Someone help me PLEASE! my computer keeps restarting randomly!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

electricsparks

Thread Starter
Joined
Jun 28, 2007
Messages
14
Well, my computer has been restarting by itself for no reason since today, though it doesn't happen in safemode. It was alright the last time I used the computer and I hadn't downloaded anything. I used hijackthis, ad-aware and spybot, but it seems the problem keeps coming back after I delete it.

I read this other webpage and they said to disable the "Automatically restart" option and then a blue screen will appear telling you what the problem is, so I did and my blue screen said "Bad_pool_caller" and then "stop: 0x000000C2 (0x00000007, 0x00000CD4, 0x000000B7, 0x82CCA150)"

Also when I was trying to fix this problem, another one happened, so now everytime I open Internet Explorer this "Windows Installer" pops up. It happens in safemode too, but it goes away quickly, but in normal mode, even after I press cancel another box will pop up and it freezes for a while, then it all goes away including the Internet Explorer page. There's also tons of spyware and other pop ups.

Here's my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 8:33:37 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Glor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O1 - Hosts: m
O1 - Hosts: 32/Adware.WinAd]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1040d9b7-6030-44a9-980d-f0b795daebfe} - C:\WINDOWS\system32\lcpgdb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [heart cool] C:\DOCUME~1\Glor\APPLIC~1\STUPID~1\UpPlatformDraw.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\awvvtrp.dll
O20 - Winlogon Notify: lcpgdb - C:\WINDOWS\SYSTEM32\lcpgdb.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - Unknown owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Glor\Application Data\tmp34.tmp.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Someone help me please 'cause the problem keeps getting bigger and I don't want to lose any documents!

Thank you so very, very much!
 

electricsparks

Thread Starter
Joined
Jun 28, 2007
Messages
14
StartupList report, 6/28/2007, 9:55:09 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Glor\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Glor\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Glor\Start Menu\Programs\Startup]
LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
SMSTray = C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

heart cool = C:\DOCUME~1\Glor\APPLIC~1\STUPID~1\UpPlatformDraw.exe
MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=c:\windows\system32\awvvtrp.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\scrnsave.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\system32\lcpgdb.dll - {1040d9b7-6030-44a9-980d-f0b795daebfe}
(no name) - C:\WINDOWS\system32\tmp50.tmp.dll - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

B112F9ED91696D15.job
FRU Task #Hewlett-Packard#hp psc 2170 series#1083787030.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38112.0219212963

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,962 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Here's the startup list if that helps any :S
 
Joined
Sep 21, 2005
Messages
459
OK if its starting in safe mode fine but not normal boot up iy must be a start up item. go into safe mode and click run then type in msconfig have a look in the startup tab and see what is there, thne disable them all. then re-boot in normal and the machine should boot. then do the same as above in normal. but this time add one item a t a time and reboot you will fine the one that is causing the problem long winded but wit should work.
 
Joined
Sep 7, 2004
Messages
49,014
You are grossly infected and I can bet that Limewire and any othe P2P programs are the source - I strongly suggest you remove them
=======================

You have no active AntiVirus!

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
========================
Download the HostsXpert 3.8 - Hosts File Manager.
  • Unzip HostsXpert - Hosts File Manager to a convenient folder such as C:\HostsXpert - Hosts File Manager
  • Run HostsXpert - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft’s Host File and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
====================
NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
=======================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 

electricsparks

Thread Starter
Joined
Jun 28, 2007
Messages
14
"Glor" - 2007-06-29 23:16:08 - ComboFix 07-06-30.3 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\drivers\runtime2.sy_
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\sl.bin


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\asc3550u
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


2007-06-29 19:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-29 18:59 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-28 15:11 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-27 20:31 134,917 --a------ C:\WINDOWS\gedcda.dll
2007-06-26 07:41 32,768 --a------ C:\WINDOWS\kyuhl.exe
2007-06-25 23:24 59,480 --a------ C:\WINDOWS\system32\tmp10.tmp.dll
2007-06-25 20:32 59,480 --a------ C:\WINDOWS\system32\tmp20.tmp.dll
2007-06-24 22:28 59,435 --a------ C:\WINDOWS\system32\tmp73.tmp.dll
2007-06-24 22:28 135,018 --a------ C:\WINDOWS\xxxyyw.dll
2007-06-24 18:39 59,435 --a------ C:\WINDOWS\system32\tmp4A.tmp.dll
2007-06-24 15:26 135,018 --a------ C:\WINDOWS\awttrs.dll
2007-06-23 22:57 134,837 --a------ C:\WINDOWS\tuvtrp.dll
2007-06-23 21:45 59,414 --a------ C:\WINDOWS\system32\tmp2F.tmp.dll
2007-06-23 21:38 19,968 --a------ C:\WINDOWS\mntma.exe
2007-06-23 15:51 134,837 --a------ C:\WINDOWS\nnkifc.dll
2007-06-23 14:22 134,837 --a------ C:\WINDOWS\sstspp.dll
2007-06-23 14:22 134,837 --a------ C:\WINDOWS\rqrstq.dll
2007-06-22 23:17 59,414 --a------ C:\WINDOWS\system32\tmp6B.tmp.dll
2007-06-22 22:51 134,837 --a------ C:\WINDOWS\khecyx.dll
2007-06-22 22:28 59,414 --a------ C:\WINDOWS\system32\tmp43.tmp.dll
2007-06-22 19:04 59,414 --a------ C:\WINDOWS\system32\tmp25.tmp.dll
2007-06-22 16:48 59,448 --a------ C:\WINDOWS\system32\tmp1F.tmp.dll
2007-06-22 14:24 59,435 --a------ C:\WINDOWS\system32\tmpE.tmp.dll
2007-06-21 22:39 59,457 --a------ C:\WINDOWS\system32\tmp50.tmp.dll
2007-06-21 20:51 59,419 --a------ C:\WINDOWS\system32\tmp49.tmp.dll
2007-06-21 15:32 59,457 --a------ C:\WINDOWS\system32\tmp19.tmp.dll
2007-06-20 22:41 46,336 --a------ C:\WINDOWS\system32\tmp22.tmp.dll
2007-06-20 20:13 19,968 --a------ C:\WINDOWS\vtuqo.exe
2007-06-19 21:56 46,336 --a------ C:\WINDOWS\system32\tmp27.tmp.dll
2007-06-18 22:13 46,336 --a------ C:\WINDOWS\system32\tmp18E.tmp.dll
2007-06-17 21:44 46,336 --a------ C:\WINDOWS\system32\tmp84.tmp.dll
2007-06-17 21:15 46,336 --a------ C:\WINDOWS\system32\tmp7A.tmp.dll
2007-06-17 20:48 46,336 --a------ C:\WINDOWS\system32\tmp75.tmp.dll
2007-06-17 20:03 46,336 --a------ C:\WINDOWS\system32\tmp67.tmp.dll
2007-06-17 19:12 46,336 --a------ C:\WINDOWS\system32\tmp60.tmp.dll
2007-06-17 18:02 46,336 --a------ C:\WINDOWS\system32\tmp59.tmp.dll
2007-06-17 16:28 46,336 --a------ C:\WINDOWS\system32\tmp54.tmp.dll
2007-06-16 22:30 46,336 --a------ C:\WINDOWS\system32\tmp42.tmp.dll
2007-06-16 21:25 46,336 --a------ C:\WINDOWS\system32\tmp30.tmp.dll
2007-06-16 16:46 46,336 --a------ C:\WINDOWS\system32\tmp14.tmp.dll
2007-06-15 22:53 46,336 --a------ C:\WINDOWS\system32\tmp24.tmp.dll
2007-06-15 14:51 46,336 --a------ C:\WINDOWS\system32\tmp63.tmp.dll
2007-06-13 23:12 46,336 --a------ C:\WINDOWS\system32\tmp1C.tmp.dll
2007-06-10 15:11 59,414 --a------ C:\WINDOWS\system32\tmp26.tmp.dll
2007-06-09 18:43 59,480 --a------ C:\WINDOWS\system32\tmp12.tmp.dll
2007-06-08 19:19 59,480 --a------ C:\WINDOWS\system32\tmp18.tmp.dll
2007-06-08 17:13 59,480 --a------ C:\WINDOWS\system32\tmp7.tmp.dll
2007-06-05 00:13 59,448 --a------ C:\WINDOWS\system32\tmp32.tmp.dll
2007-06-04 20:02 46,336 --a------ C:\WINDOWS\system32\tmp1B.tmp.dll
2007-06-04 17:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-03 17:47 <DIR> d-------- C:\Program Files\Mpeg2Decoder
2007-06-03 17:47 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2007-06-03 17:47 <DIR> d-------- C:\Program Files\DivX
2007-06-03 17:47 <DIR> d-------- C:\My Video
2007-06-03 17:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-06-03 14:13 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-06-03 13:52 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-06-03 13:31 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-06-02 23:07 8,126,464 --a------ C:\DOCUME~1\Glor\ntuser.dat
2007-06-02 22:04 59,419 --a------ C:\WINDOWS\system32\tmp5.tmp.dll
2007-06-02 22:04 46,336 --a------ C:\WINDOWS\system32\tmp6.tmp.dll
2007-05-31 21:03 46,336 --a------ C:\WINDOWS\system32\tmpB.tmp.dll
2007-05-30 22:16 46,336 --a------ C:\WINDOWS\system32\tmpC.tmp.dll
2007-05-30 21:55 46,336 --a------ C:\WINDOWS\system32\tmp9.tmp.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 02:14:34 -------- d-----w C:\Program Files\LimeWire
2007-06-30 02:14:34 -------- d-----w C:\Program Files\BitComet
2007-06-29 16:53:10 -------- d-----w C:\DOCUME~1\Glor\APPLIC~1\Stupid That
2007-06-29 02:40:45 -------- d-----w C:\DOCUME~1\Glor\APPLIC~1\LimeWire
2007-06-28 20:11:29 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-06-22 00:00:23 -------- d-----w C:\DOCUME~1\Glor\APPLIC~1\AdobeUM
2007-05-18 22:12:55 -------- d-----w C:\Program Files\Guitar Pro 5
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-02 03:40:23 56 --sh--r C:\WINDOWS\system32\BE79A56FCE.sys
2007-05-02 03:40:23 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 00:53:03 10 ----a-w C:\WINDOWS\smdat32m.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 00:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2004-08-13 18:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2006-02-14 21:05 1158656 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-01-17 17:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 12:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\awvvtrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Glor^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Glor\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\heart cool]
C:\DOCUME~1\Glor\APPLIC~1\STUPID~1\UpPlatformDraw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
"C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"FSMA"=2 (0x2)
"fshttps"=3 (0x3)
"FSDFWD"=3 (0x3)
"fsbwsys"=2 (0x2)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)


Contents of the 'Scheduled Tasks' folder
2007-06-30 06:00:00 C:\WINDOWS\tasks\B112F9ED91696D15.job
2007-06-27 19:58:00 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1083787030.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 23:23:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-29 23:24:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-29 23:24
C:\ComboFix2.txt ... 2007-06-29 19:09

--- E O F ---

Thank you so much for helping. This is the log file from the combofix program, but I can't download the avg and superantispyware without having the computer shut down on me. And I somehow can't download the programs in safemode so I need to download them in normal mode but then the computer shuts down on me.

And I did try the "msconfig" and disabling all the startups but the computer still shuts down?

well, thanks again for helping. I'll keep trying to download the other 2 programs.
 
Joined
Sep 7, 2004
Messages
49,014
Please Download NoLop to your desktop from

http://www.thespykiller.co.uk/index...be028538366e8b644d0e9fd&action=tpmod;dl=get16

First close any other programs you have running as this will require a reboot
· Double click NoLop.exe to run it
· Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
· When scanning is finished you will be prompted to reboot only if infected, Click OK
· Now click the "REBOOT" Button.
· A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
·
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder then rerun the program. -
====================


At worst case post a new hijack log
 

electricsparks

Thread Starter
Joined
Jun 28, 2007
Messages
14
NoLop! Log by Skate_Punk_21

Fix running from: C:\WINDOWS\system32
[7/3/2007]
[8:01:29 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\B112F9ED91696D15.job

Beginning Removal...
Rebooting...

okay, here's the "NoLop" log

Logfile of HijackThis v1.99.1
Scan saved at 8:06:49 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Glor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: NoLop[2].exe
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\awvvtrp.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - Unknown owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

and this is the hijackthis.

thanks so much!
 

electricsparks

Thread Starter
Joined
Jun 28, 2007
Messages
14
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2007 at 09:16 PM

Application Version : 3.9.1008

Core Rules Database Version : 3265
Trace Rules Database Version: 1276

Scan type : Complete Scan
Total Scan Time : 00:36:37

Memory items scanned : 328
Memory threats detected : 0
Registry items scanned : 5481
Registry threats detected : 0
File items scanned : 38728
File threats detected : 250

Adware.Tracking Cookie
C:\Documents and Settings\Glor\Cookies\[email protected][2].txt
C:\Documents and Settings\Glor\Cookies\[email protected][1].txt
C:\Documents and Settings\Glor\Cookies\[email protected][2].txt
C:\Documents and Settings\Glor\Cookies\[email protected][1].txt
C:\Documents and Settings\Glor\Cookies\[email protected][1].txt
C:\Documents and Settings\Glor\Cookies\[email protected][2].txt

Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166461.EXE

Rootkit.Dayoff
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\ASC3550U.SYS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0143948.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0144948.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0145947.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP461\A0147002.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP462\A0148002.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP463\A0148011.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP463\A0148061.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP465\A0149078.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP465\A0149126.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP465\A0150126.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP465\A0150139.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP465\A0151142.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP466\A0151152.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP466\A0151223.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0151229.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0151302.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0152302.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0153337.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0154353.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155356.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0156356.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0157365.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0158365.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0159366.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0160365.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0161365.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0162365.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0163365.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0164365.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0165365.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166478.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0167583.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0167685.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0168685.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0169685.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0170685.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0171687.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0172693.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0173693.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0174693.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0175693.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0176702.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0177705.SYS

Trojan.Duncan
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LCPGDB.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166477.DLL

Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP1.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP116.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP163.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP16F.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP172.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP173.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP176.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP185.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP18D.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP198.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP19D.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP1A2.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP1AA.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP1C0.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP1C4.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP23.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP2E.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP31.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMP3C.TMP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMPD.TMP.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140295.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140324.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141655.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141697.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP459\A0141930.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP459\A0141943.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146981.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146982.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146983.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146984.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146985.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166439.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166440.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166441.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166442.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166443.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166444.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166445.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166446.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166447.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166448.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166449.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166450.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166451.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166452.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166453.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166454.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166455.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166456.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166457.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP468\A0166459.DLL
C:\WINDOWS\SYSTEM32\TMP10.TMP.DLL
C:\WINDOWS\SYSTEM32\TMP12.TMP.DLL
C:\WINDOWS\SYSTEM32\TMP18.TMP.DLL
C:\WINDOWS\SYSTEM32\TMP20.TMP.DLL
C:\WINDOWS\SYSTEM32\TMP7.TMP.DLL

Trojan.Downloader-Gen/AllowCookie
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140271.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140283.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140285.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140289.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140296.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140304.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140329.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140333.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140336.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP450\A0140414.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP451\A0141399.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP451\A0141403.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP451\A0141406.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP452\A0141459.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141656.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141695.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP457\A0141814.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP457\A0141815.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP459\A0141940.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155362.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155368.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155372.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155374.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155378.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155388.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155392.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155396.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155401.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155405.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155409.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155410.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155414.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155418.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155422.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155425.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155426.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155427.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155428.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155430.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155432.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155434.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155436.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155439.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155441.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155443.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155445.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155446.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155448.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155450.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155451.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155453.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155456.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155459.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155461.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155464.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155470.EXE

Adware.eZula
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140282.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140288.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140293.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140303.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140335.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP450\A0140401.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP450\A0140405.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP450\A0140406.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP450\A0140413.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP450\A0140417.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP450\A0140420.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP451\A0141398.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP452\A0141458.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP452\A0141461.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141661.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141665.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141677.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141691.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP456\A0141693.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP457\A0141772.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP457\A0141816.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP459\A0141941.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP459\A0141942.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP466\A0151156.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0151235.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155369.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155370.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155385.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155391.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155400.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155421.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155423.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155429.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155431.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155435.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155437.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155438.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155440.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155442.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155444.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155447.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155449.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155454.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155455.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155457.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155458.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155460.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155462.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155463.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155465.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155466.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155467.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155468.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155469.EXE

Trojan.Net-K163
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP449\A0140342.SYS

Trojan.VXGame/32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0142954.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0143957.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0144956.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0144964.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0145956.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0145965.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0145966.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146979.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146988.EXE

Trojan.Downloader-Gen/WinPop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146949.EXE

Adware.Lop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146953.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0155472.EXE

Trojan.VXGame-Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146966.EXE

Trojan.Downloader-MSDCom32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146972.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146973.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146976.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146978.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP461\A0146999.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP463\A0148059.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP465\A0149125.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP466\A0151222.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP467\A0151301.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP469\A0167684.DLL

Dialer.Dial/Gen Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146975.EXE

Trojan.Rootkit-Windev/I
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP460\A0146993.SYS

Trojan.Downloader-SP2F/Resident
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00B3EC69-AEB5-4563-8720-C18458167453}\RP465\A0150137.DLL

Adware.Keyword/SEM
C:\WINDOWS\MSAGENT\ACTLDL.DLL

here's the log from the "Superantispyware" program

and here's the hijackthis log after everything so far. I've done everything you said except I still can't download AVG somehow.

Logfile of HijackThis v1.99.1
Scan saved at 9:48:20 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Glor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NoLop[2].exe
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\awvvtrp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - Unknown owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thank you SO much again.
And my computer doesn't seem to be turning off on me now, but it might sooner or later because between now and the last time I used it, I didn't really do anything special to it. So it should still be acting all strange and stuff, but then I don't know because I hadn't done anything special to it before it suddenly became infected. Also when I open something, the "windows installer" still pops up. Well, thanks again. I'll leave my computer on now and see what happens. Thanks so much!
 
Joined
Sep 7, 2004
Messages
49,014
Why can't you DL AVG??????????

============
If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes


Post a new hijack log
 

electricsparks

Thread Starter
Joined
Jun 28, 2007
Messages
14
VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 1:30:13 PM 7/4/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


the message said there were no files infected or something? but in the log that's all it said.
Thanks for helping. Do you have any idea what's up with the "windows installer" message? Oh and all my "temp" files got removed and some of my programs got deleted with them like msgplus and stuff, I mean the folder is completely empty and I was wondering if that has to do with a virus or the result of one of the programs I downloaded to fix my computer or did someone do it? But the program is still there in the "Program Files" folder just that it doesn't show up where it used to be. Cause my computer is now not restarting by itself so maybe the virus that was causing the computer to do that was located in the "temp" file? So is there still anything wrong with my computer? Can you help me with the "windows installer" pop up?

Here's the most recent hijackthis log. Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 1:37:51 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Glor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NoLop[2].exe
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\awvvtrp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - Unknown owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top