE="1"]@ECHO OFF
if exist Regsearch2.txt del /q Regsearch2.txt
regedit /e Regsearch1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs"
Notepad Regsearch2.txt[/SIZE]

flyingsquirrel

when i run "netcheck.bat" it tells me i dont have regsearch2.txt and prompts me to create one, should I?

anyways, a regsearch1.txt popped out and here are the contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

Thomas

At the last minute I couldn't recall if we had already used a Regsearch1, and didn't make the all the needed changes to my script. Just not sure what the log is showing related to that key though, so we can make corrections. Do the same thing with the following script, calling it "newnet.bat"

@ECHO OFF
if exist Regsearch2.txt del /q Regsearch2.txt
regedit /e Regsearch2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost"
Notepad Regsearch2.txt

It will create a Regsearch2.txt. However, this will be a much larger log file. Go ahead and post that when ready. You didn't mention which view earlier was easier to create the batch file from.

flyingsquirrel

a'ight, heres the stuff:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"HTTPFilter"=hex(7):48,00,54,00,54,00,50,00,46,00,69,00,6c,00,74,00,65,00,72,\
00,00,00,00,00
"LocalService"=hex(7):41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,57,00,65,\
00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4c,00,6d,00,48,00,6f,00,\
73,00,74,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,\
00,69,00,73,00,74,00,72,00,79,00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,\
73,00,74,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,00,00
"NetworkService"=hex(7):44,00,6e,00,73,00,43,00,61,00,63,00,68,00,65,00,00,00,\
00,00
"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,42,00,\
49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,\
00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,00,62,00,74,00,6e,00,\
71,00,00,00,78,00,72,00,76,00,64,00,00,00,00,00
"DcomLaunch"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,\
00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

Thomas

Bit of a trick there on me. The bad values are in this:

"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41, 00,70,00,70,00,4d,00,67,00,\
6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53 ,00,72,00,76,00,00,00,42,\
00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00 ,72,00,79,00,70,00,74,00,\
53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72 ,00,76,00,65,00,72,00,00,\
00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00 ,76,00,63,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65 ,00,6d,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00 ,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74 ,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00 ,65,00,72,00,76,00,00,00,\
49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70 ,00,00,00,49,00,72,00,6d,\
00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00 ,6e,00,53,00,65,00,72,00,\
76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61 ,00,6e,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00 ,00,00,4d,00,65,00,73,00,\
73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65 ,00,74,00,6d,00,61,00,6e,\
00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00 ,73,00,73,00,76,00,63,00,\
00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73 ,00,74,00,61,00,74,00,69,\
00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00 ,61,00,67,00,65,00,6e,00,\
74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f ,00,00,00,52,00,61,00,73,\
00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00 ,74,00,65,00,61,00,63,00,\
63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65 ,00,64,00,75,00,6c,00,65,\
00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00 ,6e,00,00,00,53,00,45,00,\
4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64 ,00,61,00,63,00,63,00,65,\
00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00 ,76,00,69,00,63,00,65,00,\
00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00 ,00,54,00,68,00,65,00,6d,\
00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00 ,73,00,00,00,57,00,33,00,\
32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43 ,00,53,00,56,00,43,00,00,\
00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00 ,50,00,6d,00,53,00,70,00,\
00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00 ,00,77,00,73,00,63,00,73,\
00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00 ,6f,00,76,00,00,00,42,00,\
49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73 ,00,65,00,72,00,76,00,00,\
00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00 ,65,00,74,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70 ,00,73,00,76,00,63,00,00,\
00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00 ,00,00,62,00,74,00,6e,00,\
71,00,00,00,78,00,72,00,76,00,64,00,00,00,00,00

I could try to craft a new regedit value for you to import there, but instead it will much simpler if you just manually corrected those yourself. It is simple once you see where the steps lead. Deckards also created handy means of returning backups should any glitches occur, though they won't.

I would like you to use the Registry Editor to make a manual change to a registry entry.

Go to Start -> Run -> type regedit (and OK)


In the Registry Editor, in the left panel navigate to the following key (use the "+" symbols in the left panel to expand the tree entries):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost

In the right panel, locate the following:

"netsvcs"

Right click that, and select Modify (not "Modify Binary Data"). You will get a new Edit Multi-String display. In the lower box there will be a long list of names, like the following:

6to4
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
..........

And at the bottom of that list if you scroll down will look like this:

wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
btnq
xrvd

All you need to do is, using your mouse to hilight them, and keyboard to Delete them, delete the ones I hilighted, which will show at the very bottom. These were placed by malware. Once you have done that click Okay to close the display. Then click the X in the upper corner to close the Registry Editor.

Reboot, and after the reboot, still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Extra Log, uncheck all the boxes except this one:

Security Center

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

flyingsquirrel

main.txt:

Deckard's System Scanner v20071014.68
Run by user on 2008-04-22 15:30:01
Computer is in Normal Mode.

---

-- HijackThis (run as user.exe)

---

Unable to find log (file not found); running clone.
-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-22 15:30:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\user\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208571421358
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper ウェブルート スパイ スウィーパー エンジン (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 9644 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\)

---

backup-20080420-154037-422 O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)

-- File Associations

---

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 catchme - c:\docume~1\user\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

All services whitelisted.


-- Device Manager: Disabled

---

No disabled devices found.


-- Files created between 2008-03-22 and 2008-04-22

---

2008-04-21 16:44:33 0 d

---

C:\Documents and Settings\user\Application Data\Lavasoft
2008-04-21 16:41:11 0 d-a

---

C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 16:41:00 0 d

---

C:\Program Files\Spyware Doctor
2008-04-21 16:41:00 0 d

---

C:\Documents and Settings\user\Application Data\PC Tools
2008-04-21 16:40:37 0 d

---

C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-21 16:40:33 0 d

---

C:\Program Files\Webroot
2008-04-21 16:40:33 0 d

---

C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-21 16:40:17 164 --a

---

C:\install.dat
2008-04-21 16:40:07 0 d

---

C:\Documents and Settings\user\Application Data\Webroot
2008-04-21 16:40:04 0 d

---

C:\Program Files\Lavasoft
2008-04-21 16:39:54 0 d

---

C:\Program Files\SpywareBlaster
2008-04-21 16:38:41 0 d

---

C:\Documents and Settings\All Users\Application Data\Prevx
2008-04-21 16:38:36 0 d

---

C:\Temp
2008-04-21 16:29:36 0 d

---

C:\WINDOWS\system32\GroupPolicy
2008-04-21 16:29:32 0 d

---

C:\Program Files\Hitman Pro
2008-04-20 16:43:36 0 d

---

C:\Documents and Settings\user\Application Data\Macromedia
2008-04-20 16:43:30 1160 --a

---

C:\WINDOWS\mozver.dat
2008-04-20 15:28:05 0 d

---

C:\Program Files\Common Files\xing shared
2008-04-20 15:27:54 0 d

---

C:\Program Files\Real
2008-04-20 15:27:52 0 d

---

C:\Program Files\Common Files\Real
2008-04-20 15:27:52 0 d

---

C:\Documents and Settings\user\Application Data\Real
2008-04-19 22:52:37 0 d

---

C:\Documents and Settings\user\Application Data\AdobeUM
2008-04-19 22:50:33 0 d

---

C:\Program Files\Common Files\Adobe
2008-04-19 22:50:33 0 d

---

C:\Documents and Settings\user\Application Data\Adobe
2008-04-19 20:01:31 0 drahs---- C:\autorun.inf
2008-04-19 18:55:26 0 d

---

C:\WINDOWS\system32\appmgmt
2008-04-19 18:50:05 0 d

---

C:\KEY
2008-04-19 18:17:00 0 d

---

C:\WINDOWS\Sun
2008-04-19 18:16:17 0 d

---

C:\Documents and Settings\user\Application Data\Malwarebytes
2008-04-19 18:16:10 0 d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 18:16:10 0 d

---

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 18:15:55 0 d

---

C:\Program Files\Common Files\Download Manager
2008-04-19 18:07:53 0 d

---

C:\WINDOWS\ERUNT
2008-04-19 18:01:24 0 d

---

C:\Program Files\DAEMON Tools Lite
2008-04-19 17:46:57 717296 --a

---

C:\WINDOWS\system32\drivers\sptd.sys
2008-04-19 17:46:53 0 d

---

C:\Documents and Settings\user\Application Data\DAEMON Tools
2008-04-19 16:36:51 0 d

---

C:\WINDOWS\BDOSCAN8
2008-04-19 16:32:28 0 d

---

C:\WINDOWS\CSC
2008-04-19 16:28:13 0 d

---

C:\Documents and Settings\user\WINDOWS
2008-04-19 16:28:13 0 d

---

C:\Application Data
2008-04-19 01:28:26 0 d

---

C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-19 00:48:04 0 d

---

C:\Program Files\Enigma Software Group
2008-04-18 23:24:12 0 d

---

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 23:09:15 0 d

---

C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-18 19:19:44 0 d

---

C:\WINDOWS\system32\PreInstall
2008-04-18 19:19:42 0 d--h

---

C:\WINDOWS\$hf_mig$
2008-04-18 19:17:48 0 d

---

C:\WINDOWS\system32\SoftwareDistribution
2008-04-18 19:16:42 0 d---s---- C:\Documents and Settings\user\UserData
2008-04-18 18:36:13 0 d

---

C:\Documents and Settings\user\Application Data\Desktop Sidebar
2008-04-18 18:35:24 0 d

---

C:\Program Files\Desktop Sidebar
2008-04-18 18:25:30 0 d

---

C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 13:49:25 0 d

---

C:\Documents and Settings\user\Application Data\vlc
2008-04-18 13:31:54 0 d

---

C:\Documents and Settings\All Users\progeSOFT
2008-04-18 13:31:46 0 d

---

C:\Documents and Settings\user\Application Data\progeSOFT
2008-04-18 13:23:35 2134016 --a

---

C:\WINDOWS\system32\cdintf251.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-04-18 13:23:23 61440 --a

---

C:\WINDOWS\system32\wintab32.dll
2008-04-18 13:23:23 348160 --a

---

C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 499712 --a

---

C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 1060864 --a

---

C:\WINDOWS\system32\mfc71.dll <Not Verified; Microsoft Corporation; MicrosoftR Visual Studio .NET>
2008-04-18 13:23:23 0 d

---

C:\Program Files\progeSOFT
2008-04-18 13:23:22 368912 --a

---

C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-18 13:23:22 415504 --a

---

C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; MicrosoftR Access>
2008-04-18 13:23:22 252176 --a

---

C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 24848 --a

---

C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 123664 --a

---

C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 13:23:22 1046288 --a

---

C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; MicrosoftR Jet>
2008-04-18 12:58:13 0 d

---

C:\Documents and Settings\user\Application Data\SoundSpectrum
2008-04-18 12:54:25 0 d

---

C:\Program Files\VideoLAN
2008-04-18 12:53:51 0 d

---

C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-18 12:53:47 0 d

---

C:\Documents and Settings\user\Application Data\NCH Swift Sound
2008-04-18 12:53:32 0 d

---

C:\Program Files\NCH Swift Sound
2008-04-18 12:53:23 0 d

---

C:\Program Files\SoundSpectrum
2008-04-18 12:52:39 212480

---

n--- C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-18 12:51:47 0 d

---

C:\Program Files\Serif
2008-04-18 11:12:43 0 d

---

C:\Program Files\NJStar Chinese WP
2008-04-18 11:04:02 0 d

---

C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-18 10:57:17 0 d

---

C:\Documents and Settings\user\Application Data\NJStar
2008-04-18 10:57:14 0 d

---

C:\Program Files\NJStar Japanese WP
2008-04-18 10:51:45 0 d

---

C:\Documents and Settings\user\Application Data\Azureus
2008-04-18 10:51:27 0 d

---

C:\Program Files\Azureus
2008-04-18 10:48:21 0 d

---

C:\Documents and Settings\user\Application Data\Talkback
2008-04-18 10:48:15 0 --a

---

C:\WINDOWS\nsreg.dat
2008-04-18 10:48:13 0 d

---

C:\Documents and Settings\user\Application Data\Mozilla
2008-04-18 10:24:17 0 d

---

C:\Program Files\Yahoo!
2008-04-18 10:24:16 0 d

---

C:\Documents and Settings\user\Application Data\ACD Systems
2008-04-18 10:23:47 0 d

---

C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\Common Files\ACD Systems
2008-04-18 10:23:46 0 d

---

C:\Program Files\ACD Systems
2008-04-18 10:23:40 10368 --a

---

C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-04-18 10:22:06 0 d

---

C:\WINDOWS\Downloaded Installations
2008-04-18 06:37:34 0 d

---

C:\Documents and Settings\user\Application Data\Google
2008-04-18 06:37:09 0 d

---

C:\Documents and Settings\All Users\Application Data\Google
2008-04-18 06:28:54 0 d

---

C:\Program Files\Common Files\Java
2008-04-18 06:28:52 0 d

---

C:\Program Files\Java
2008-04-18 06:28:29 0 d

---

C:\Documents and Settings\user\Application Data\Sun
2008-04-18 06:27:54 0 d

---

C:\Program Files\Google
2008-04-18 06:26:46 0 dr

---

C:\Documents and Settings\LocalService\Favorites
2008-04-18 06:20:02 0 d

---

C:\Documents and Settings\user\Application Data\Ahead
2008-04-18 06:19:29 0 d

---

C:\Program Files\Nero
2008-04-18 06:19:29 0 d

---

C:\Program Files\Common Files\Ahead
2008-04-18 06:15:34 0 d

---

C:\Program Files\Microsoft ActiveSync
2008-04-18 06:14:33 0 d

---

C:\WINDOWS\ShellNew
2008-04-18 06:14:31 0 d

---

C:\Program Files\Common Files\L&H
2008-04-18 06:10:16 0 d

---

C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-18 06:09:41 0 d

---

C:\Program Files\CyberLink
2008-04-18 05:58:47 0 d

---

C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-18 05:58:21 0 d

---

C:\WINDOWS\Cache
2008-04-18 05:57:05 0 d

---

C:\WINDOWS\nview
2008-04-18 05:52:17 0 d

---

C:\WINDOWS\system32\Lang
2008-04-18 05:49:50 49152 -r

---

C:\WINDOWS\system32\ChCfg.exe
2008-04-18 05:49:37 0 d

---

C:\WINDOWS\system32\RTCOM
2008-04-18 05:48:42 0 d

---

C:\Program Files\Realtek
2008-04-18 05:48:39 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-04-18 05:48:31 315392 --a

---

C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-18 05:48:30 520192 -r

---

C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-18 05:46:41 1732 -ra

---

C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-18 05:46:16 0 d

---

C:\Documents and Settings\user\Application Data\InstallShield
2008-04-18 05:44:37 0 d

---

C:\WINDOWS\system32\Tools
2008-04-18 05:44:28 0 d

---

C:\Program Files\Common Files\InstallShield
2008-04-18 05:43:38 4864 -ra

---

C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2008-04-18 05:35:25 0 d

---

C:\Documents and Settings\user\Application Data\Identities
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\NetHood
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\My Documents
2008-04-18 05:35:16 0 d--h

---

C:\Documents and Settings\user\Local Settings
2008-04-18 05:35:16 0 dr

---

C:\Documents and Settings\user\Favorites
2008-04-18 05:35:16 0 d

---

C:\Documents and Settings\user\Desktop
2008-04-18 05:35:16 0 d---s---- C:\Documents and Settings\user\Cookies
2008-04-18 05:35:16 0 dr-h

---

C:\Documents and Settings\user\Application Data
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\Templates
2008-04-18 05:35:15 0 dr

---

C:\Documents and Settings\user\Start Menu
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\SendTo
2008-04-18 05:35:15 0 dr-h

---

C:\Documents and Settings\user\Recent
2008-04-18 05:35:15 0 d--h

---

C:\Documents and Settings\user\PrintHood
2008-04-18 05:35:15 4718592 --ah

---

C:\Documents and Settings\user\NTUSER.DAT
2008-04-18 05:34:35 0 d

---

C:\WINDOWS\SoftwareDistribution
2008-04-18 05:34:33 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-18 05:34:33 0 d

---

C:\WINDOWS\Prefetch
2008-04-18 05:34:32 229376 --ah

---

C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-18 05:34:32 0 d--h

---

C:\Documents and Settings\LocalService\Local Settings
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-18 05:34:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-18 05:34:32 0 d

---

C:\Documents and Settings\LocalService\Application Data
2008-04-18 05:34:14 229376 --ah

---

C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-18 05:34:14 0 d--h

---

C:\Documents and Settings\NetworkService\Local Settings
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-18 05:34:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-18 05:34:14 0 d

---

C:\Documents and Settings\NetworkService\Application Data
2008-04-18 05:32:04 0 d

---

C:\WINDOWS\system32\xircom
2008-04-18 05:32:04 0 d

---

C:\Program Files\microsoft frontpage
2008-04-18 05:31:57 262144 --ah

---

C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-18 05:31:47 0 -rahs---- C:\MSDOS.SYS
2008-04-18 05:31:47 0 -rahs---- C:\IO.SYS
2008-04-18 05:31:47 0 --a

---

C:\CONFIG.SYS
2008-04-18 05:31:47 0 --a

---

C:\AUTOEXEC.BAT
2008-04-18 05:30:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-18 05:30:48 0 dr

---

C:\WINDOWS\Offline Web Pages
2008-04-18 05:30:48 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-18 05:30:38 0 d--h

---

C:\Program Files\WindowsUpdate
2008-04-18 05:30:05 0 d

---

C:\WINDOWS\system32\DirectX
2008-04-18 05:29:10 0 d---s---- C:\WINDOWS\Tasks
2008-04-18 05:29:09 0 d

---

C:\Program Files\Common Files\MSSoap
2008-04-18 05:29:03 0 d

---

C:\WINDOWS\srchasst
2008-04-18 05:29:02 0 d

---

C:\WINDOWS\system32\Macromed
2008-04-18 05:28:46 0 d

---

C:\Program Files\Movie Maker
2008-04-18 05:28:33 0 d

---

C:\WINDOWS\system32\Restore
2008-04-18 05:27:50 21640 --a

---

C:\WINDOWS\system32\emptyregdb.dat
2008-04-18 05:27:30 0 d

---

C:\WINDOWS\Registration
2008-04-18 05:27:22 0 d

---

C:\Program Files\Online Services
2008-04-18 05:27:16 0 d

---

C:\Program Files\Messenger
2008-04-18 05:27:12 0 d

---

C:\Program Files\MSN Gaming Zone
2008-04-18 05:26:17 0 d

---

C:\Program Files\Windows NT
2008-04-18 05:26:12 0 d

---

C:\WINDOWS\system32\MsDtc
2008-04-18 05:26:09 0 d

---

C:\WINDOWS\system32\Com
2008-04-17 22:17:25 0 d--hs---- C:\WINDOWS\Installer
2008-04-17 22:17:24 0 d

---

C:\Program Files\Common Files\ODBC
2008-04-17 22:17:22 0 d

---

C:\Program Files\Common Files\SpeechEngines
2008-04-17 22:17:21 0 d

---

C:\Program Files\Common Files
2008-04-17 22:17:21 0 dr

---

C:\Program Files
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\Default User\Start Menu
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\SendTo
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\Recent
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\PrintHood
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\Default User\NetHood
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\My Documents
2008-04-17 22:16:51 0 dr-h

---

C:\Documents and Settings\Default User\Local Settings
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Favorites
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\Default User\Desktop
2008-04-17 22:16:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-17 22:16:51 0 d--h

---

C:\Documents and Settings\All Users\Templates
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Start Menu
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Favorites
2008-04-17 22:16:51 0 dr

---

C:\Documents and Settings\All Users\Documents
2008-04-17 22:16:51 0 d

---

C:\Documents and Settings\All Users\Desktop
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot2
2008-04-17 22:16:39 0 d

---

C:\WINDOWS\system32\CatRoot
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\Default User\Application Data
2008-04-17 22:16:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-17 22:16:34 0 dr-h

---

C:\Documents and Settings\All Users\Application Data
2008-04-17 22:16:02 0 d--hs---- C:\System Volume Information
2008-04-17 22:16:02 0 d

---

C:\Documents and Settings
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\WinSxS
2008-04-17 22:10:24 0 dr

---

C:\WINDOWS\Web
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\twain_32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\wbem
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\usmt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\spool
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ShellExt
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\Setup
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ras
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\oobe
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\npp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\inetsrv
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\IME
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\icsxml
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\ias
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\export
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\etc
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers\disdn
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\drivers
2008-04-17 22:10:24 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\dhcp
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3com_dmi
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\3076
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\2052
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1054
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1042
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1041
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1037
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1033
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1031
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1028
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32\1025
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system32
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\system
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\security
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Resources
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\repair
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Provisioning
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\PeerNet
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\pchealth
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\mui
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msapps
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\msagent
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Media
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\java
2008-04-17 22:10:24 0 d--h

---

C:\WINDOWS\inf
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ime
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Help
2008-04-17 22:10:24 0 dr--s---- C:\WINDOWS\Fonts
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\ehome
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Driver Cache
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Debug
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Cursors
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Connection Wizard
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\Config
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\AppPatch
2008-04-17 22:10:24 0 d

---

C:\WINDOWS\addins
2008-04-17 22:10:24 0 d

---

C:\WINDOWS


-- Find3M Report

---

2008-04-17 22:16:51 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004/08/03 22:32]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004/08/03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004/08/03 22:32]
"RTHDCPL"="RTHDCPL.EXE" [2007/07/05 01:08 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007/06/15 01:45 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005/05/03 03:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004/08/04 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007/12/26 15:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004/08/04 00:56 C:\WINDOWS\system32\rundll32.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004/11/02 20:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006/01/12 16:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008/04/18 06:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008/04/20 15:27]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008/02/01 11:55]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007/03/01 20:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006/04/21 17:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004/08/04 00:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008/04/18 06:28]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008/04/18 06:37]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004/08/04 01:06]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008/03/21 01:30]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Azureus.lnk - C:\Program Files\Azureus\Azureus.exe [2007/01/13 16:14:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001/02/13 1:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=&quot;Service"




-- Hosts

---

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-22 15:30:37

---

extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- Security Center

---

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"


-- End of Deckard's System Scanner: finished at 2008-04-22 15:30:37

---

Thomas

Good job - Deckards no longer picks it up as a variation from it's internal default lists. It was pretty easy once you took a look, right? Any issues now before we clean up what our work added there?

flyingsquirrel

Yay! I'm clean! Thanks very, very much!:)
Actually my computer stopped automatically restarting while we were around halfway done, but I knew I wasn't clean yet, which gives me a somewhat bad feeling.

Anyways, a bunch of Desktop.ini and thumb.db files showed up around my folders. Not really all my folders have them, but most. What do I do with them?

I also realized that I can't save files without adding the file type at the end. (For example, I can't save an image that's already a .png as the image name itself, it tells me I MUST put ".png" at the end of the name. All my files are affected by this because they all show their file types at the end of their name. How do I change this?

Thomas

You are accustomed to using your computer with some of the view settings hidden, like "Hide file extensions for known types" and "Show hidden files and folders". You can uncheck those now - right click My Computer, select Explore. Click Tools - Folder Options - View tab. That list is where you can make the changes.


For cleaning up, Kaspersky uninstalls through Add/Remove Programs if you no longer need to use it, and BitDefender through IE - Tools - Manage Add-Ons.


You can also at this time delete the files/folders of the tools we used. To assist with some of that download OTMoveIt2 and save the file to your desktop. This will help by automatically removing some of the tools we used.

Please double-click OTMoveIt.exe to run it and click on Cleanup (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator"). When you do this list of malware removal programs will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has downloaded, you'll be asked if you want to begin cleanup process? Select Yes.

OTMoveIt will search for and delete/uninstall all the tools that we have used to fix your problems and all their backup folders and then delete itself when you next reboot. At the end of the run you will receive a prompt to reboot, but save that for the next step resetting Restore.


Then reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.

In addition, I like to recommend reviewing the information Here to make sure you stay malware free.