1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Awola program--How do I remove it?

Discussion in 'Virus & Other Malware Removal' started by laurenyce, Dec 2, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. laurenyce

    laurenyce Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    7
    I keep getting pop-ups and a little notification at the bottom right of my screen saying: "Your computer is infected! Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware."

    I clicked it and found that it was installing a program "Awola," which I later found to be some sort of spyware or something. I uninstalled and did some Ad Aware scans (both in normal and safe modes), but I keep getting this notification CONSTANTLY. It's really annoying. Can anyone help?

    Thanks!!
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download TrendMicro Hijackthis from Here to your Desktop.
    • Double-Click on HJTInstall.exe
    • Follow the prompts and allow it to create TrendMicro folder in Program Files.
    • Check Create Desktop Icon.
    • On your Desktop, Double-Click on Hijackthis.exe.
    • Click on Do A System Scan and Save a Log File.
    • In your next reply, copy and paste the Hijackthis log.


    =======================================

    Please download SmitfraudFix
    to your Desktop.
    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  3. laurenyce

    laurenyce Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    7
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:51:50 PM, on 12/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\ureufypn.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\WinAble\winable.exe
    C:\Documents and Settings\Lauren Wilkey\Application Data\pptf.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    F2 - REG:system.ini: UserInit=Userinit.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [{F5-52-23-35-ZN}] C:\Documents and Settings\Lauren Wilkey\Local Settings\Temp\thinksnet.exe CHD003
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D2933202228B28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE395672F910E3C49D775A67
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hosydaqal] C:\Program Files\Online Services\hosydaqal77798.exe
    O4 - HKLM\..\Run: [807f529a] rundll32.exe "C:\WINDOWS\system32\tyesiwsp.dll",b
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [mmuk] C:\PROGRA~1\COMMON~1\mmuk\mmukm.exe
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Lauren Wilkey\Application Data\xjgpohhqrilh.exe
    O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\Lauren Wilkey\Application Data\Awola\Awola.exe" /MIN
    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Lauren Wilkey\Local Settings\Temp\thinksnet.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGF1cmVuIFdpbGtleQ\command.exe (file missing)
    O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Lauren Wilkey\Desktop\CWShredder.exe (file missing)
    O23 - Service: DomainService - - C:\WINDOWS\system32\ureufypn.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8924 bytes







    SmitFraudFix v2.257

    Scan done at 13:06:28.96, Sun 12/02/2007
    Run from C:\Documents and Settings\Lauren Wilkey\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lauren Wilkey


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lauren Wilkey\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    \info.exe FOUND !
    \info.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»»


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Download Combofix and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------
    Please go to Start---> Run---> In the space provided, type "%userprofile%\Desktop\ComboFix.exe" /killall
    & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  5. laurenyce

    laurenyce Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    7
    ComboFix 07-12-02.5 - Lauren Wilkey 2007-12-02 13:53:46.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.186 [GMT -5:00]
    Running from: C:\Documents and Settings\Lauren Wilkey\Desktop\ComboFix.exe
    Command switches used :: /killall
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
    C:\Documents and Settings\Lauren Wilkey\Application Data\WinAntiSpyware 2007
    C:\Documents and Settings\Lauren Wilkey\Application Data\WinAntiSpyware 2007\Logs\update.log
    C:\Documents and Settings\Lauren Wilkey\Start Menu\Programs\Startup\ta_start.lnk
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\Program Files\Insider
    C:\Program Files\Temporary
    C:\Program Files\WinAble
    C:\Program Files\WinAble\winable.exe
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\fse
    C:\Temp\fse\tmpZTF.log
    C:\WINDOWS\b103.exe
    C:\WINDOWS\b104.exe
    C:\WINDOWS\b111.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\b128.exe
    C:\WINDOWS\b138.exe
    C:\WINDOWS\b143.exe
    C:\WINDOWS\b147.exe
    C:\WINDOWS\b149.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\mrofinu1000106.exe
    C:\WINDOWS\ppatch~1
    C:\WINDOWS\system32\agierjjh.exe
    C:\WINDOWS\system32\aiypjlnh.ini
    C:\WINDOWS\system32\aqlnwkyn.exe
    C:\WINDOWS\system32\awitccsf.dll
    C:\WINDOWS\system32\bsdhoeqf.dll
    C:\WINDOWS\system32\buwgdshr.exe
    C:\WINDOWS\system32\bvgdksal.exe
    C:\WINDOWS\system32\byyclfyq.exe
    C:\WINDOWS\system32\cnvokhov.dll
    C:\WINDOWS\system32\cqjojsmr.exe
    C:\WINDOWS\system32\cxndncoe.exe
    C:\WINDOWS\system32\ddcyxvt.dll
    C:\WINDOWS\system32\dmvyjffo.dll
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\dryrpsyx.dll
    C:\WINDOWS\system32\dsuljjhs.exe
    C:\WINDOWS\system32\dvmowrgl.exe
    C:\WINDOWS\system32\dwxygyag.exe
    C:\WINDOWS\system32\eebrayhy.ini
    C:\WINDOWS\system32\eintclgy.dll
    C:\WINDOWS\system32\eixafvvi.dll
    C:\WINDOWS\system32\esrfepxt.exe
    C:\WINDOWS\system32\evgumnnd.exe
    C:\WINDOWS\system32\f02WtR
    C:\WINDOWS\system32\fammqvuk.exe
    C:\WINDOWS\system32\fjuybwho.exe
    C:\WINDOWS\system32\fpnibofb.exe
    C:\WINDOWS\system32\fqeohdsb.ini
    C:\WINDOWS\system32\fscctiwa.ini
    C:\WINDOWS\system32\gammvwau.exe
    C:\WINDOWS\system32\garanavv.exe
    C:\WINDOWS\system32\gebyy.dll
    C:\WINDOWS\system32\gmvdilvt.exe
    C:\WINDOWS\system32\goxpjfkk.exe
    C:\WINDOWS\system32\hnljpyia.dll
    C:\WINDOWS\system32\ihkeamug.exe
    C:\WINDOWS\system32\ikhntdgc.dll
    C:\WINDOWS\system32\iyvbswri.dll
    C:\WINDOWS\system32\jjgvayvk.exe
    C:\WINDOWS\system32\jkkaapjk.exe
    C:\WINDOWS\system32\mritdhtr.exe
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\ncdupsma.exe
    C:\WINDOWS\system32\nivjoslb.exe
    C:\WINDOWS\system32\nkindrno.exe
    C:\WINDOWS\system32\nrtrdbdu.dll
    C:\WINDOWS\system32\ogwejyhi.exe
    C:\WINDOWS\system32\prgvleew.dll
    C:\WINDOWS\system32\pswiseyt.ini
    C:\WINDOWS\system32\qkpqqbmu.dll
    C:\WINDOWS\system32\qvqnvwwh.exe
    C:\WINDOWS\system32\qwhvnlgi.exe
    C:\WINDOWS\system32\rfbvcfbt.ini
    C:\WINDOWS\system32\rhstvajy.exe
    C:\WINDOWS\system32\rwqhxees.dll
    C:\WINDOWS\system32\sdxpxsox.exe
    C:\WINDOWS\system32\sptll.dll
    C:\WINDOWS\system32\srhrarkh.exe
    C:\WINDOWS\system32\stcexcce.exe
    C:\WINDOWS\system32\sytijkdc.exe
    C:\WINDOWS\system32\tbfcvbfr.dll
    C:\WINDOWS\system32\tjoekfix.exe
    C:\WINDOWS\system32\tyesiwsp.dll
    C:\WINDOWS\system32\umbqqpkq.ini
    C:\WINDOWS\system32\ureufypn.exe
    C:\WINDOWS\system32\veuhosxs.exe
    C:\WINDOWS\system32\vimyyuot.dll
    C:\WINDOWS\system32\vpcglvuf.exe
    C:\WINDOWS\system32\vpchigui.exe
    C:\WINDOWS\system32\winnb58.dll
    C:\WINDOWS\system32\winticomsv32.exe
    C:\WINDOWS\system32\wrbgrase.dll
    C:\WINDOWS\system32\xiiwapsb.dll
    C:\WINDOWS\system32\xjnadkfa.exe
    C:\WINDOWS\system32\xnkluach.exe
    C:\WINDOWS\system32\xxsmapxi.exe
    C:\WINDOWS\system32\yantmjtw.exe
    C:\WINDOWS\system32\yhyarbee.dll
    C:\WINDOWS\system32\yhydhspr.dll
    C:\WINDOWS\system32\yisobnai.exe
    C:\WINDOWS\system32\yospimhb.exe
    C:\WINDOWS\system32\yybeg.bak1
    C:\WINDOWS\system32\yybeg.bak2
    C:\WINDOWS\system32\yybeg.ini
    C:\WINDOWS\system32\yybeg.tmp
    C:\WINDOWS\TGF1cmVuIFdpbGtleQ\

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_FOPN
    -------\ApiMon
    -------\cmdService
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
    .

    2007-12-02 13:06 . 2007-12-02 13:06 4,420 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-02 13:03 . 2007-12-02 13:07 <DIR> d-------- C:\Documents and Settings\Lauren Wilkey\SmitfraudFix
    2007-12-01 23:25 . 2007-12-01 11:24 12,800 --a------ C:\Documents and Settings\Lauren Wilkey\Application Data\xjgpohhqrilh.exe
    2007-12-01 21:36 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-01 21:32 . 2007-12-01 21:32 489,984 --a------ C:\Documents and Settings\Lauren Wilkey\load.exe
    2007-12-01 21:04 . 2007-12-01 11:24 12,800 --a------ C:\Documents and Settings\Lauren Wilkey\Application Data\pptf.exe
    2007-12-01 19:20 . 2007-12-01 11:24 12,800 --a------ C:\Documents and Settings\Lauren Wilkey\Application Data\knznkcmyaz.exe
    2007-12-01 16:09 . 2007-12-02 00:21 0 --ahs---- C:\Documents and Settings\Lauren Wilkey\Application Data\3ff91e1a3122b20034aa8d03d3fc4b197ae7ba93.dat
    2007-12-01 11:24 . 2007-12-01 11:24 12,800 --a------ C:\info.exe
    2007-12-01 11:24 . 2007-12-01 11:24 12,800 --a------ C:\Documents and Settings\Lauren Wilkey\Application Data\kik.exe
    2007-11-29 18:24 . 2007-12-01 11:33 729,228 --ahs---- C:\WINDOWS\system32\grgftsvj.ini
    2007-11-28 18:21 . 2007-11-29 18:21 743,556 --ahs---- C:\WINDOWS\system32\rpgwshbu.ini
    2007-11-27 18:24 . 2007-11-27 18:27 784,374 --ahs---- C:\WINDOWS\system32\avneavyu.ini
    2007-11-26 18:21 . 2007-11-27 18:21 784,305 --ahs---- C:\WINDOWS\system32\gevkjrfi.ini
    2007-11-25 18:27 . 2007-11-26 05:12 775,842 --ahs---- C:\WINDOWS\system32\glcalgma.ini
    2007-11-24 18:42 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
    2007-11-24 18:42 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys
    2007-11-23 17:24 . 2007-11-23 17:24 1,151,072 --ahs---- C:\WINDOWS\system32\vdicuvmm.ini
    2007-11-22 17:24 . 2007-11-22 17:24 909,172 --ahs---- C:\WINDOWS\system32\wyslstvh.ini
    2007-11-21 17:24 . 2007-11-22 21:56 210 --a------ C:\WINDOWS\system32\dssjjhge.tmp
    2007-11-21 17:23 . 2007-11-21 17:24 842,787 --ahs---- C:\WINDOWS\system32\dssjjhge.ini
    2007-11-20 17:20 . 2007-11-21 17:21 842,727 --ahs---- C:\WINDOWS\system32\fpgrpifr.ini
    2007-11-19 17:19 . 2007-11-20 17:20 689,181 --ahs---- C:\WINDOWS\system32\bwjqqaoc.ini
    2007-11-18 17:22 . 2007-11-18 17:22 0 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-11-17 17:16 . 2007-11-18 17:16 86,691 --ahs---- C:\WINDOWS\system32\pnnwtwid.ini
    2007-11-16 17:16 . 2007-11-16 17:16 687,440 --ahs---- C:\WINDOWS\system32\qvyuwtcc.ini
    2007-11-15 17:22 . 2007-11-15 17:22 597,964 --ahs---- C:\WINDOWS\system32\firapdue.ini
    2007-11-14 17:18 . 2007-11-15 17:18 618,522 --ahs---- C:\WINDOWS\system32\ccvnvrog.ini
    2007-11-13 17:24 . 2007-11-13 17:24 617,125 --ahs---- C:\WINDOWS\system32\febkfojd.ini
    2007-11-12 17:18 . 2007-11-13 17:18 663,039 --ahs---- C:\WINDOWS\system32\bxbcrhoc.ini
    2007-11-11 17:21 . 2007-11-11 17:21 578,990 --ahs---- C:\WINDOWS\system32\sugwebic.ini
    2007-11-10 17:21 . 2007-11-10 17:21 578,930 --ahs---- C:\WINDOWS\system32\wcknptgf.ini
    2007-11-09 17:18 . 2007-11-10 17:18 578,870 --ahs---- C:\WINDOWS\system32\gieotkon.ini
    2007-11-08 17:21 . 2007-11-08 17:21 583,421 --ahs---- C:\WINDOWS\system32\ayaeofwv.ini
    2007-11-08 08:26 . 2007-12-01 23:26 43,063 --a------ C:\WINDOWS\acdt-pid70.exe
    2007-11-07 17:18 . 2007-11-08 17:18 583,361 --ahs---- C:\WINDOWS\system32\tcdbngyg.ini
    2007-11-06 22:22 . 2007-12-01 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-06 22:22 . 2007-11-06 22:22 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-06 22:19 . 2007-11-06 22:21 <DIR> d-------- C:\Program Files\iTunes
    2007-11-06 21:56 . 2007-11-06 21:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-11-06 21:54 . 2007-11-06 21:54 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-11-06 21:54 . 2007-11-06 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-06 17:21 . 2007-11-06 21:09 575,989 --ahs---- C:\WINDOWS\system32\isonvnkb.ini

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-02 17:51 --------- d-----w C:\Program Files\Trend Micro
    2007-12-01 16:03 --------- d-----w C:\Program Files\Lx_cats
    2007-11-07 03:20 --------- d-----w C:\Program Files\iPod
    2007-11-07 03:14 --------- d-----w C:\Program Files\QuickTime
    2007-11-07 02:58 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-06 22:47 --------- d-----w C:\Program Files\Google
    2007-11-01 23:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-30 00:53 --------- d-----w C:\Program Files\AlphaZIP
    2007-10-10 14:11 --------- d-----w C:\Program Files\Java
    2007-10-03 15:10 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
    2006-09-16 20:35 30,160 ----a-w C:\Documents and Settings\Lauren Wilkey\scandisk.exe
    2005-04-11 21:08 331,776 ----a-w C:\Program Files\mpSept.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{709646FE-5909-4CF0-8535-0D3A8F7FDC87}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "ares"="C:\Program Files\Ares\Ares.exe" [2007-03-05 09:28]
    "mmuk"="C:\PROGRA~1\COMMON~1\mmuk\mmukm.exe" []
    "Microsft Windows Adapter 5.1.3013"="C:\Documents and Settings\Lauren Wilkey\Application Data\xjgpohhqrilh.exe" [2007-12-01 11:24]
    "Awola"="C:\Documents and Settings\Lauren Wilkey\Application Data\Awola\Awola.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 22:40]
    "ATIModeChange"="Ati2mdxx.exe" [2003-10-07 22:41 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-11 23:10]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 15:50]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 11:54]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 15:24]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-02-24 00:26 C:\WINDOWS\system32\nwiz.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 12:05 C:\WINDOWS\AGRSMMSG.exe]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-02 02:40]
    "Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-03-25 08:30]
    "LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 11:30]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-07-07 13:56]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48]
    "{F5-52-23-35-ZN}"="C:\Documents and Settings\Lauren Wilkey\Local Settings\Temp\thinksnet.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
    "hosydaqal"="C:\Program Files\Online Services\hosydaqal77798.exe" [2007-08-07 15:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xtldr32]
    xtldr32.dll

    S3 PhDebug32;PhDebug32;\??\c:\bios\hr60\debug32.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d8a49a2-5e32-11db-8ff0-85d10687efdb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-28 13:02:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2006-01-26 18:35:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-02 14:08:28
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?8?0?8??????? ?deB???????????????B? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-02 14:18:52 - machine was rebooted
    .
    --- E O F ---







    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:22:25 PM, on 12/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Online Services\hosydaqal77798.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Ares\Ares.exe
    C:\Documents and Settings\Lauren Wilkey\Application Data\xjgpohhqrilh.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {709646FE-5909-4CF0-8535-0D3A8F7FDC87} - \
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [{F5-52-23-35-ZN}] C:\Documents and Settings\Lauren Wilkey\Local Settings\Temp\thinksnet.exe CHD003
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hosydaqal] C:\Program Files\Online Services\hosydaqal77798.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [mmuk] C:\PROGRA~1\COMMON~1\mmuk\mmukm.exe
    O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Lauren Wilkey\Application Data\pnzvdn.exe
    O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\Lauren Wilkey\Application Data\Awola\Awola.exe" /MIN
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O20 - Winlogon Notify: xtldr32 - xtldr32.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Lauren Wilkey\Desktop\CWShredder.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8375 bytes
     
  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Download the attached file CFScript.txt to your Desktop


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this computer only!!!!

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

    Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
     

    Attached Files:

  7. laurenyce

    laurenyce Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    7
    ComboFix 07-12-02.5 - Lauren Wilkey 2007-12-02 20:42:49.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190 [GMT -5:00]
    Running from: C:\Documents and Settings\Lauren Wilkey\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lauren Wilkey\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Lauren Wilkey\Application Data\3ff91e1a3122b20034aa8d03d3fc4b197ae7ba93.dat
    C:\Documents and Settings\Lauren Wilkey\Application Data\kik.exe
    C:\Documents and Settings\Lauren Wilkey\Application Data\knznkcmyaz.exe
    C:\Documents and Settings\Lauren Wilkey\Application Data\pptf.exe
    C:\Documents and Settings\Lauren Wilkey\Application Data\xjgpohhqrilh.exe
    C:\Documents and Settings\Lauren Wilkey\load.exe
    C:\info.exe
    C:\Program Files\fnts~1
    C:\Program Files\Online Services\hosydaqal77798.exe
    C:\Program Files\QdrDrive
    C:\Program Files\QdrDrive\QdrDrive8.dll
    C:\WINDOWS\acdt-pid70.exe
    C:\WINDOWS\mrofinu72.exe
    C:\WINDOWS\system32\avneavyu.ini
    C:\WINDOWS\system32\ayaeofwv.ini
    C:\WINDOWS\system32\bbadd.bak1
    C:\WINDOWS\system32\bbadd.ini
    C:\WINDOWS\system32\bwjqqaoc.ini
    C:\WINDOWS\system32\bxbcrhoc.ini
    C:\WINDOWS\system32\ccvnvrog.ini
    C:\WINDOWS\system32\ddabb.dll
    C:\WINDOWS\system32\dssjjhge.ini
    C:\WINDOWS\system32\dssjjhge.tmp
    C:\WINDOWS\system32\efccaby.dll
    C:\WINDOWS\system32\febkfojd.ini
    C:\WINDOWS\system32\firapdue.ini
    C:\WINDOWS\system32\fpgrpifr.ini
    C:\WINDOWS\system32\gevkjrfi.ini
    C:\WINDOWS\system32\gieotkon.ini
    C:\WINDOWS\system32\glcalgma.ini
    C:\WINDOWS\system32\grgftsvj.ini
    C:\WINDOWS\system32\isonvnkb.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\pnnwtwid.ini
    C:\WINDOWS\system32\qvyuwtcc.ini
    C:\WINDOWS\system32\rpgwshbu.ini
    C:\WINDOWS\system32\sugwebic.ini
    C:\WINDOWS\system32\tcdbngyg.ini
    C:\WINDOWS\system32\vdicuvmm.ini
    C:\WINDOWS\system32\wcknptgf.ini
    C:\WINDOWS\system32\wyslstvh.ini

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
    .

    2007-12-02 14:17 . 2007-12-01 11:24 12,800 --a------ C:\Documents and Settings\Lauren Wilkey\Application Data\pnzvdn.exe
    2007-12-02 13:06 . 2007-12-02 13:06 4,420 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-02 13:03 . 2007-12-02 13:07 <DIR> d-------- C:\Documents and Settings\Lauren Wilkey\SmitfraudFix
    2007-12-01 21:36 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-11-24 18:42 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
    2007-11-24 18:42 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys
    2007-11-06 22:22 . 2007-12-02 20:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-06 22:22 . 2007-11-06 22:22 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-06 22:19 . 2007-11-06 22:21 <DIR> d-------- C:\Program Files\iTunes
    2007-11-06 21:56 . 2007-11-06 21:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-11-06 21:54 . 2007-11-06 21:54 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-11-06 21:54 . 2007-11-06 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-02 17:51 --------- d-----w C:\Program Files\Trend Micro
    2007-12-01 16:03 --------- d-----w C:\Program Files\Lx_cats
    2007-11-07 03:20 --------- d-----w C:\Program Files\iPod
    2007-11-07 03:14 --------- d-----w C:\Program Files\QuickTime
    2007-11-07 02:58 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-06 22:47 --------- d-----w C:\Program Files\Google
    2007-11-01 23:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-30 00:53 --------- d-----w C:\Program Files\AlphaZIP
    2007-10-10 14:11 --------- d-----w C:\Program Files\Java
    2007-10-03 15:10 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
    2006-09-16 20:35 30,160 ----a-w C:\Documents and Settings\Lauren Wilkey\scandisk.exe
    2005-04-11 21:08 331,776 ----a-w C:\Program Files\mpSept.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "ares"="C:\Program Files\Ares\Ares.exe" [2007-03-05 09:28]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 22:40]
    "ATIModeChange"="Ati2mdxx.exe" [2003-10-07 22:41 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-11 23:10]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 15:50]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 11:54]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 15:24]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-02-24 00:26 C:\WINDOWS\system32\nwiz.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 12:05 C:\WINDOWS\AGRSMMSG.exe]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-02 02:40]
    "Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-03-25 08:30]
    "LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 11:30]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-07-07 13:56]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

    S3 PhDebug32;PhDebug32;\??\c:\bios\hr60\debug32.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d8a49a2-5e32-11db-8ff0-85d10687efdb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-28 13:02:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2006-01-26 18:35:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-02 20:54:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?8?0?8??????? ?deB???????????????B? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-02 20:55:11 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-02 14:18
    .
    --- E O F ---




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:59:24 PM, on 12/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Lauren Wilkey\Desktop\CWShredder.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 7647 bytes
     
  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    I missed this one :eek:


    Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

    Files:
    C:\Documents and Settings\Lauren Wilkey\Application Data\pnzvdn.exe <-- this file



    Please download and install SUPERAntiSpyware
    • Load SUPERAntiSpyware and click the Check for Updates button.
    • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

    IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
    • Open SUPERAntiSpyware and click the Scan your Computer button.
    • Check Perform Complete Scan and then click Next.
    • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
    • Make sure that they all have a check next to them, and then click Next.
    • Click Finish and you will be taken back to the main interface.
    • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
    • I'll need a log afterwards of what has been found.
    • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
    • Please post the results of the SUPERAntiSpyware login your next reply.
     
  9. laurenyce

    laurenyce Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    7
    Thank you so much for all of your help. I deleted that file and ran the SUPERAntiSpyware scan. Here's the log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/02/2007 at 10:29 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3353
    Trace Rules Database Version: 1352

    Scan type : Complete Scan
    Total Scan Time : 00:30:39

    Memory items scanned : 402
    Memory threats detected : 0
    Registry items scanned : 4391
    Registry threats detected : 13
    File items scanned : 24548
    File threats detected : 373

    Adware.Tracking Cookie
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][5].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected]=0_[2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected]=0_[3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][5].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][5].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][7].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected]_41221d046eaa2d418d7b_e60b5155bb60972986da4ef873dbed86_http__[1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][10].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][11].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][12].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][4].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][5].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][6].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][7].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][8].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][9].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][4].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][10].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][11].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][12].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][13].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][14].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][15].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][16].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][17].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][4].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][6].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][7].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][8].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][9].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][10].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][11].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][12].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][13].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][14].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][15].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][16].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][17].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][18].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][19].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][20].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][21].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][22].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][23].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][24].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][25].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][26].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][27].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][28].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][29].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][2].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][30].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][31].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][32].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][33].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][3].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][4].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][5].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][6].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][7].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][8].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][9].txt
    C:\Documents and Settings\Lauren Wilkey\Cookies\lauren [email protected][1].txt
     
  10. laurenyce

    laurenyce Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    7
    Adware.Mirar/NetNucleus
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\system32\WinATS.dll
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
    C:\WINDOWS\Downloaded Program Files\WinATS.inf
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINNB58.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039235.DLL

    Trojan.ISA32
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISA32
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISA32#NextInstance

    Unclassified.Unknown Origin
    C:\PROGRAM FILES\TTC.DLL
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRDRIVE\QDRDRIVE8.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP339\A0039316.DLL

    Trojan.WinAntiSpyware 2007
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\WINANTISPYWARE 2007\WAS7MON.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP286\A0032826.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039232.EXE

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B147.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINTICOMSV32.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035914.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035926.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035935.VBS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035936.VBS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP312\A0037681.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP317\A0037721.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP317\A0037725.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP331\A0038839.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP331\A0038842.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP336\A0039116.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039148.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039150.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039156.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP338\A0039297.EXE

    Trojan.Downloader-Gen/DDC
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AGIERJJH.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BUWGDSHR.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CXNDNCOE.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DSULJJHS.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DVMOWRGL.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ESRFEPXT.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EVGUMNND.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FPNIBOFB.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GAMMVWAU.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GARANAVV.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GMVDILVT.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GOXPJFKK.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IHKEAMUG.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JKKAAPJK.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MRITDHTR.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NIVJOSLB.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OGWEJYHI.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QVQNVWWH.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QWHVNLGI.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SDXPXSOX.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SYTIJKDC.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TJOEKFIX.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VEUHOSXS.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XJNADKFA.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YANTMJTW.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YOSPIMHB.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039158.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039160.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039164.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039165.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039166.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039168.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039169.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039172.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039173.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039174.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039175.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039176.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039177.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039179.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039180.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039182.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039184.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039185.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039186.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039188.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039191.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039192.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039194.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039197.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039200.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039202.EXE

    Adware.eZula
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AQLNWKYN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BVGDKSAL.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BYYCLFYQ.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CQJOJSMR.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWXYGYAG.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FAMMQVUK.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FJUYBWHO.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JJGVAYVK.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NCDUPSMA.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NKINDRNO.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RHSTVAJY.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SRHRARKH.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\STCEXCCE.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UREUFYPN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VPCGLVUF.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VPCHIGUI.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XNKLUACH.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XXSMAPXI.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YISOBNAI.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035878.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035879.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035880.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035881.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035882.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035883.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035884.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035885.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035886.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035887.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035888.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035889.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035890.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035891.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035892.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035893.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035894.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035895.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035896.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035897.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039159.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039161.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039162.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039163.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039167.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039170.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039171.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039178.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039181.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039183.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039187.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039189.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039190.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039193.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039195.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039196.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039198.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039199.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039201.EXE

    Trojan.Net-Winable
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP290\A0032884.EXE

    Adware.Adservs
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035876.EXE

    Adware.Vundo Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035898.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035899.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP339\A0039350.DLL

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035901.DLL

    Trojan.Downloader-Gen/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035923.EXE

    TargetSaver, Inc. Process
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP298\A0035934.EXE

    Trojan.Downloader-Gen/MROFIN
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP318\A0037744.EXE

    Adware.Vundo-Variant/Small-A
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP319\A0037788.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038752.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038753.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038754.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038755.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038756.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038757.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038758.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038759.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP328\A0038760.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP335\A0038998.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP335\A0038999.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP335\A0039000.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP335\A0039001.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP336\A0039062.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039210.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039215.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP337\A0039218.DLL

    Adware.RAC
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP319\A0037803.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP336\A0039093.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP336\A0039108.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP336\A0039138.EXE

    Trojan.Downloader-Gen/MROFINU
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP331\A0038846.EXE

    Adware.ClickSpring
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP338\A0039294.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP338\A0039295.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP338\A0039296.EXE

    Adware.Vundo-Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7135EF05-2099-41CF-8DD2-5CD3E413BD25}\RP339\A0039315.DLL

    Adware.ClickSpring/Yazzle
    C:\WINDOWS\PREFETCH\YAZZLE1552OINADMIN.EXE-01D813FF.PF
    C:\WINDOWS\PREFETCH\YAZZLE1552OINUNINSTALLER.EXE-0F8DAAE0.PF
     
  11. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    How is everything running??
     
  12. laurenyce

    laurenyce Thread Starter

    Joined:
    Dec 2, 2007
    Messages:
    7
    You're a miracle worker! No more pop-ups or Awola. Hooray!

    Can I continue to run SUPERAntiSpyware every so often to keep my computer virus-free?

    Thanks again so much for all your help! :)
     
  13. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Awesome!!!! (y)

    Lets finish things up!!


    Go to Start---> Run---> In the space provided, type ComboFix /u and press enter. This will uninstall ComboFix and all its components.


    yes, i would update it and run it weekly.


    Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

    To SET A NEW RESTORE POINT:
    1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
    2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    3. Then go to Start > Run and type: Cleanmgr
    4. Click "OK".
    5. Click the "More Options" Tab.
    6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    Graphics for doing this are in the following links if you need them.
    How to Create a Restore Point.
    How to use Cleanmgr.

    ======================================

    Here is some useful information on keeping your computer clean:
    1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
    2. Here are two great Preventive programs:
      • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
      • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
    3. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
      • Red for Warning
      • Yellow for Use Caution
      • Green for Safe
      • Grey for Unknown

      Here are the link to install SiteAdisor in Internet Explorer and Firefox
    4. Anti-Spyware Programs I Recommend:
      • Free Anti-Spyware Programs
    5. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Awola program remove
  1. bergstein
    Replies:
    3
    Views:
    841
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/658121

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice