beemanbone

Scprot4.exe

Recommended Posts

I have very limited computer knowledge. I'm desperate. Any help would be greatly appreciated. This is my log...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:21:43 PM, on 12/19/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ps2 .exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\dla\tfswctrl .exe

C:\WINDOWS\system32\hkcmd .exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\igfxtray .exe

C:\WINDOWS\System32\hphmon05 .exe

C:\Program Files\Common Files\Real\Update_OB\realsched .exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe

C:\Program Files\SecCenter\scprot4 .exe

C:\Program Files\Outerinfo\Outerinfo .exe

C:\WINDOWS\system32\ctfmon .exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [nkzezsdw] rundll32.exe "C:\Program Files\yvqdgbir\qdsjihqj.dll",Init

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwek.dll,startup

O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe

O4 - HKLM\..\Run: [pufylujg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pufylujg.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab

O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10505 bytes

Share this post


Link to post
Share on other sites

Here is this log:

SmitFraudFix v2.274

Scan done at 22:26:10.76, Wed 12/19/2007

Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ps2 .exe

C:\WINDOWS\system32\igfxtray .exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\hkcmd .exe

C:\WINDOWS\System32\hphmon05 .exe

C:\WINDOWS\system32\dla\tfswctrl .exe

C:\Program Files\Common Files\Real\Update_OB\realsched .exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SecCenter\scprot4 .exe

C:\Program Files\Outerinfo\Outerinfo .exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\drvwek.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.cool.gif - Packet Scheduler Miniport

DNS Server Search Order: 65.83.241.181

DNS Server Search Order: 67.32.118.46

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46

HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

here's this log..

ComboFix 07-12-20.1 - Owner 2007-12-19 22:31:37.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.322 [GMT -6:00]

Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Z3YBV99Q\ComboFix[1].exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data.\pufylujg.dll

C:\Documents and Settings\Owner\Application Data\inst.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo

C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk

C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk

C:\Program Files\Bcvibqdh

C:\Program Files\Bcvibqdh\ijiobdab.dll

C:\Program Files\outerinfo

C:\Program Files\outerinfo\FF\chrome.manifest

C:\Program Files\outerinfo\FF\components\FF.dll

C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt

C:\Program Files\outerinfo\FF\install.rdf

C:\Program Files\outerinfo\OinUninstall.exe

C:\Program Files\outerinfo\OiUninstaller.exe

C:\Program Files\outerinfo\Outerinfo .exe

C:\Program Files\outerinfo\Outerinfo.exe

C:\Program Files\outerinfo\outerinfo.ico

C:\Program Files\outerinfo\Terms.rtf

C:\Program Files\SecCenter

C:\Program Files\SecCenter\scprot4 .exe

C:\Program Files\SecCenter\scprot4.exe

C:\Program Files\yvqdgbir

C:\Program Files\yvqdgbir\qdsjihqj.dll

C:\WINDOWS\system32\drvwek.dll

C:\WINDOWS\system32\FTPx.dll

C:\WINDOWS\system32\kjjlm.ini

C:\WINDOWS\system32\kjjlm.ini2

C:\WINDOWS\system32\mljjk.dll

C:\WINDOWS\system32\njprckha

C:\WINDOWS\system32\njprckha\bg1.gif

C:\WINDOWS\system32\njprckha\bgtop.gif

C:\WINDOWS\system32\njprckha\bottom1.gif

C:\WINDOWS\system32\njprckha\essentials.gif

C:\WINDOWS\system32\njprckha\icon1.ico

C:\WINDOWS\system32\njprckha\install1.gif

C:\WINDOWS\system32\njprckha\left1.gif

C:\WINDOWS\system32\njprckha\li.gif

C:\WINDOWS\system32\njprckha\logo.gif

C:\WINDOWS\system32\njprckha\main.htm

C:\WINDOWS\system32\njprckha\mainframe.htm

C:\WINDOWS\system32\njprckha\njprckha1.exe

C:\WINDOWS\system32\njprckha\njprckha2.exe

C:\WINDOWS\system32\njprckha\njprckha3.exe

C:\WINDOWS\system32\njprckha\reinstall1.gif

C:\WINDOWS\system32\njprckha\right1.gif

C:\WINDOWS\system32\njprckha\s1.htm

C:\WINDOWS\system32\njprckha\s2.htm

C:\WINDOWS\system32\njprckha\s3.htm

C:\WINDOWS\system32\njprckha\SMTop1.gif

C:\WINDOWS\system32\njprckha\SMTop2.gif

C:\WINDOWS\system32\njprckha\SMTop3.gif

C:\WINDOWS\system32\njprckha\SMTop4.gif

C:\WINDOWS\system32\njprckha\soft1_off.gif

C:\WINDOWS\system32\njprckha\soft1_off_ext.gif

C:\WINDOWS\system32\njprckha\soft1_on.gif

C:\WINDOWS\system32\njprckha\soft1_on_ext.gif

C:\WINDOWS\system32\njprckha\soft2_off.gif

C:\WINDOWS\system32\njprckha\soft2_off_ext.gif

C:\WINDOWS\system32\njprckha\soft2_on.gif

C:\WINDOWS\system32\njprckha\soft2_on_ext.gif

C:\WINDOWS\system32\njprckha\soft3_off.gif

C:\WINDOWS\system32\njprckha\soft3_off_ext.gif

C:\WINDOWS\system32\njprckha\soft3_on.gif

C:\WINDOWS\system32\njprckha\soft3_on_ext.gif

C:\WINDOWS\system32\njprckha\softbottom_off.gif

C:\WINDOWS\system32\njprckha\softbottom_on.gif

C:\WINDOWS\system32\njprckha\softleft_off.gif

C:\WINDOWS\system32\njprckha\softleft_on.gif

C:\WINDOWS\system32\njprckha\top1.gif

C:\WINDOWS\system32\njprckha\top2.gif

C:\WINDOWS\system32\njprckha\turnoff1.gif

C:\WINDOWS\system32\njprckha\turnon1.gif

C:\WINDOWS\system32\winjks32.dll

.

((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))

.

2007-12-19 22:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-12-19 22:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-12-19 22:26 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2007-12-19 22:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-12-19 22:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-12-19 22:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-19 15:53 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert

2007-12-19 15:41 . 2007-12-19 15:41 335,360 --a------ C:\WINDOWS\system32\RCX47.tmp

2007-12-19 15:20 . 2007-12-19 15:20 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-19 14:58 . 2007-12-19 22:48 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

2007-12-19 14:57 . 2007-12-19 22:46 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe

2007-12-19 14:57 . 2007-12-19 14:57 335,360 --a------ C:\WINDOWS\system32\RCX44.tmp

2007-12-19 14:57 . 2007-12-19 22:46 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe

2007-12-19 14:57 . 2007-12-19 22:46 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe

2007-12-19 14:57 . 2007-12-19 22:46 81,920 --a------ C:\WINDOWS\system32\ps2 .exe

2007-12-19 13:58 . 2007-12-19 13:58 335,360 --a------ C:\WINDOWS\system32\mljjk.exe

2007-12-19 13:49 . 2007-12-19 13:49 39,936 --a------ C:\WINDOWS\system32\rqronno.dll

2007-12-01 08:07 . 2007-12-01 08:09 1,123,481,056 --a------ C:\Pushing Daisies.mpg

2007-11-27 07:48 . 2002-08-29 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-20 04:48 --------- d-----w C:\Program Files\QuickTime

2007-12-20 04:47 352,256 ----a-w C:\WINDOWS\system32\ctfmon.exe

2007-12-20 04:46 331,776 ----a-w C:\WINDOWS\system32\mljjk.dll

2007-12-20 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-19 21:41 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe

2007-12-19 21:41 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe

2007-12-19 21:41 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe

2007-12-19 21:41 418,304 ----a-w C:\WINDOWS\system32\ps2.exe

2007-12-19 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-16 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2007-11-26 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2007-11-16 13:33 --------- d-----w C:\Program Files\Norton Internet Security

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-27 17:21 --------- d-----w C:\Program Files\WinTV

2007-10-27 13:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems

2007-10-27 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

2007-10-27 13:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems

2007-10-27 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-27 13:23 --------- d-----w C:\Program Files\Ulead Systems

2007-10-27 12:50 --------- d-----w C:\Program Files\nanoPEG for WinTV

2007-10-27 12:49 --------- d-----w C:\Program Files\Common Files\IviSDK

2007-10-26 19:51 --------- d-----w C:\Program Files\Ericsson

2007-10-26 19:49 --------- d-----w C:\Program Files\BitTorrent

2007-09-01 12:55 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

2004-08-04 01:16 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A09CF5-2FC9-4867-9697-A954294A6909}]

2007-12-19 22:46 331776 --a------ C:\WINDOWS\system32\mljjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9E85D85-F6EE-4655-A639-E33983612A6E}]

2007-12-19 13:49 39936 --a------ C:\WINDOWS\system32\rqronno.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2007-12-19 22:47]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-19 22:47]

"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2007-12-19 22:47]

"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2007-12-19 22:47]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2007-12-19 22:47]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 22:48]

"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2007-12-19 22:48]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 22:48]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-19 22:48]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 22:48]

"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-19 22:48]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2007-12-19 22:48]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 06:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 17:36]

"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{B9E85D85-F6EE-4655-A639-E33983612A6E}"= C:\WINDOWS\system32\rqronno.dll [2007-12-19 13:49 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqronno]

rqronno.dll 2007-12-19 13:49 39936 C:\WINDOWS\system32\rqronno.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"load"=C:\WINDOWS\system32\mljjk.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljjk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-12-19 22:48 422400 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2004-08-16 16:45 45056 --a------ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]

2004-09-22 13:08 987136 --a------ C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2005-06-24 14:16 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2005-05-28 21:48 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

2005-04-02 22:08 98304 --a------ C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]

2003-03-31 19:28 155648 --a------ C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Viewpoint Manager Service"=2 (0x2)

"StarWindService"=2 (0x2)

"Pml Driver HPZ12"=3 (0x3)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"LiveUpdate"=3 (0x3)

"iPodService"=3 (0x3)

"IDriverT"=3 (0x3)

"comHost"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"Adobe LM Service"=3 (0x3)

R2 CdaD10BA;CdaD10BA;C:\WINDOWS\system32\drivers\CdaD10BA.SYS [2006-11-01 21:24]

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-09-02 21:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f31d8fe-21d6-11d9-928a-000c76ff2271}]

\Shell\AutoRun\command - H:\setupSNK.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-12-19 21:53:35 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"

- C:\Program Files\AdwareAlert\AdwareAlert.ex

- C:\Program Files\AdwareAlert

"2007-12-06 23:50:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"

- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]

"2007-12-15 02:01:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-19 22:46:00

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\rqronno.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\system32\rqronno.dll

-> C:\WINDOWS\system32\mljjk.dll

.

Completion time: 2007-12-19 22:52:56 - machine was rebooted

.

2007-12-19 14:52:07 --- E O F ---

Share this post


Link to post
Share on other sites

Hi,

Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.

You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.

Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.

These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)

Share this post


Link to post
Share on other sites

Hi,

Your computer is very infected.

Please uninstall:

Outerinfo

Morpheus Toolbar

AdwareAlert

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system32\mljjk.dll

C:\WINDOWS\SMINST\HPCD.sys

C:\WINDOWS\system32\rqronno.dll

C:\WINDOWS\system32\RCX47.tmp

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A09CF5-2FC9-4867-9697-A954294A6909}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9E85D85-F6EE-4655-A639-E33983612A6E}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqronno]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"load"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

Let me know of any problems you have.

Edited by sarahw

Share this post


Link to post
Share on other sites

Ok here is a new log...

ComboFix 07-12-20.1 - Owner 2007-12-20 7:31:11.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.333 [GMT -6:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

* Created a new restore point

FILE

C:\WINDOWS\SMINST\HPCD.sys

C:\WINDOWS\system32\mljjk.dll

C:\WINDOWS\system32\RCX47.tmp

C:\WINDOWS\system32\rqronno.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\SMINST\HPCD.sys

C:\WINDOWS\system32\kjjlm.ini

C:\WINDOWS\system32\kjjlm.ini2

C:\WINDOWS\system32\mljjk.dll

C:\WINDOWS\system32\RCX47.tmp

C:\WINDOWS\system32\rqronno.dll

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))

.

2007-12-20 07:14 . 2007-12-20 07:14 335,360 --a------ C:\WINDOWS\system32\RCX48.tmp

2007-12-19 22:47 . 2007-12-19 22:47 352,256 --a------ C:\WINDOWS\system32\ctfmon.exe.tmp

2007-12-19 22:47 . 2004-08-03 23:56 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-12-19 22:47 . 2004-08-03 23:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

2007-12-19 22:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-12-19 22:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-12-19 22:26 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2007-12-19 22:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-12-19 22:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-12-19 22:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-19 15:53 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert

2007-12-19 15:20 . 2007-12-19 15:20 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-19 14:58 . 2007-12-20 07:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

2007-12-19 14:57 . 2007-12-20 07:14 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe

2007-12-19 14:57 . 2007-12-19 14:57 335,360 --a------ C:\WINDOWS\system32\RCX44.tmp

2007-12-19 14:57 . 2007-12-20 07:14 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe

2007-12-19 14:57 . 2007-12-20 07:14 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe

2007-12-19 14:57 . 2007-12-20 07:14 81,920 --a------ C:\WINDOWS\system32\ps2 .exe

2007-12-19 13:58 . 2007-12-19 22:48 335,360 --a------ C:\WINDOWS\system32\mljjk.exe

2007-12-01 08:07 . 2007-12-01 08:09 1,123,481,056 --a------ C:\Pushing Daisies.mpg

2007-11-27 07:48 . 2002-08-29 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-20 13:14 --------- d-----w C:\Program Files\QuickTime

2007-12-20 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-19 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-16 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2007-11-26 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2007-11-16 13:33 --------- d-----w C:\Program Files\Norton Internet Security

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-10-27 17:21 --------- d-----w C:\Program Files\WinTV

2007-10-27 13:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems

2007-10-27 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

2007-10-27 13:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems

2007-10-27 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-27 13:23 --------- d-----w C:\Program Files\Ulead Systems

2007-10-27 12:50 --------- d-----w C:\Program Files\nanoPEG for WinTV

2007-10-27 12:49 --------- d-----w C:\Program Files\Common Files\IviSDK

2007-10-26 19:51 --------- d-----w C:\Program Files\Ericsson

2007-10-26 19:49 --------- d-----w C:\Program Files\BitTorrent

2007-09-01 12:55 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

.

((((((((((((((((((((((((((((( [email protected]_22.51.08.62 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-12-19 20:57:50 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE

+ 2007-12-20 13:14:23 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE

- 2007-12-19 20:57:51 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE

+ 2007-12-20 13:14:27 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE

- 2007-12-20 04:46:12 233,472 ----a-w C:\WINDOWS\SMINST\RECGUARD .EXE

+ 2007-12-20 13:42:48 233,472 ----a-w C:\WINDOWS\SMINST\RECGUARD .EXE

- 2007-12-19 21:41:07 578,560 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE

+ 2007-12-20 13:14:00 578,560 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE

- 2007-12-20 04:46:48 114,741 ----a-w C:\WINDOWS\system32\dla\tfswctrl .exe

+ 2007-12-20 13:43:08 114,741 ----a-w C:\WINDOWS\system32\dla\tfswctrl .exe

- 2007-12-19 21:41:20 476,672 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe

+ 2007-12-20 13:14:06 476,672 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe

- 2007-12-19 21:41:16 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe

+ 2007-12-20 13:14:04 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe

- 2007-12-19 21:41:12 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe

+ 2007-12-20 13:14:03 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe

- 2007-12-19 21:41:09 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe

+ 2007-12-20 13:14:02 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe

- 2007-12-19 20:57:54 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe

+ 2007-12-20 13:14:26 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe

- 2007-12-19 20:57:57 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

+ 2007-12-20 13:14:31 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

- 2007-12-19 21:41:08 418,304 ----a-w C:\WINDOWS\system32\ps2.exe

+ 2007-12-20 13:14:00 418,304 ----a-w C:\WINDOWS\system32\ps2.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{776D26A1-0120-4155-802C-9FE4039CEB79}]

2007-12-20 07:42 331776 --a------ C:\WINDOWS\system32\mljjk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2007-12-20 07:45]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-20 07:45]

"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2007-12-20 07:45]

"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2007-12-20 07:45]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2007-12-20 07:45]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-20 07:45]

"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2007-12-20 07:45]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-20 07:45]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-20 07:46]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-20 07:46]

"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-20 07:46]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2007-12-20 07:46]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 06:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 17:36]

"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"load"=C:\WINDOWS\system32\mljjk.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljjk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-12-20 07:46 422400 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2004-08-16 16:45 45056 --a------ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]

2004-09-22 13:08 987136 --a------ C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2005-06-24 14:16 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2005-05-28 21:48 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

2005-04-02 22:08 98304 --a------ C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]

2003-03-31 19:28 155648 --a------ C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Viewpoint Manager Service"=2 (0x2)

"StarWindService"=2 (0x2)

"Pml Driver HPZ12"=3 (0x3)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"LiveUpdate"=3 (0x3)

"iPodService"=3 (0x3)

"IDriverT"=3 (0x3)

"comHost"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"Adobe LM Service"=3 (0x3)

R2 CdaD10BA;CdaD10BA;C:\WINDOWS\system32\drivers\CdaD10BA.SYS [2006-11-01 21:24]

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-09-02 21:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f31d8fe-21d6-11d9-928a-000c76ff2271}]

\Shell\AutoRun\command - H:\setupSNK.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-12-19 21:53:35 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"

- C:\Program Files\AdwareAlert\AdwareAlert.ex

- C:\Program Files\AdwareAlert

"2007-12-06 23:50:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"

- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]

"2007-12-15 02:01:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-20 07:42:26

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\kjjlm.ini 319 bytes

C:\WINDOWS\system32\kjjlm.ini2 319 bytes

scan completed successfully

hidden files: 2

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\system32\mljjk.dll

.

Completion time: 2007-12-20 7:48:46 - machine was rebooted

C:\ComboFix2.txt ... 2007-12-19 22:52

.

2007-12-20 06:54:45 --- E O F ---

Share this post


Link to post
Share on other sites

And this log...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:50:54 AM, on 12/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched .exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe

C:\WINDOWS\system32\ps2 .exe

C:\WINDOWS\system32\igfxtray .exe

C:\WINDOWS\system32\hkcmd .exe

C:\WINDOWS\System32\hphmon05 .exe

C:\WINDOWS\system32\dla\tfswctrl .exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab

O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10538 bytes

Share this post


Link to post
Share on other sites

Hi,

Open Hijack This and place a tick next to this item:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe

Reboot into Safe Mode and delete this file:

C:\WINDOWS\system32\mljjk.exe

Reboot as you normally would, and post another Hijack This log in a reply here.

:)

Edited by sarahw

Share this post


Link to post
Share on other sites
Hi,

Open Hijack This and place a tick next to this item:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe

Reboot into Safe Mode and delete this file:

C:\WINDOWS\system32\mljjk.exe

Reboot as you normally would, and post another Hijack This log in a reply here.

:)

I am now away from my home for the holidays. I will return to my computer in a week. When I get back, I will follow these steps. Don't forget about me, OK! ;)

P.S.

what's a "tick"?

Share this post


Link to post
Share on other sites

Hi,

A tick means check the square box next to the line in your Hijack This program that matches the line I gave you in the previous post.

If you run into any more problems with Hijack This (or with deleting the file in Safe Mode), let me know. :)

I will leave this topic open for when you return.

:)

Share this post


Link to post
Share on other sites

OK. Thanks for your patience. Here's the new log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:59:35 AM, on 1/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ps2 .exe

C:\WINDOWS\system32\igfxtray .exe

C:\WINDOWS\System32\hphmon05 .exe

C:\WINDOWS\system32\hkcmd .exe

C:\Program Files\Common Files\Symantec Shared\ccApp .exe

C:\Program Files\Common Files\Real\Update_OB\realsched .exe

C:\WINDOWS\system32\dla\tfswctrl .exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3 .exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab

O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10427 bytes

Share this post


Link to post
Share on other sites

You have a bad Vundo infection. The more you reboot, the more it will become infected, untill your computer is unusable.

Delete your old version of combofix and download a new version from Here or Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Share this post


Link to post
Share on other sites

OK. Here's one.

ComboFix 07-12-31.4 - Owner 2008-01-02 8:45:18.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.387 [GMT -6:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\Program Files\Norton Internet Security\osCheck.exe

C:\Program Files\QuickTime\qttask .exe

C:\Program Files\QuickTime\qttask .exe

C:\Program Files\QuickTime\qttask .exe

C:\Program Files\QuickTime\qttask .exe

C:\Program Files\QuickTime\qttask .exe

C:\Program Files\QuickTime\qttask .exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\SMINST\RECGUARD.EXE

C:\WINDOWS\system32\ctfmon.exe.tmp

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\hphmon05.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\kjjlm.ini

C:\WINDOWS\system32\kjjlm.ini2

C:\WINDOWS\system32\mljjk.dll

C:\WINDOWS\system32\mljjk.exe

C:\WINDOWS\system32\ps2.exe

.

((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))

.

2008-01-02 08:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-02 01:36 . 2008-01-02 01:37 335,360 --a------ C:\WINDOWS\system32\RCX4E.tmp

2007-12-20 08:58 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2007-12-20 08:58 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat

2007-12-20 08:58 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf

2007-12-20 07:14 . 2007-12-20 07:14 335,360 --a------ C:\WINDOWS\system32\RCX48.tmp

2007-12-19 22:47 . 2004-08-03 23:56 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-12-19 22:47 . 2004-08-03 23:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

2007-12-19 22:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-12-19 22:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-12-19 22:26 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2007-12-19 22:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-12-19 22:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-12-19 22:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-19 15:53 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert

2007-12-19 15:20 . 2007-12-19 15:20 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-19 14:58 . 2007-12-20 07:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

2007-12-19 14:57 . 2008-01-02 01:53 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe

2007-12-19 14:57 . 2007-12-19 14:57 335,360 --a------ C:\WINDOWS\system32\RCX44.tmp

2007-12-19 14:57 . 2008-01-02 01:53 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe

2007-12-19 14:57 . 2008-01-02 01:53 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe

2007-12-19 14:57 . 2008-01-02 01:53 81,920 --a------ C:\WINDOWS\system32\ps2 .exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-02 14:55 --------- d-----w C:\Program Files\Norton Internet Security

2008-01-02 14:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-02 14:51 --------- d-----w C:\Program Files\QuickTime

2007-12-20 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-12-20 14:56 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-20 14:56 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-20 14:56 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-20 14:56 --------- d-----w C:\Program Files\Symantec

2007-12-19 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-16 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-26 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-09-01 12:55 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

.

----a-w			57,344 2008-01-02 07:54:05  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w 185,896 2008-01-02 07:53:56 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 84,640 2008-01-02 07:53:49 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 32,768 2008-01-02 07:54:21 C:\Program Files\HP\Digital Imaging\bin\backupnotify .exe
----a-w 1,694,208 2008-01-02 07:54:43 C:\Program Files\Messenger\msmsgs .exe
----a-w 200,704 2008-01-02 07:54:37 C:\Program Files\Microsoft Money\System\mnyexpr .exe
----a-w 208,952 2007-12-20 13:14:23 C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
----a-w 44,032 2007-12-20 13:14:27 C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
----a-w 233,472 2008-01-02 07:53:21 C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w 15,360 2007-12-20 13:14:38 C:\WINDOWS\system32\ctfmon .exe
----a-w 118,784 2008-01-02 07:53:40 C:\WINDOWS\system32\hkcmd .exe
----a-w 483,328 2008-01-02 07:53:35 C:\WINDOWS\system32\hphmon05 .exe
----a-w 155,648 2008-01-02 07:53:31 C:\WINDOWS\system32\igfxtray .exe
----a-w 81,920 2008-01-02 07:53:26 C:\WINDOWS\system32\ps2 .exe
----a-w 114,741 2008-01-02 07:53:56 C:\WINDOWS\system32\dla\tfswctrl .exe
----a-w 59,392 2007-12-20 13:14:26 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
----a-w 455,168 2007-12-20 13:14:31 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

((((((((((((((((((((((((((((( [email protected]_22.51.08.62 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-03-13 16:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

- 2006-09-02 19:34:34 11,968 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

+ 2007-10-31 01:55:14 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

- 2006-09-02 19:34:42 144,832 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

+ 2007-10-31 01:55:20 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

- 2006-09-02 19:34:50 39,104 ----a-w C:\WINDOWS\system32\drivers\symids.sys

+ 2007-10-31 01:55:28 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys

- 2006-09-02 19:34:46 33,216 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

+ 2007-10-31 01:55:24 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

- 2006-09-02 19:35:06 36,032 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

+ 2007-10-31 01:55:44 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

- 2006-09-02 19:34:56 26,432 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

+ 2007-10-31 01:55:34 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

- 2006-09-02 19:35:00 186,048 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

+ 2007-10-31 01:55:38 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

- 2007-09-17 22:39:52 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

+ 2007-12-20 14:56:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

- 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe

+ 2000-08-31 14:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe

- 2006-09-02 19:35:16 613,056 ----a-w C:\WINDOWS\system32\SymNeti.dll

+ 2007-10-31 01:55:50 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll

- 2006-09-02 19:35:10 239,808 ----a-w C:\WINDOWS\system32\SymRedir.dll

+ 2007-10-31 01:55:48 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [ ]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]

"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [ ]

"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]

"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]

"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]

"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 06:00 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 17:36 100032]

"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2004-08-16 16:45 45056 --a------ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]

2004-09-22 13:08 987136 --a------ C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2005-06-24 14:16 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2005-05-28 21:48 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

2005-04-02 22:08 98304 --a------ C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]

2003-03-31 19:28 155648 --a------ C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Viewpoint Manager Service"=2 (0x2)

"StarWindService"=2 (0x2)

"Pml Driver HPZ12"=3 (0x3)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"LiveUpdate"=3 (0x3)

"iPodService"=3 (0x3)

"IDriverT"=3 (0x3)

"comHost"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"Adobe LM Service"=3 (0x3)

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-09-02 21:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f31d8fe-21d6-11d9-928a-000c76ff2271}]

\Shell\AutoRun\command - H:\setupSNK.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-12-19 21:53:35 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"

- C:\Program Files\AdwareAlert\AdwareAlert.ex

- C:\Program Files\AdwareAlert

"2007-12-06 23:50:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"

- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]

"2007-12-15 02:01:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-02 08:57:41

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-02 9:02:19 - machine was rebooted

C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 15:02:14

C:\qoobox\ComboFix2.txt 2007-12-20 13:48:47

C:\qoobox\ComboFix3.txt 2007-12-20 04:52:57

.

2008-01-02 14:35:19 --- E O F ---

Edited by beemanbone

Share this post


Link to post
Share on other sites

And here's the other one.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:03:39 AM, on 1/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab

O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10057 bytes

Edited by beemanbone

Share this post


Link to post
Share on other sites

Hi,

1.

  1. Download RenV.exe by sUBs to your desktop
  2. Copy the entire contents of the Code Box below to Notepad.
  3. Name the file as Log.txt (Overwrite the existing one)
  4. Change the Save as Type to All Files
  5. and Save it on the desktop

----a-w 57,344 2008-01-02 07:54:05 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe

----a-w 185,896 2008-01-02 07:53:56 C:\Program Files\Common Files\Real\Update_OB\realsched .exe

----a-w 84,640 2008-01-02 07:53:49 C:\Program Files\Common Files\Symantec Shared\ccApp .exe

----a-w 32,768 2008-01-02 07:54:21 C:\Program Files\HP\Digital Imaging\bin\backupnotify .exe

----a-w 1,694,208 2008-01-02 07:54:43 C:\Program Files\Messenger\msmsgs .exe

----a-w 200,704 2008-01-02 07:54:37 C:\Program Files\Microsoft Money\System\mnyexpr .exe

----a-w 208,952 2007-12-20 13:14:23 C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE

----a-w 44,032 2007-12-20 13:14:27 C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE

----a-w 233,472 2008-01-02 07:53:21 C:\WINDOWS\SMINST\RECGUARD .EXE

----a-w 15,360 2007-12-20 13:14:38 C:\WINDOWS\system32\ctfmon .exe

----a-w 118,784 2008-01-02 07:53:40 C:\WINDOWS\system32\hkcmd .exe

----a-w 483,328 2008-01-02 07:53:35 C:\WINDOWS\system32\hphmon05 .exe

----a-w 155,648 2008-01-02 07:53:31 C:\WINDOWS\system32\igfxtray .exe

----a-w 81,920 2008-01-02 07:53:26 C:\WINDOWS\system32\ps2 .exe

----a-w 114,741 2008-01-02 07:53:56 C:\WINDOWS\system32\dla\tfswctrl .exe

----a-w 59,392 2007-12-20 13:14:26 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe

----a-w 455,168 2007-12-20 13:14:31 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

RenV.gif

Refering to the picture above, drag Log.txt into RenV.exe and attach the resulting report to your reply when you finnish these instructions.

2.

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system32\RCX4E.tmp

C:\WINDOWS\system32\RCX48.tmp

C:\WINDOWS\system32\RCX44.tmp

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

3.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

4.

After a reboot, please post the following reports/logs into your next reply:

  • Combofix.txt
  • The RenV log
  • The kapersky scan results
  • A new HijackThis log.

Share this post


Link to post
Share on other sites

I can't run Kaspersky Online Scanner. When I go to install the ActiveX component, it says it needs to configure ccCommon and to insert the disc that has ccCommon.

The 1st two steps I did. Here is the RenV log....

Ran on Wed 01/02/2008 - 12:57:10.15

------w 84,640 2008-01-02 07:53:49 C:\Program Files\Common Files\Symantec Shared\ccApp .exe

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 84,640 Blocks: 166

Here is the Combofix log.............

ComboFix 07-12-31.4 - Owner 2008-01-02 13:03:13.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.331 [GMT -6:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

* Created a new restore point

FILE

C:\WINDOWS\system32\RCX44.tmp

C:\WINDOWS\system32\RCX48.tmp

C:\WINDOWS\system32\RCX4E.tmp

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\RCX44.tmp

C:\WINDOWS\system32\RCX48.tmp

C:\WINDOWS\system32\RCX4E.tmp

.

((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))

.

2008-01-02 12:57 . 2008-01-02 01:53 483,328 --a------ C:\WINDOWS\system32\hphmon05.exe

2008-01-02 12:57 . 2008-01-02 01:53 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe

2008-01-02 12:57 . 2008-01-02 01:53 118,784 --a------ C:\WINDOWS\system32\hkcmd.exe

2008-01-02 12:57 . 2008-01-02 01:53 81,920 --a------ C:\WINDOWS\system32\ps2.exe

2008-01-02 08:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-20 08:58 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2007-12-20 08:58 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat

2007-12-20 08:58 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf

2007-12-19 22:47 . 2007-12-20 07:14 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe

2007-12-19 22:47 . 2007-12-20 07:14 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

2007-12-19 22:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-12-19 22:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-12-19 22:26 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2007-12-19 22:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-12-19 22:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-12-19 22:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-19 15:53 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert

2007-12-19 15:20 . 2007-12-19 15:20 <DIR> d-------- C:\Program Files\Trend Micro

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-02 14:55 --------- d-----w C:\Program Files\Norton Internet Security

2008-01-02 14:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-02 14:51 --------- d-----w C:\Program Files\QuickTime

2007-12-20 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-12-20 14:56 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-20 14:56 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-12-20 14:56 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-20 14:56 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-20 14:56 --------- d-----w C:\Program Files\Symantec

2007-12-19 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-16 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-26 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-31 01:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-10-31 01:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-09-01 12:55 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

.

------w			84,640 2008-01-02 07:53:49  C:\Program Files\Common Files\Symantec Shared\ccApp .exe

((((((((((((((((((((((((((((( snapshot_2008-01-02_ 9.01.43.43 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 03:32:00 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe

+ 2007-12-20 13:14:23 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE

- 2002-08-29 12:00:00 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\imekrmig.exe

+ 2007-12-20 13:14:27 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

+ 2008-01-02 07:53:21 233,472 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE

+ 2008-01-02 07:53:56 114,741 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe

- 2002-08-29 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\imekrmig.exe

+ 2007-12-20 13:14:27 44,032 -c--a-w C:\WINDOWS\system32\dllcache\imekrmig.exe

- 2004-08-04 03:32:00 208,952 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe

+ 2007-12-20 13:14:23 208,952 -c--a-w C:\WINDOWS\system32\dllcache\imjpmig.exe

- 2004-08-04 03:31:50 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe

+ 2007-12-20 13:14:26 59,392 -c--a-w C:\WINDOWS\system32\dllcache\imscinst.exe

- 2004-08-04 03:32:16 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe

+ 2007-12-20 13:14:31 455,168 -c--a-w C:\WINDOWS\system32\dllcache\tintsetp.exe

- 2004-08-04 03:31:50 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

+ 2007-12-20 13:14:26 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

- 2004-08-04 03:32:16 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

+ 2007-12-20 13:14:31 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-20 07:14 15360]

"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2008-01-02 01:54 32768]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-02 01:54 1694208]

"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2008-01-02 01:54 200704]

"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-02 01:53 233472]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2008-01-02 01:53 81920]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-02 01:53 155648]

"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-01-02 01:53 483328]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-02 01:53 118784]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-01-02 01:53 114741]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-02 01:53 185896]

"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-02 01:54 57344]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2007-12-20 07:14 208952]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2007-12-20 07:14 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2007-12-20 07:14 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-12-20 07:14 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2007-12-20 07:14 455168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 17:36 100032]

"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2008-01-02 01:54 57344 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2004-08-16 16:45 45056 --a------ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]

2004-09-22 13:08 987136 --a------ C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2005-06-24 14:16 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2005-05-28 21:48 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

2005-04-02 22:08 98304 --a------ C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]

2003-03-31 19:28 155648 --a------ C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Viewpoint Manager Service"=2 (0x2)

"StarWindService"=2 (0x2)

"Pml Driver HPZ12"=3 (0x3)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"LiveUpdate"=3 (0x3)

"iPodService"=3 (0x3)

"IDriverT"=3 (0x3)

"comHost"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"Adobe LM Service"=3 (0x3)

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-09-02 21:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f31d8fe-21d6-11d9-928a-000c76ff2271}]

\Shell\AutoRun\command - H:\setupSNK.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-12-19 21:53:35 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"

- C:\Program Files\AdwareAlert\AdwareAlert.ex

- C:\Program Files\AdwareAlert

"2007-12-06 23:50:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"

- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]

"2007-12-15 02:01:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-02 13:05:19

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-02 13:06:22

C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 19:06:00

C:\qoobox\ComboFix2.txt 2008-01-02 15:02:19

C:\qoobox\ComboFix3.txt 2007-12-20 13:48:47

C:\qoobox\ComboFix4.txt 2007-12-20 04:52:57

.

2008-01-02 14:35:19 --- E O F ---

Share this post


Link to post
Share on other sites

Here's a new HijackThis Log...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:54:55 PM, on 1/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab

O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10375 bytes

Share this post


Link to post
Share on other sites

These errors are because Norton is totally corrupted.

This is a really bad infection that you have, but we've almost gotten rid of it.

------w			84,640 2008-01-02 07:53:49  C:\Program Files\Common Files\Symantec Shared\ccApp .exe

You can see here this file doesn't look right.

Would you be able to uninstall it? As its expired I would strongly recommend you do that, you can get some great free Anti-Virus programs that wont slow your computer down like Norton/Symantec does.

Click Start, then Control Panel. Open Add/Remove Programs and look for Norton/Symantec Anti-Virus, or the security package it came bundled with.

Norton (like a virus) sometimes cannot be uninstalled. If so, you will need the Norton removal tool. You can get that HERE

You will need to install a new Anti-Virus quickly. You can look HERE for some free ones. I recommend and personally use AVAST!

Note:Try to keep the time you are online to a minimum. As your computer is almost clean, you don't want to get reinfected.

Let me know if you have any problems in a reply.

Edited by sarahw

Share this post


Link to post
Share on other sites

Great!

Can you please run the Kapersky Online scanner.

Post a fresh Hijack This log in a reply with the kapersky report.

:)

Share this post


Link to post
Share on other sites

Here is the log from the virus scan I completed.

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, January 02, 2008 11:56:47 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 3/01/2008

Kaspersky Anti-Virus database records: 501803

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

I:\

J:\

Scan Statistics:

Total number of scanned objects: 152088

Number of viruses found: 19

Number of infected objects: 922

Number of suspicious objects: 0

Duration of the scan process: 02:57:53

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\history.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\parent.lock Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rkwhs3ov.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\HP\Digital Imaging\bin\backupnotify.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\Microsoft Money\System\mnyexpr.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped

C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 1 skipped

C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\Program Files\yvqdgbir\qdsjihqj.dll.vir Infected: Trojan-Downloader.Win32.Zlob.fof skipped

C:\qoobox\Quarantine\C\WINDOWS\SMINST\RECGUARD.EXE.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\dla\tfswctrl.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\drvwek.dll.vir Infected: Trojan.Win32.Dialer.yz skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\hkcmd.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\hphmon05.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\igfxtray.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\mljjk.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\njprckha\njprckha1.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.aa skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\njprckha\njprckha2.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\njprckha\njprckha3.exe.vir Infected: not-a-virus:Downloader.Win32.UltimateFix.d skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\ps2.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\RCX44.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\RCX47.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\RCX48.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\RCX4E.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\catchme2007-12-19_224531.46.zip/mljjk.dll Infected: Virus.Win32.Trats.c skipped

C:\qoobox\Quarantine\catchme2007-12-19_224531.46.zip ZIP: infected - 1 skipped

C:\qoobox\Quarantine\catchme2007-12-20_ 74213.90.zip/mljjk.dll Infected: Virus.Win32.Trats.c skipped

C:\qoobox\Quarantine\catchme2007-12-20_ 74213.90.zip/rqronno.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cln skipped

C:\qoobox\Quarantine\catchme2007-12-20_ 74213.90.zip ZIP: infected - 2 skipped

C:\qoobox\Quarantine\catchme2008-01-02_ 85714.23.zip/mljjk.dll Infected: Virus.Win32.Trats.c skipped

C:\qoobox\Quarantine\catchme2008-01-02_ 85714.23.zip/osCheck.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\catchme2008-01-02_ 85714.23.zip/ccApp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\qoobox\Quarantine\catchme2008-01-02_ 85714.23.zip ZIP: infected - 3 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056956.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056959.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056961.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056963.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056964.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056965.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056966.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056967.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056968.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056969.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056970.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056971.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056976.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056980.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0056999.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057001.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057002.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057003.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057005.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057006.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057007.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057008.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057009.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057010.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057011.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057013.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP820\A0057019.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057067.dll Infected: Trojan-Downloader.Win32.Zlob.fof skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057068.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.aa skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057069.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057070.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.d skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057071.dll Infected: Trojan.Win32.Dialer.yz skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057074.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057076.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057076.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057081.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057089.dll Infected: Virus.Win32.Trats.c skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057109.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057110.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057114.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057115.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057117.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057118.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057119.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057120.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057121.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057122.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057123.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057124.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057127.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057128.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP823\A0057138.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057199.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057200.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057202.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057203.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057204.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057205.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057206.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057207.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057208.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057209.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057210.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057211.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057212.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057215.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057249.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057250.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP825\A0057251.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0057269.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cln skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058212.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058213.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058214.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058215.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058217.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058218.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058219.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058221.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058222.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058223.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058224.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058225.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058226.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058227.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058229.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0058235.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058362.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058363.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058364.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058365.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058367.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058368.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058369.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058370.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058371.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058372.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058373.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058374.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058375.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058376.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058377.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058378.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP827\A0058383.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP828\A0058392.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP828\A0058393.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP828\A0058394.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP828\A0058395.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP828\A0058396.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058419.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058420.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058421.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058422.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058423.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058425.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058426.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058427.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058428.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058429.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058430.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058431.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058432.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058433.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058434.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058438.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0058443.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058461.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058462.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058464.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058465.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058466.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058467.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058469.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058470.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058471.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058472.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058473.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058474.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058475.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058476.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058477.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058478.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058479.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058480.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058516.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058518.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058520.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058521.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058522.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058523.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058525.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058527.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058532.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058533.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058540.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058542.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058543.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058545.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058546.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058548.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058549.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058550.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058551.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058552.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058553.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058554.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058555.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058556.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058557.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058558.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058559.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058560.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058561.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058562.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0058563.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058601.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058602.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058603.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058604.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058605.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058606.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058608.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058609.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058610.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058611.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058612.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058613.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058614.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058615.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058617.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058618.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP833\A0058620.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058625.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058626.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058627.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058628.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058629.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058641.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058642.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058643.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058644.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058645.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058646.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058647.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058648.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058649.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058650.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058651.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058652.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058653.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058654.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058655.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058656.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058657.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058658.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058659.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058660.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058661.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058662.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058663.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058664.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058665.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058666.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP834\A0058671.dll Infected: Virus.Win32.Trats.c skipped

C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP836\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{C93236CA-31EC-4962-926C-F618EDDE61EC}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\Perflib_Perfdata_4f0.dat Object is locked skipped

C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

I:\Program Files\Trident Microsystems, Inc\Display Driver\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Trident Microsystems, Inc\trident\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Trident Microsystems, Inc\trident\lessons\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Trident Microsystems, Inc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\WinRAR\Formats\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Skins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\avs\newpicks\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\avs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\Images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\ValentinesDancer\sayings\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\ValentinesDancer\resources\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\ValentinesDancer\names\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\ValentinesDancer\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Atomic\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Atomic\models\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Atomic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Dotorama\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Dream\arsc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Dream\rsc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Dream\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Terrain\Art\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Terrain\Models\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\Terrain\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\wtvis\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\wt\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\CLIMAX PRESETS\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\CLIMAX PALETTES\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\G-Force ColorMaps\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\G-Force DeltaFields\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\G-Force Particles\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\G-Force WaveShapes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\G-Force\Extras\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\G-Force\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\ml\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\Plugins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\AOD\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Winamp\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\AnalogX\Scratch\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\AnalogX\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\WinZip\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\OutputFiles\no artist\no title\New Folder\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\OutputFiles\no artist\no title\New Folder (2)\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\OutputFiles\no artist\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\OutputFiles\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\OutputFiles\unknown artist\New CD\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\OutputFiles\unknown artist\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\blues\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\classical\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\country\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\data\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\folk\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\jazz\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\misc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\newage\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\reggae\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\rock\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\soundtrack\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\LocalCDDB\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\cdex 130\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\motion\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Palettes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\AEFilters\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\sweet\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Common\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Components\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Tools\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Codecs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Help\Icons\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Help\Graphics\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Help\Htmfiles\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Help\Styles\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Help\Context\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\Help\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Plug-ins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Settings\DV - NTSC\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Settings\DV - PAL\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Settings\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\system\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Sample Folder\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Help\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Help\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Project-Archive\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Adobe Premiere Preview Files\trunks.TMP\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\Adobe Premiere Preview Files\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Premiere 6.0\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Movie\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\InterTrust\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\JavaScripts\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\SPPlugins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\Optional\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\Legal\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Reader\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Resource\Font\PFM\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Resource\Font\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Resource\CMap\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Resource\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Help\ENU\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\Help\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Acrobat 5.0\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Legal\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Required\ImageReady Default Actions\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Required\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Helpers\Jump To Graphics Editor\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Helpers\Jump To HTML Editor\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Helpers\Preview In\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Helpers\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Optimized Colors\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Optimized Output Settings\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Optimized Settings\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Brushes\Adobe Photoshop Only\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Brushes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Color Books\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Color Swatches\Adobe Photoshop Only\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Color Swatches\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Custom Shapes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\Duotones\Gray-Black Duotones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\Duotones\PANTONE® Duotones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\Duotones\Process Duotones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\Duotones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\Quadtones\Gray Quadtones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\Quadtones\PANTONE® Quadtones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\Quadtones\Process Quadtones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\Quadtones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\TRITONE\Gray Tritones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\TRITONE\PANTONE® Tritones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\TRITONE\Process Tritones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\TRITONE\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Duotones\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Gradients\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Layouts\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Patterns\Adobe ImageReady Only\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Patterns\PostScript Patterns\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Patterns\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Photoshop Actions\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Contours\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Styles\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Textures\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Horizontal Blue & Gray\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Horizontal Blue & Gray\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Horizontal Dark\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Horizontal Dark\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Horizontal Frame\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Horizontal Light\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Horizontal Patterned\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Horizontal Patterned\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Simple\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table - Blue\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Table - Blue\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Vertical Frame\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Vertical Slide Show 1\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Vertical Slide Show 2\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\Vertical Slide Show 2\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\WebContactSheet\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\Tools\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\ZoomView\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Presets\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Displacement Maps\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Effects\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\File Formats\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Filters\Lighting Styles\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Filters\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Import-Export\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Parser\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Digimarc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\Automate\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\Extensions\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\File Formats\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\Filters\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\Import-Export\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe ImageReady Only\File Formats\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe ImageReady Only\Filters\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe ImageReady Only\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\ImageReady Droplets\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\Photoshop Droplets\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Samples\Droplets\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Samples\ImageReady Animations\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Samples\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Help\images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\Adobe\Photoshop 7.0\Help\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\VST\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\Wasp\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\Wasp\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\3x Osc\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\3x Osc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\BeepMap\Images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\BeepMap\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\BeepMap\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\Plucked!\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\Plucked!\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\MIDI out\Data\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\MIDI out\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\MIDI out\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Generators\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Effects\Fruity wrapper\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Effects\Fruity wrapper\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Effects\Fruity NoteBook\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Effects\Fruity PanOMatic\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Effects\Fruity PanOMatic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Effects\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Effects\Fruity PanOMatic\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Effects\Fruity PanOMatic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Effects\Fruity NoteBook\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Effects\Fruity wrapper\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Effects\Fruity wrapper\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Effects\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\MIDI out\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\MIDI out\Data\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\MIDI out\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\Plucked!\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\Plucked!\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\BeepMap\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\BeepMap\Images\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\BeepMap\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\3x Osc\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\3x Osc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\Wasp\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\Wasp\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\Fruity wrapper\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\Fruity wrapper\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\SimSynth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\Generators\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\Fruity\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Plugins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Config\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Goodies\FLP file format\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Goodies\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Help\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Internet\About\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Internet\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Basic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Cool stuff\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Cover songs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\DrumSynth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\MIDI\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Remixes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Songwriters\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\TS404\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Covers\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Misc\DrumSynth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Misc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\Tutorial\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Loops\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Artwork\Full\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Artwork\Wallpapers\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Artwork\Skins\Default\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Artwork\Skins\New steps\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Artwork\Skins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Artwork\Demo\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Artwork\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\WAV\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\MIDI\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\8 channels\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\Acoustic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\CR 78\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\CR 8000\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\Effects\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\Electro\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\Percussion\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\R & B\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\Techno\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\TR 808\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\TR 909\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\DrumSynth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\Basic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\Basic TS404\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\Club basic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\Empty\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\Studio\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\808\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\ReBirth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumKits\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Shapes\Basic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Shapes\Extra\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Shapes\Instruments\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Shapes\ml_shapes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Shapes\Andrew\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Shapes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\bass\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\drums\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Echo delay FX\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Extra\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\FX\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Long\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\misc synths\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Short\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\string vars\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Strings\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Synth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Andrew\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\Guitar\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Instruments\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\Basses\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\General\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\HiHats\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\Instruments\Looped\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\Instruments\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\Kicks\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\Snares\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\Stabs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\Voices\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Basic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\ReBirth import (LQ)\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\Vintage\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Packs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DS_Instruments\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DS_Various\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\TS404 presets\Extra\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\TS404 presets\Extra2\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\TS404 presets\Extra3\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\TS404 presets\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity 7 band EQ\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity delay\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity filter\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity free filter\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity reeverb\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\WASP\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Plucked!\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\BeepMap\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\3x Osc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\MIDI out\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity phaser\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity PanOMatic\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity flanger\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\Fruity wrapper\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\SimSynth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FX presets\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Humanize presets\Grooves\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Humanize presets\Level\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Humanize presets\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SS_Effects\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SS_Instruments\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SS2_Effects\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SS2_Extra\2.7\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SS2_Extra\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SS2_Instruments\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SS2_Riffs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\TS404 shapes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Used by tunes\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Channel presets\BeepMap\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Channel presets\3x Osc\Effects\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Channel presets\3x Osc\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\Channel presets\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumSynth\Fuzz\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumSynth\Instruments\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumSynth\Various\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\DrumSynth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SimSynth\Effects\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SimSynth\Effects 2\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SimSynth\Extra\2.7\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SimSynth\Extra\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SimSynth\Instruments\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SimSynth\Instruments 2\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SimSynth\Riffs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\SimSynth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\System\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\STARTSONG\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Samples\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\3D Wheels\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Big Scope\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Dark keyboard\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Default\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Grip\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Lights\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Magnum\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\My little playlist\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Red LCD\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Red White Keys\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\Wide\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins 3\Default\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins 3\New steps\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Skins 3\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Texts\html\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Texts\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Tools\BeatSlicer\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Tools\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\Trash bin\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\FruityLoops\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\igowin\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\CHANGJIE\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\PowerDVD\Skins\Crystal\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\PowerDVD\Skins\Neo\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\PowerDVD\Skins\Oscar\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\PowerDVD\Skins\Epiphany\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\PowerDVD\Skins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\PowerDVD\HTML\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\Program Files\PowerDVD\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\RECYCLED\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\audio\soundforge\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\audio\ACID\songs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\audio\ACID\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\audio\rebirth2\Default Songs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\audio\rebirth2\Demo Songs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\audio\rebirth2\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\audio\ZILLION\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\FAILSAFE.DRV\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\unzipped\cdex_130\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\unzipped\cheatsheet_compiler\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Bee's Stuff\dload\sites\Main\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Bee's Stuff\dload\sites\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Bee's Stuff\dload\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Bee's Stuff\dload\flashget dl.exe/WISE0018.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

I:\My Documents BEE\Bee's Stuff\dload\flashget dl.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped

I:\My Documents BEE\Bee's Stuff\dload\flashget dl.exe WiseSFX: infected - 2 skipped

I:\My Documents BEE\Bee's Stuff\dload\setup.exe/data0009/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

I:\My Documents BEE\Bee's Stuff\dload\setup.exe/data0009/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

I:\My Documents BEE\Bee's Stuff\dload\setup.exe/data0009/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

I:\My Documents BEE\Bee's Stuff\dload\setup.exe/data0009/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

I:\My Documents BEE\Bee's Stuff\dload\setup.exe/data0009/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

I:\My Documents BEE\Bee's Stuff\dload\setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

I:\My Documents BEE\Bee's Stuff\dload\setup.exe NSIS: infected - 6 skipped

I:\My Documents BEE\Bee's Stuff\dload\B T\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Bee's Stuff\dload\PowerDVD 5.0\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Bee's Stuff\Faye's Stuff\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Bee's Stuff\Anime\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Bee's Stuff\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\system\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\addons\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\skins\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped

I:\My Documents BEE\sysreset\download\bm98\3am\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\housecat\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\applejuice2\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\Docs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\Image\BM\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\Image\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\success\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\loverebirth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\breeze\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\download\bm98\lovesrebirth_truthmix\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\logs\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\sounds\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\sysreset\sysreset251.exe/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped

I:\My Documents BEE\sysreset\sysreset251.exe RAR: infected - 1 skipped

I:\My Documents BEE\sysreset\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\East\news\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\East\music\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\East\culture\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\East\anime\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\East\language\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\East\film\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\East\D V D\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\East\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

I:\My Documents BEE\Online UrL\BellSouth\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\DATA\EN\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\LANG\PQ\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\LANG\QR\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\LANG\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\BOM\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\ACC\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\QRIA\APPL.ZIP\INSTALL\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\QRIA\APPL.ZIP\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\QRIA\CPQS\QUICKSR\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\QRIA\CPQS\SUPPORT\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\QRIA\CPQS\TOOLS\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\QRIA\CPQS\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\QRIA\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\TOOLS\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\PATCHES\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQS\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1512970A06\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1512970A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151297\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151308\B2A30\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151308\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151308\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151360\B2A03\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151360\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151360\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151370\B2A05\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151370\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151370\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1514160A16\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1514160A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151416\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1515520A15\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1515520A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151552\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151558\B2A12\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151558\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151558\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1515800D01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1515800D\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151580\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151616\B2A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151616\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151616\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516360A05\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516360A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151636\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516620A12\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516620A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151662\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516890A04\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516890A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151689\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516900A04\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516900A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151690\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516950A04\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1516950A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151695\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151697\B2A03\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151697\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151697\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151716\B2A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151716\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\151716\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\155959\B2A22\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\155959\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\155959\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1559920A03\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1559920A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\155992\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1559930A13\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1559930A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\155993\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1559940A06\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1559940A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\155994\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156020\B2A11\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156020\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156020\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1560280A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1560280A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156028\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156029\B2A02\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156029\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156029\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1561150A02\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1561150A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156115\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156121\B2A02\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156121\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156121\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1561990A04\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1561990A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156199\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156208\B2A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156208\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156208\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562090A04\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562090A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156209\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562110A02\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562110A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156211\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562130A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562130A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156213\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562140A02\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562140A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156214\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562220A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562220A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156222\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562230A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562230A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156223\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562240A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562240A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156224\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562250A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562250A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156225\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562260A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562260A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156226\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562310A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562310A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156231\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562500A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1562500A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156250\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156261\B2A02\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156261\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156261\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156354\B2A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156354\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156354\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156368\B2A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156368\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156368\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\ICONS\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1559230A03\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1559230A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\155923\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1560250A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1560250A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156025\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156036\B2A13\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156036\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156036\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156045\B2A06\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156045\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156045\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156080\B2A09\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156080\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156080\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1560850A07\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\1560850A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\156085\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3249380H08\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3249380H\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\324938\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3249510R18\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3249510R\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\324951\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3249990L16\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3249990L\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\324999\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3518090D06\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3518090D\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\351809\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3520710D04\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3520710D\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\352071\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\352115\B2A19\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\352115\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\352115\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3522000A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\3522000A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\352200\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\352204\B2A01\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\352204\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\352204\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\400635\B2A21\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\400635\B2A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\400635\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\4006380A04\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\4006380A\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\400638\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\CPQDRV\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\RECYCLED\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

J:\msdownld.tmp\FOLDER.HTT Infected: Virus.VBS.Redlof.a skipped

Scan process completed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.