1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows security Alert - Possible trojan

Discussion in 'Virus & Other Malware Removal' started by AKShomeuser, Oct 13, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    Our Windows XP machine is getting pop ups which have the heading Windows Security Aleart and that we have a Trojan. The actual trojan differs each time last time it was Trojan-downloader.Win32.Agent.bz.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:42:17 PM, on 13/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Telstra\Toolbar\bpumTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ufabypap.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ap/imaging
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - (no file)
    O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Symantec\NSW2006\NAV\External\NORTON\APP\NavShExt.dll
    O3 - Toolbar: ninemsn Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [dbadm] C:\WINDOWS\system32\ufabypap.exe
    O4 - HKLM\..\Policies\Explorer\Run: [] 
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VPN Client.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ninemsn Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll/search.htm
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AE0D8D-7312-494E-8EAE-AC3D922C16EB}: Domain = vic.bigpond.net.au
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: karna.dat,avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: infocom - {5467DA96-4133-E0DC-906B-07838681BFB9} - C:\Program Files\fxahpj\infocom.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 15666 bytes

    Please help

    Thanks
     
  2. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Hello and welcome to Tech Support Guy.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

    I will be back as soon as possible with your first instructions!
     
  3. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1:Remove one of your Anti Virus programs.

    You are operating your computer with multiple Anti Virus programs running in memory at once:

    AVG 8

    Norton


    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove one of them.


    Step # 2: Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


    Step # 3: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Be sure to save ComboFix.exe to your Desktop

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleaning the system:

    Uninstall List
    C:\ComboFix.txt
    New HijackThis log.


    Use multiple posts if you can't fit everything into one post.
     
  4. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    3dsmax ancillary install
    ABBYY FineReader 5.0 Sprint Plus
    ABBYY FineReader 6.0
    Adobe After Effects 5.5
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Encore DVD FC
    Adobe ExtendScript Toolkit 1.0
    Adobe Flash Player ActiveX
    Adobe Help Center 2.0
    Adobe MPEG Encoder
    Adobe Premiere Pro FC
    Adobe Production Studio
    Adobe Reader 7.0
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Advanced RealMedia Export Plug-in for Premiere 6.0
    AndreaMosaic 3.16
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    ArcSoft PhotoImpression
    AudibleManager
    Autodesk 3ds Max 9 32-bit
    Autodesk DWF Viewer 7
    Avery Wizard 2.5
    AVG Free 8.0
    Backburner
    Battlefield 2142
    Battlefield 2142 Server
    Believe in Santa (remove only)
    BFX for Adobe Premiere 6.x
    BigPond Broadband ADSL FAQ
    BigPond Toolbar
    Bonjour
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DS for ZoomBrowser EX
    Canon Camera Window MC 5 for ZoomBrowser EX
    Canon Digital Camera USB WIA Driver
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 1.0
    Canon MP610 series
    Canon My Printer
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities PhotoStitch 3.1
    Canon Utilities Solution Menu
    Canon ZoomBrowser EX
    CCleaner (remove only)
    C-Dilla Licence Management System
    CD-LabelPrint
    Cisco Systems VPN Client 5.0.02.0090
    Compaq Connections
    Creature Creator 1.5
    Cycore FX 1.0.1 for After Effects
    Dear Jane
    Digital Element Aurora, Sky Demo
    DivX Codec
    DivX Content Uploader
    DivX Player
    DivX Web Player
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0
    EA Download Manager
    Easy Internet Sign-up
    Empire Earth
    EphPod
    EQ5
    EQ5 Embroidery
    ESCX5300 Reference Guide
    ESCX5300 Software Guide
    e-tax 2004
    e-tax 2005
    e-tax 2006
    e-tax 2006 - CGT Module
    e-tax 2007
    e-tax 2008
    FBX Converter 2006.08
    FBX Plugin 2006.08 for Max 9.0
    FL Studio 4.5
    Freeware PDF Unlocker
    GameSpy Arcade
    GLOBEtrotter FLEXid Drivers
    Google Earth
    HijackThis 2.0.2
    Hollywood FX 2.05c Update
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB929120)
    Hotfix for Windows XP (KB952287)
    HP Deskjet Preloaded Printer Drivers
    HP Image Zone 3.5
    HP Photo & Imaging 3.5 - HP Devices
    HP PSC & OfficeJet 3.0
    HP Software Update
    ICQ Toolbar
    ICQ6
    intelliScore Polyphonic Demo
    InterActual Player
    InterVideo WinDVD Creator 2
    InterVideo WinDVD Player
    iPod for Windows 2006-06-28
    iPod for Windows User Guide
    iPod System Software Updater 2.0.1
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_03
    Java DB 10.3.1.4
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 7
    KBD
    Keylight 1.1v1 for After Effects 7.0
    LiveUpdate 3.0 (Symantec Corporation)
    LiveUpdate BVRP Software
    LiveUpdate Notice (Symantec Corporation)
    Macromedia Director MX 2004
    Macromedia Dreamweaver MX 2004
    Macromedia Extension Manager
    Macromedia Flash MX 2004
    Malwarebytes' Anti-Malware
    Maya 6.5
    Maya Shader Library for Maya
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Data Access Components KB870669
    Microsoft Encarta Encyclopedia Standard - WE 2004
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money
    Microsoft Money System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft Picture It! Photo Standard 9
    Microsoft Visio Professional 2002 SR-1 [English]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    mobile PhoneTools
    MonkeyJam 3_050529
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 Parser and SDK
    Multimedia Card Reader
    Music Manager
    MUSICMATCH iPod Plug-in
    MUSICMATCH® Jukebox
    MYOB Premier v10
    MYOB Premier v9
    ninemsn Search Toolbar
    NVIDIA Display Driver
    NVIDIA Drivers
    NVIDIA Ethernet Driver
    NVIDIA GART Driver
    Okino Plug-ins Installer
    PAN Fire 2.0
    Panopticum Rulers 1.0 for Adobe After Effects
    particleIllusion 3.0 Demo
    particleIllusion SE
    Photosmart 140,240,7200,7600,7700,7900 Series
    PIXMA Extended Survey Program
    PolyTrans
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QuickTime
    RealArcade
    RealPlayer
    RecordNow!
    Sandlot Games Client Services
    ScanSoft OmniPage SE 4
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Sentinel System Driver
    Shareaza version 2.2.5.0
    Shockwave
    Skype 2.0
    Snes9x
    Sonic Update Manager
    Spybot - Search & Destroy
    Steam(TM)
    SUPERAntiSpyware Free Edition
    Symantec KB-DocID:2003093015493306
    TC Native Essentials 2.02
    TeamSpeak 2 RC2
    The Sims 2
    Tinderbox 2 for After Effects
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Visual Install Pack
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 9 Hotfix [See KB885492 for more information]
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884020
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885626
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinRAR archiver
    WinZip
    WriteAway Design Creator Software
    ZIP PASSWORD FINDER
     
  5. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    ComboFix 08-10-12.01 - Owner 2008-10-14 20:15:19.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.494 [GMT 11:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\All Users\Application Data\1pdfdec.dll
    C:\Documents and Settings\Owner\Application Data\inst.exe
    C:\Program Files\Need2Find
    C:\Program Files\Need2Find\bar\History\search
    C:\Program Files\winupdate
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system32\bszip.dll
    D:\Autorun.inf
    .
    ((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
    .
    2008-10-13 19:34 . 2008-10-13 19:37 <DIR> d-------- C:\Documents and Settings\Kirsty.ANDREW\Application Data\AVGTOOLBAR
    2008-10-11 18:35 . 2008-10-11 18:35 158 --a------ C:\WINDOWS\wininit.ini
    2008-10-11 17:35 . 2008-10-14 18:47 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-10-11 16:48 . 2008-10-11 16:48 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-10-11 16:47 . 2008-10-14 18:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-10-11 16:47 . 2008-10-11 16:47 <DIR> d-------- C:\Program Files\AVG
    2008-10-11 16:47 . 2008-10-11 17:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
    2008-10-11 16:47 . 2008-10-14 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-10-11 16:47 . 2008-10-11 16:47 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-10-11 16:17 . 2008-10-11 16:17 <DIR> d-------- C:\Documents and Settings\Kirsty.ANDREW\Application Data\SUPERAntiSpyware.com
    2008-10-11 16:14 . 2008-10-11 16:14 <DIR> d-------- C:\Documents and Settings\Kirsty.ANDREW\Application Data\Malwarebytes
    2008-10-11 15:38 . 2008-10-11 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-11 15:17 . 2008-10-11 15:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 15:17 . 2008-10-11 15:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-10-11 15:17 . 2008-10-11 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 15:17 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-11 15:17 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-11 15:14 . 2008-10-11 15:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-11 15:14 . 2008-10-13 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-11 15:01 . 2008-10-11 16:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-10-11 15:01 . 2008-10-11 15:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2008-10-11 14:36 . 2008-10-11 14:36 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-11 13:36 . 2008-10-11 13:36 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-10-11 12:17 . 2008-10-11 12:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-10-11 12:17 . 2008-10-11 12:17 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2008-10-11 11:05 . 2008-10-11 11:05 <DIR> d-------- C:\Program Files\fxahpj
    2008-10-11 11:05 . 2008-10-11 11:05 77,824 --a------ C:\WINDOWS\system32\ufabypap.exe
    2008-10-04 15:37 . 2008-10-12 23:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SQL Developer
    2008-10-04 15:34 . 2008-10-04 15:34 <DIR> d-------- C:\Program Files\Sun
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 08:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-14 08:21 --------- d-----w C:\Program Files\Symantec
    2008-10-14 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-14 08:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
    2008-10-14 07:59 --------- d-----w C:\Documents and Settings\Kirsty.ANDREW\Application Data\Symantec
    2008-10-13 08:29 --------- d-----w C:\Program Files\MSN Games
    2008-10-13 08:07 --------- d-----w C:\Program Files\EPSON
    2008-10-13 08:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-13 08:03 --------- d-----w C:\Program Files\Smart Panel
    2008-10-12 07:07 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-10-12 06:54 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
    2008-10-11 06:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 04:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 02:29 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2008-10-04 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2008-10-04 04:34 --------- d-----w C:\Program Files\Java
    2008-09-24 05:28 34,846 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2008-08-28 23:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\DBDesigner4
    2008-08-19 11:59 --------- d-----w C:\Program Files\Freeware PDF Unlocker
    2008-08-19 11:35 --------- d-----w C:\Program Files\PDFKey Pro
    2008-08-17 11:59 166,664 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-06-21 09:13 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
    2006-04-05 02:45 1,687 ----a-w C:\Documents and Settings\Owner\order_opt3.bin
    2006-01-24 12:35 862 ----a-w C:\Documents and Settings\Kirsty.ANDREW\Application Data\wklnhst.dat
    2005-11-07 07:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2005-09-23 06:17 82,520 ----a-w C:\Documents and Settings\Kirsty.ANDREW\Application Data\GDIPFONTCACHEV1.DAT
    2005-09-07 12:13 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2004-08-02 12:28 3,132,944 ----a-w C:\Documents and Settings\Kirsty\icq4_setup.exe
    2004-07-19 10:20 4,667,057 ----a-w C:\Documents and Settings\Kirsty\etax2004_1.exe
    2005-01-26 00:34 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-02-04 159744]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "dbadm"="C:\WINDOWS\system32\ufabypap.exe" [2008-10-11 77824]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-09-25 59392]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-09-25 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-09-25 455168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 483328]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 221184]
    "PS2"="C:\hp\drivers\keyboard\PS2.EXE" [2003-09-13 98304]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 114688]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 163840]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]
    "PrnSys Executable"="C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe" [2003-09-16 36864]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-12-10 53248]
    "BigPond Toolbar"="C:\Program Files\Telstra\Toolbar\bpumTray.exe" [2005-12-01 327680]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-29 180269]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
    "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-11 1234712]
    "nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-07-03 6144]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-08-19 118784]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "infocom"= {5467DA96-4133-E0DC-906B-07838681BFB9} - C:\Program Files\fxahpj\infocom.dll [2008-10-11 98304]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "Appinit_dlls"=karna.dat,avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-11 97928]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-11 231704]
    R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
    R2 maya65docserver;Maya 6.5 Documentation Server;C:\Program Files\Alias\Maya6.5\docs\wrapper.exe [2004-07-16 126976]
    S3 asbp2poa;asbp2poa;C:\DOCUME~1\Owner\LOCALS~1\Temp\asbp2poa.sys [ ]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ea52a3c-0f95-11d9-bc97-000ea6b13554}]
    \Shell\AutoRun\command - K:\pv6mxu.bat
    \Shell\explore\Command - K:\pv6mxu.bat
    \Shell\open\Command - K:\pv6mxu.bat
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d24d9ed0-6181-11dc-81ca-000ea6b13554}]
    \Shell\AutoRun\command - M:\ps.bat
    \Shell\explore\Command - M:\ps.bat
    \Shell\open\Command - M:\ps.bat
    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-RecordNow! - (no file)
    HKCU-Run-Steam - (no file)
    HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com
    R0 -: HKCU-Main,Default_Search_URL =
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    R0 -: HKLM-Main,Start Page = hxxp://www.google.com
    R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.hp.com/ap/imaging
    R1 -: HKCU-Internet Settings,ProxyOverride = localhost;*.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    O8 -: &ninemsn Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll/search.htm
    O8 -: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 20:17:49
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2008-10-14 20:22:33
    ComboFix-quarantined-files.txt 2008-10-14 09:21:30
    Pre-Run: 26,728,501,248 bytes free
    Post-Run: 26,737,262,592 bytes free
    206 --- E O F --- 2008-10-11 02:36:47
     
  6. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:25:17 PM, on 14/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\ufabypap.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ap/imaging
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - (no file)
    O3 - Toolbar: ninemsn Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [dbadm] C:\WINDOWS\system32\ufabypap.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VPN Client.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ninemsn Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll/search.htm
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AE0D8D-7312-494E-8EAE-AC3D922C16EB}: Domain = vic.bigpond.net.au
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: karna.dat,avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: infocom - {5467DA96-4133-E0DC-906B-07838681BFB9} - C:\Program Files\fxahpj\infocom.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 12099 bytes
     
  7. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    Shareaza version 2.2.5.0

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Also available here.

    My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



    Step # 1: Add/Remove Programs

    You have some Symantec/Norton remnants that need to be removed.

    Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    LiveUpdate 3.0 (Symantec Corporation)

    LiveUpdate Notice (Symantec Corporation)

    Symantec KB-DocID:2003093015493306


    Reboot your Computer.


    Step # 2: Download and Run Flash_Disinfector

    Download Flash_Disinfector from here and save it to your desktop.
    Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
    Wait until it has finished scanning and then exit the program.
    The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
    Please do so and allow the utility to clean up those drives as well.


    Step # 3: Run CFScript

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      KILLALL::
      
      File::
      
      C:\WINDOWS\system32\ufabypap.exe
      C:\WINDOWS\system32\karna.dat
      C:\DOCUME~1\Owner\LOCALS~1\Temp\asbp2poa.sys
      K:\pv6mxu.bat
      M:\ps.bat
      
      Folder::
      
      C:\Program Files\fxahpj
      C:\Program Files\Common Files\Symantec Shared
      C:\Program Files\Symantec
      C:\Documents and Settings\All Users\Application Data\Symantec
      C:\Documents and Settings\Owner\Application Data\Symantec
      C:\Documents and Settings\Kirsty.ANDREW\Application Data\Symantec
      
      Registry::
      
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "dbadm"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Symantec PIF AlertEng"=-
      "AlcxMonitor"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
      "infocom"=-
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "Appinit_dlls"="avgrsstx.dll"
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{7ea52a3c-0f95-11d9-bc97-000ea6b13554}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{d24d9ed0-6181-11dc-81ca-000ea6b13554}]
      
      Driver::
      
      asbp2poa
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




      [​IMG]


      Note: This CFScript is for use on AKShomeuser's computer only! Do not use it on your computer.

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    In your next post/reply, I need to see the following:

    1. The ComboFix Log that appears after Step 3 has been completed.
    2. A fresh HiJackThis Log taken after Step 3 has been completed.
     
  8. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    ComboFix 08-10-14.07 - Owner 2008-10-15 12:12:17.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.521 [GMT 11:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
    * Created a new restore point
    FILE ::
    C:\DOCUME~1\Owner\LOCALS~1\Temp\asbp2poa.sys
    C:\WINDOWS\system32\karna.dat
    C:\WINDOWS\system32\ufabypap.exe
    K:\pv6mxu.bat
    M:\ps.bat
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\All Users\Application Data\Symantec
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Confdntl.log
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Content.log
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Privacy.log
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Restrict.log
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Spam.log
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\WebHist.log
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\readme.txt
    C:\Documents and Settings\Kirsty.ANDREW\Application Data\Symantec
    C:\Documents and Settings\Kirsty.ANDREW\Application Data\Symantec\Shared\MyProfile.UserProfile
    C:\Documents and Settings\Kirsty.ANDREW\Application Data\Symantec\Shared\Options.VcPref
    C:\Documents and Settings\Owner\Application Data\Symantec
    C:\Documents and Settings\Owner\Application Data\Symantec\Shared\MyProfile.UserProfile
    C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Options.VcPref
    C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Sessions\20040508074557875.liveReg
    C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Sessions\20040519112056406.liveReg
    C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Sessions\20040823110704218.liveReg
    C:\Program Files\Common Files\Symantec Shared
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
    C:\Program Files\Common Files\Symantec Shared\Default.rul
    C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSCoLU.exe
    C:\Program Files\Common Files\Symantec Shared\IDSDefs\IDSLU.exe
    C:\Program Files\Common Files\Symantec Shared\SNDInst.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\fxahpj
    C:\Program Files\fxahpj\infocom.dll
    C:\WINDOWS\system32\ufabypap.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_ASBP2POA
    -------\Service_asbp2poa

    ((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
    .
    2008-10-15 12:07 . 2008-10-15 12:07 <DIR> d--hs---- C:\Documents and Settings\Owner\UserData
    2008-10-13 19:34 . 2008-10-13 19:37 <DIR> d-------- C:\Documents and Settings\Kirsty.ANDREW\Application Data\AVGTOOLBAR
    2008-10-11 18:35 . 2008-10-11 18:35 158 --a------ C:\WINDOWS\wininit.ini
    2008-10-11 17:35 . 2008-10-14 18:47 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-10-11 16:48 . 2008-10-11 16:48 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-10-11 16:47 . 2008-10-15 11:32 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-10-11 16:47 . 2008-10-11 16:47 <DIR> d-------- C:\Program Files\AVG
    2008-10-11 16:47 . 2008-10-11 17:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
    2008-10-11 16:47 . 2008-10-14 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-10-11 16:47 . 2008-10-11 16:47 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-10-11 16:17 . 2008-10-11 16:17 <DIR> d-------- C:\Documents and Settings\Kirsty.ANDREW\Application Data\SUPERAntiSpyware.com
    2008-10-11 16:14 . 2008-10-11 16:14 <DIR> d-------- C:\Documents and Settings\Kirsty.ANDREW\Application Data\Malwarebytes
    2008-10-11 15:38 . 2008-10-11 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-11 15:17 . 2008-10-11 15:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 15:17 . 2008-10-11 15:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-10-11 15:17 . 2008-10-11 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 15:17 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-11 15:17 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-11 15:14 . 2008-10-11 15:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-11 15:14 . 2008-10-13 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-11 15:01 . 2008-10-11 16:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-10-11 15:01 . 2008-10-11 15:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2008-10-11 14:36 . 2008-10-11 14:36 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-11 13:36 . 2008-10-11 13:36 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-10-11 12:17 . 2008-10-11 12:17 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-10-11 12:17 . 2008-10-11 12:17 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2008-10-04 15:37 . 2008-10-12 23:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SQL Developer
    2008-10-04 15:34 . 2008-10-04 15:34 <DIR> d-------- C:\Program Files\Sun
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-15 00:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\Shareaza
    2008-10-13 08:29 --------- d-----w C:\Program Files\MSN Games
    2008-10-13 08:07 --------- d-----w C:\Program Files\EPSON
    2008-10-13 08:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-13 08:03 --------- d-----w C:\Program Files\Smart Panel
    2008-10-12 07:07 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-10-12 06:54 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
    2008-10-11 06:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 04:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 02:29 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2008-10-04 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2008-10-04 04:34 --------- d-----w C:\Program Files\Java
    2008-09-24 05:28 34,846 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2008-08-28 23:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\DBDesigner4
    2008-08-19 11:59 --------- d-----w C:\Program Files\Freeware PDF Unlocker
    2008-08-19 11:35 --------- d-----w C:\Program Files\PDFKey Pro
    2008-08-17 11:59 166,664 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    2008-06-21 09:13 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
    2006-04-05 02:45 1,687 ----a-w C:\Documents and Settings\Owner\order_opt3.bin
    2006-01-24 12:35 862 ----a-w C:\Documents and Settings\Kirsty.ANDREW\Application Data\wklnhst.dat
    2005-11-07 07:37 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2005-09-23 06:17 82,520 ----a-w C:\Documents and Settings\Kirsty.ANDREW\Application Data\GDIPFONTCACHEV1.DAT
    2005-09-07 12:13 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2004-08-02 12:28 3,132,944 ----a-w C:\Documents and Settings\Kirsty\icq4_setup.exe
    2004-07-19 10:20 4,667,057 ----a-w C:\Documents and Settings\Kirsty\etax2004_1.exe
    2005-01-26 00:34 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    ((((((((((((((((((((((((((((( [email protected]_20.21.07.96 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 09:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
    - 2008-10-11 00:12:46 64,200 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-10-15 00:34:18 64,200 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-10-11 00:12:46 407,670 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-10-15 00:34:18 407,670 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-02-04 159744]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-09-25 59392]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-09-25 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-09-25 455168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 483328]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 221184]
    "PS2"="C:\hp\drivers\keyboard\PS2.EXE" [2003-09-13 98304]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 114688]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 163840]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]
    "PrnSys Executable"="C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe" [2003-09-16 36864]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-12-10 53248]
    "BigPond Toolbar"="C:\Program Files\Telstra\Toolbar\bpumTray.exe" [2005-12-01 327680]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-29 180269]
    "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-11 1234712]
    "nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-07-03 6144]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-08-19 118784]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "Appinit_dlls"=avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "SENTINEL"= snti386.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-11 97928]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-11 231704]
    R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
    R2 maya65docserver;Maya 6.5 Documentation Server;C:\Program Files\Alias\Maya6.5\docs\wrapper.exe [2004-07-16 126976]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ea52a3c-0f95-11d9-bc97-000ea6b13554}]
    \Shell\AutoRun\command - K:\pv6mxu.bat
    \Shell\explore\Command - K:\pv6mxu.bat
    \Shell\open\Command - K:\pv6mxu.bat
    .
    - - - - ORPHANS REMOVED - - - -
    SSODL-infocom-{5467DA96-4133-E0DC-906B-07838681BFB9} - C:\Program Files\fxahpj\infocom.dll

    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-15 12:25:59
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\drivers\CDANTSRV.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-15 12:41:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-15 01:41:04
    ComboFix2.txt 2008-10-14 09:22:35
    Pre-Run: 26,994,941,952 bytes free
    Post-Run: 26,857,246,720 bytes free
    234 --- E O F --- 2008-10-11 02:36:47
     
  9. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:43:57 PM, on 15/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Telstra\Toolbar\bpumTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ap/imaging
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - (no file)
    O3 - Toolbar: ninemsn Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VPN Client.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ninemsn Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll/search.htm
    O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AE0D8D-7312-494E-8EAE-AC3D922C16EB}: Domain = vic.bigpond.net.au
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    --
    End of file - 11556 bytes
     
  10. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1 Remove old versions of Java

    While you have the latest version of Java installed, older Java versions have vulnerabilities and need to be removed.

    Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    Java 2 Runtime Environment, SE v1.4.2_03

    Java(TM) 6 Update 3


    Reboot your Computer.


    Step # 2 Run CCleaner

    CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

    • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
    • Then select the items you wish to clean up.
    • In the Windows Tab:
    • Clean all entries in the Internet Explorer section except Cookies
    • Clean all the entries in the Windows Explorer section
    • Clean all entries in the System section
    • Clean all entries in the Advanced section
    • Clean any others that you choose
    • In the Applications Tab:
    • Clean all except cookies in the Firefox/Mozilla section if you use it
    • Clean all in the Opera section if you use it
    • Clean Sun Java in the Internet Section
    • Clean any others that you choose
    • Click the Run Cleaner button.
    • A pop up box will appear advising this process will permanently delete files from your system.
    • Click OK and it will scan and clean your system.
    • Click exit when done.
    • If it asks you to reboot at the end, click NO


    Step # 3: Remove Hijackthis Entries

    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):


      O3 - Toolbar: (no name) - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - (no file)

      O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)


    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.



    Step # 4: Delete services

    Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the code box into Notepad:

    Code:
    sc stop SNDSrvc
    sc delete SNDSrvc
    sc stop Symantec Core LC
    sc delete Symantec Core LC
    Click on File > Save As....

    In the File Name box, copy and paste in fix.bat
    In the Save as type box, select All Files from the drop-down list.

    Click Save and save it to your Desktop.

    Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.


    Step # 5 Run Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware.
    • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
    • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • You can also access the log by doing the following:
    • Click on the Malwarebytes' Anti-Malware icon to launch the program.
    • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open.

    In your next post/reply, I need to see the following:

    1. MalwareBytes' Log
    2. A fresh HiJackThis Log
     
  11. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    The Malwarebytes's scan has come back clean, does that mean that we are okay now. We have not had any window security alert screens pop up for a while now. If this has fixed it thanks so very very much, we really didn't want to have to reformat the hard drive to fix this issue

    Malwarebytes's log as requested

    Malwarebytes' Anti-Malware 1.28
    Database version: 1271
    Windows 5.1.2600 Service Pack 2
    15/10/2008 9:01:49 PM
    mbam-log-2008-10-15 (21-01-49).txt
    Scan type: Quick Scan
    Objects scanned: 61926
    Time elapsed: 6 minute(s), 12 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    Hijack This log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:02:21 PM, on 15/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Telstra\Toolbar\bpumTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ap/imaging
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: ninemsn Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VPN Client.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ninemsn Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AE0D8D-7312-494E-8EAE-AC3D922C16EB}: Domain = vic.bigpond.net.au
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    --
    End of file - 11245 bytes
     
  12. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Great to hear that you are no longer getting those security alert pop-ups. :) But before I declare you clean, I want you to do an online scan to make sure nothing else malicious is hiding on your computer.

    Step # 1 Update Adobe Acrobat Reader

    There is a newer version of Adobe Acrobat Reader available. (See Note below)

    • First, go to Add/Remove Programs and uninstall all previous versions.
    • Please go to this link Adobe Acrobat Reader Download Link
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts

    Note: Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 2.3 instead from http://www.foxitsoftware.com/pdf/rd_intro.php


    Step # 2: Run Kaspersky Online Scan

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.

    In your next post/reply, I need to see the following:

    1. Kaspersky Log
    2. A fresh HiJackThis Log
     
  13. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Thursday, October 16, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Thursday, October 16, 2008 03:31:11
    Records in database: 1315135
    --------------------------------------------------------------------------------
    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes
    Scan area - My Computer:
    C:\
    D:\
    E:\
    Scan statistics:
    Files scanned: 201793
    Threat name: 40
    Infected objects: 678
    Suspicious objects: 13
    Duration of the scan: 03:58:01

    File name / Threat name / Threats count
    C:\Documents and Settings\Owner\Desktop\aex\After Effects Plugins.rar Infected: Trojan-Dropper.Win32.Agent.urw 1
    C:\Documents and Settings\Owner\Desktop\Kirsty desktop items\fbx200608_converter_win_enu.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.vz 1
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Worm.Win32.AutoRun.ngp 1
    C:\downloads\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
    C:\downloads\BSINSTALL.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
    C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00C37995.zip.vir Infected: Trojan.Java.ClassLoader.c 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00C37995.zip.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00C37995.zip.vir Infected: Trojan.Java.ClassLoader.Dummy.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00C37995.zip.vir Infected: Trojan-Downloader.Java.OpenConnection.v 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\025525DB.zip.vir Infected: Trojan.Java.ClassLoader.c 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\025525DB.zip.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\025525DB.zip.vir Infected: Trojan.Java.ClassLoader.Dummy.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\025525DB.zip.vir Infected: Trojan-Downloader.Java.OpenConnection.v 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07271621.tlb.vir Infected: Trojan-Downloader.Win32.Zlob.jp 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B2A1608.vir Infected: not-a-virus:AdWare.Win32.WinAD.aw 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14581EE1.exe.vir Infected: P2P-Worm.Win32.Alcan.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\170A1D44.exe.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\170A1D44.txt.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B037A79.zip.vir Infected: Exploit.Java.ByteVerify 2
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B037A79.zip.vir Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22215F38.exe.vir Infected: Hoax.Win32.Renos.aw 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\336B36E6.php.vir Infected: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3384107A.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33883A77.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37CA04E5.vir Infected: Email-Worm.Win32.Bagle.at 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37EE52BD.vir Infected: Email-Worm.Win32.Bagle.at 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38122095.vir Infected: Email-Worm.Win32.Bagle.at 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38324472.vir Infected: Email-Worm.Win32.Bagle.at 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\384C1455.vir Infected: Email-Worm.Win32.Bagle.at 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\386D3831.vir Infected: Email-Worm.Win32.Bagle.at 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38812D14.class.vir Infected: Trojan.Java.ClassLoader.d 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389E2DFB.vir Infected: Email-Worm.Win32.Bagle.at 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38BF51D7.vir Infected: Email-Worm.Win32.Bagle.at 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38D35F50.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A27592D.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A2A032A.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B1A0E97.exe.vir Infected: Backdoor.Win32.Rbot.rc 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D852579.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D884F75.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FEE24D2.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FEE24D2.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4077283C.vir Infected: Worm.Win32.VB.an 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\407A5238.vir Infected: Trojan.Win32.Crypt.e 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40B21BFB.vir Infected: Trojan.Win32.Crypt.e 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41765322.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41797D1F.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41EA5FE4.zip.vir Infected: Exploit.Java.ByteVerify 2
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41EA5FE4.zip.vir Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\449C55AB.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44A07FA7.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4538720B.zip.vir Infected: Trojan.Java.ClassLoader.c 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4538720B.zip.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4538720B.zip.vir Infected: Trojan.Java.ClassLoader.Dummy.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4538720B.zip.vir Infected: Trojan-Downloader.Java.OpenConnection.v 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45556BEB.zip.vir Infected: Trojan.Java.ClassLoader.c 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45556BEB.zip.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45556BEB.zip.vir Infected: Trojan.Java.ClassLoader.Dummy.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45556BEB.zip.vir Infected: Trojan-Downloader.Java.OpenConnection.v 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\458170B1.vir Infected: Trojan.Win32.Crypt.e 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\458744A9.vir Infected: Trojan.Win32.Crypt.e 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45FD0C27.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46003623.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\472121D9.txt.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AC936DF.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AC936DF.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B0D2894.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B147C8D.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B6C7F39.vir Infected: not-a-virus:AdWare.Win32.MySearch.e 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E250BA4.exe.vir Infected: Trojan.Win32.LowZones.df 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E2730C8.vir Infected: Email-Worm.Win32.NetSky.aa 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F1728EE.exe.vir Infected: P2P-Worm.Win32.Alcan.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F5149DC.class.vir Infected: Trojan.Java.ClassLoader.k 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52F75CA0.exe.vir Infected: P2P-Worm.Win32.Alcan.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\584A5CC1.exe.vir Infected: Trojan-Downloader.Win32.Zlob.jp 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD32BC1.class.vir Infected: Trojan.Java.ClassLoader.b 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD32BC1.zip.vir Infected: Trojan.Java.ClassLoader.b 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD32BC1.zip.vir Infected: Trojan.Java.ClassLoader.Dummy.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD32BC1.zip.vir Infected: Trojan.Java.ClassLoader.u 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BDA7FBA.class.vir Infected: Trojan.Java.ClassLoader.Dummy.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BE053B3.class.vir Infected: Trojan.Java.ClassLoader.u 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60D96C5A.vir Infected: Email-Worm.Win32.NetSky.aa 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\641F1121.exe.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64233B1D.exe.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64233B1D.txt.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64266519.exe.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64266519.txt.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64290F16.exe.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64290F16.txt.vir Infected: Trojan-Downloader.Win32.Tiny.al 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BD31E85.vir Infected: Trojan.Win32.Crypt.e 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CB27E6A.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CCF784A.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CD64C42.class.vir Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CD9763F.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DA216BB.htm.vir Infected: Trojan.Win32.Harnig.a 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F16738B.vir Infected: Trojan-Downloader.JS.Small.ag 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F371767.vir Infected: Trojan.Win32.Dialer.ak 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72354EA8.vir Infected: Email-Worm.Win32.NetSky.aa 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\752D68B0.dll.vir Infected: not-a-virus:AdWare.Win32.WurldMedia.c 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75343CA9.tmp.vir Infected: Trojan-Downloader.Win32.Zlob.jl 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75513688.exe.vir Infected: Trojan-Downloader.Win32.Zlob.is 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77254335.vir Infected: Email-Worm.Win32.NetSky.aa 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\794E79AF.vir Infected: Backdoor.Win32.Rbot.rc 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A8B29B4.class.vir Infected: Trojan.Java.ClassLoader.i 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CAF62EC.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CE62CAE.htm.vir Suspicious: Exploit.HTML.Mht 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CF77E9D.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CFA2899.class.vir Infected: Trojan.Java.ClassLoader.h 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CFD5295.class.vir Infected: Trojan.Java.ClassLoader.d 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D007C92.class.vir Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D04268E.class.vir Infected: Exploit.Java.ByteVerify 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F634319.php.vir Infected: Trojan-Downloader.JS.Small.d 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F8710F2.class.vir Infected: Trojan.Java.ClassLoader.h 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ufabypap.exe.vir Infected: Trojan.Win32.Obfuscated.gx 1
    C:\Qoobox\Quarantine\D\Autorun.inf.vir Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208394.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208402.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208410.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208418.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208452.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208460.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208468.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208476.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208484.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208492.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208500.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208508.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208516.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208524.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208532.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208540.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208548.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208556.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208565.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208574.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208578.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208586.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208594.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208602.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208610.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208618.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208626.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208634.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208642.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208650.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208658.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208666.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208674.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208680.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208688.inf Infected: Worm.Win32.AutoRun.qmp 1
     
  14. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208696.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208704.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208712.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208720.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208728.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208736.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208744.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208751.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208758.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208766.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208774.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208782.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208790.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208798.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208806.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208814.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208824.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208830.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208834.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208842.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208850.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208858.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208866.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208874.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208882.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208890.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208898.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208906.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208913.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208922.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208932.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208939.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208947.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208956.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208964.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208972.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208980.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208988.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0208996.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209004.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209012.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209020.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209028.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209036.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209044.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209052.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209060.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209069.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209077.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209085.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209093.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209101.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209109.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209117.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209125.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209160.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209168.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209175.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209182.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209191.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209198.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209202.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209209.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209217.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209225.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209233.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209241.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209249.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209258.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209268.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209277.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209286.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209324.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209331.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209339.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP763\A0209347.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0213162.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210308.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210314.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210322.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210329.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210337.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210360.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210366.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210374.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210381.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210389.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210396.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210418.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210426.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210434.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210442.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210451.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0210458.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0211488.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0211491.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0211499.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0211506.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0211514.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0212493.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0212500.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0212591.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0212767.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0212845.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0212853.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0213436.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0213857.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0213974.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0213982.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0213992.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214001.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214008.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214017.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214025.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214033.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214040.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214047.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214052.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214059.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214066.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214070.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214074.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214079.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214089.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214097.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214105.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214112.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214121.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214129.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214136.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214144.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214153.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214161.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214169.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214177.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214185.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214193.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214201.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214209.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214217.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214225.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214232.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214241.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214248.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214256.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214265.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214272.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214280.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214289.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214296.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214305.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214311.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214320.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214328.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214336.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214343.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214351.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP764\A0214360.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214371.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214379.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214387.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214395.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214401.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214410.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214418.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214425.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214430.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214438.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214447.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214457.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214463.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0214653.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215285.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215289.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215293.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215297.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215301.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215305.inf Infected: Worm.Win32.AutoRun.qmp 1
     
  15. AKShomeuser

    AKShomeuser Thread Starter

    Joined:
    Oct 13, 2008
    Messages:
    14
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215309.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215313.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215317.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215321.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215325.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215329.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215333.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215337.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215341.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215345.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215349.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215353.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215357.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215361.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215365.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215369.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215373.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215377.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215381.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215385.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215389.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215393.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215397.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215401.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215405.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215409.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215413.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215418.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215419.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215423.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215427.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215431.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215435.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215439.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215443.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215447.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215451.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215455.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215459.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215463.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215467.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215471.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215475.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215479.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215483.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215487.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215491.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215495.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215499.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215503.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215507.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215511.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215515.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215519.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215523.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215527.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215531.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215535.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215539.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215543.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215547.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215557.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215561.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215577.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215581.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215585.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215589.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215594.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215599.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215603.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215607.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215608.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215612.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215618.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215623.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215626.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215631.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215637.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215640.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215647.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215651.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215655.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215659.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215663.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215667.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215671.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215675.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215679.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215683.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215687.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215691.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215695.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215699.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215703.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215707.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215711.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215715.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215719.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215723.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215727.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215731.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215735.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215739.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215743.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215747.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215751.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215755.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215759.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215763.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215767.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215771.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215775.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215779.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215783.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215787.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215791.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215795.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215799.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215803.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215807.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215811.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215815.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215819.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215823.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215827.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215831.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215835.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215839.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215843.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215847.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215851.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215855.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215859.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215863.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215867.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215871.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215875.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215879.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215883.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215887.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215891.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215895.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215899.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215903.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215907.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215911.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215915.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215919.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215923.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215927.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215931.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215935.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215939.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215943.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215947.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215951.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215955.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215959.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215963.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215967.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215971.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215975.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215979.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215983.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215987.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215991.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215995.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0215999.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216003.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216007.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216011.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216015.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216019.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216023.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216027.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216031.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216035.inf Infected: Worm.Win32.AutoRun.qmp 1
    D:\System Volume Information\_restore{6BFFA5CB-5063-473A-98FB-D3492BEBB1F7}\RP765\A0216039.inf Infected: Worm.Win32.AutoRun.qmp 1
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/758656

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice