Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi Everyone,
Mcafee antivirus has detected the Trojan New Malware.j in a file C:\windows\system32\updates.exe, and cannot clean or delete it.
If I tell Mcafee to delete or quarantine the file, it will do it for that session, but it re-appears on next reboot.
The only effect I'm getting is if I create a new folder, the folder is created with the name of a bird (eg. seagull, oriole etc) instead of "new folder". Renaming the folder works ok. A minor irritation I know, but very annoying, and I'm worried other hidden things may be happening. Has anyone any ideas?
I would be eternally grateful.
Steveq.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
0 
Thanks Jabuck for your response. I am having a few days holiday over Easter, so will follow your advice on my return. I'll be in touch soon.
Thanks again,
Steveq
0
Hi again Jabuck. Back from Easter holiday and have done a Hijack this log for you.
Hope this helps and we can crack this.
Many thanks.
steveq.
Here is the log:-
Logfile of HijackThis v1.99.1
Scan saved at 13:00:37, on 10/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\WINDOWS\svhst32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-b...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
F3 - REG:win.ini: run=C:\WINDOWS\system32\wandrv.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MM_MODULE] "C:\Program Files\MIC\HAWAII\Hawaii.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" /autorun
O4 - HKLM\..\Run: [Device cache manager] "C:\WINDOWS\mcache32.exe" -a
O4 - HKLM\..\Run: [Microsoft Server Process] "C:\WINDOWS\svhst32.exe" -a
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Automatic Media Update] "C:\WINDOWS\SYSTEM32\SUPPRT.RVD" -a
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STManager] "C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMem] "C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe"
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" /START
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicman...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BF79732-DD4C-4B3B-A568-49E08AFC9E16}: NameServer = 80.225.255.58 80.225.255.50
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeDownload and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
F3 - REG:win.ini: run=C:\WINDOWS\system32\wandrv.exe
O4 - HKLM\..\Run: [Device cache manager] "C:\WINDOWS\mcache32.exe" -a
O4 - HKLM\..\Run: [Microsoft Server Process] "C:\WINDOWS\svhst32.exe" -a
Exit Hijack This
Run Killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\mcache32.exe
C:\WINDOWS\svhst32.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click Here to download and run missingfilesetup.exe. Then try Killbox again.Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Post the AVG report and a new hijack This report.
Go to this link, http://www.virustotal.com/en/indexf.html and use the "browse" button to locate these files:
C:\WINDOWS\SYSTEM32\SUPPRT.RVD
Then double click the first file to enter it into the "upload and scan box", click send, then post the results. You may have to scroll to the right to see the "send" button.
0
Hi Jabuck, and thanks for your last response.
I did what you suggested right up to the Hijack This run in safe mode, (log follows),
but some of the items you wanted me to check are no longer there, and I didn't want to carry on just in case I caused something catastrophic to happen!
Could you take a look at the log and let me know if I should just check
04-HKLM....."C:\WINDOWS\svhst32.exe" -a,
or what.
I've also noticed that there are 2 entries refering to the file "updates.exe" (the one flagged as having the trojan). Is this significant? Anyway, here's the Hijack This log (safe mode):-
Logfile of HijackThis v1.99.1
Scan saved at 19:41:18, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-b...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\uk.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MM_MODULE] "C:\Program Files\MIC\HAWAII\Hawaii.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" /autorun
O4 - HKLM\..\Run: [Microsoft Server Process] "C:\WINDOWS\svhst32.exe" -a
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Automatic Media Update] "C:\WINDOWS\SYSTEM32\SUPPRT.RVD" -a
O4 - HKLM\..\Run: [Install part II] "C:\WINDOWS\system32\updates.exe" -o
O4 - HKLM\..\Run: [spywarefighterguard] "C:\Program Files\SPYWAREfighter\spftray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicman...
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeHope this all makes sense to you! I really appreciate your help.
Best regards,
steveq
0
Sorry Jabuck, I can only find 1 reference to "updates.exe" not 2. I must be getting double vision looking at the log!.
Thanks.
0
First we need the results of the scan from virustotal in response #4 then we can update the removal process.
0
Hi again Jabuck,
I've done the virustotal scan, (log follows),
but I wasn't sure whether you wanted me to just do the virustotal scan, or whether I should have done killbox, ATF-cleaner and AVG anti-spyware before it. Anyway, I've only done the virustotal scan. If this was wrong, forgive me and I'll do the others prior to running it again. Also, I ran it in normal mode. Hope this was the right thing to do.
So here comes the log:-
Complete scanning result of "SUPPRT.RVD", received in VirusTotal at 04.12.2007, 20:27:09 (CET).Antivirus Version Update Result
AhnLab-V3 2007.4.12.0 04.12.2007 no virus found
AntiVir 7.3.1.50 04.12.2007 no virus found
Authentium 4.93.8 04.12.2007 no virus found
Avast 4.7.936.0 04.11.2007 no virus found
AVG 7.5.0.447 04.12.2007 no virus found
BitDefender 7.2 04.12.2007 DeepScan:Generic.Malware.N!!.2D5DD931
CAT-QuickHeal 9.00 04.12.2007 (Suspicious) - DNAScan
ClamAV devel-20070312 04.12.2007 no virus found
DrWeb 4.33 04.12.2007 no virus found
eSafe 7.0.15.0 04.12.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3562 04.12.2007 no virus found
Ewido 4.0 04.12.2007 no virus found
FileAdvisor 1 04.12.2007 no virus found
Fortinet 2.85.0.0 04.12.2007 no virus found
F-Prot 4.3.2.48 04.12.2007 no virus found
F-Secure 6.70.13030.0 04.12.2007 no virus found
Ikarus T3.1.1.5 04.12.2007 no virus found
Kaspersky 4.0.2.24 04.12.2007 no virus found
McAfee 5006 04.11.2007 no virus found
Microsoft 1.2405 04.12.2007 no virus found
NOD32v2 2184 04.12.2007 no virus found
Norman 5.80.02 04.12.2007 no virus found
Panda 9.0.0.4 04.12.2007 Suspicious file
Prevx1 V2 04.12.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.12.2007 no virus found
TheHacker 6.1.6.088 04.09.2007 no virus found
VBA32 3.11.3 04.12.2007 no virus found
VirusBuster 4.3.7:9 04.12.2007 no virus found
Webwasher-Gateway 6.0.1 04.12.2007 Worm.Win32.Malware.gen#PECompact!84 (suspicious)
Aditional Information
File size: 224768 bytes
MD5: c732cb03b1301fe63b12e7400371afeb
SHA1: c97e35cc446b5ad3278ab2d2ad56d1d276315bcc
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.So there it is. Hope it means something to you!
Best regards,
steveq.
0
Reboot into safe mode and run Hijack This and remove these items:
O4 - HKLM\..\Run: [Microsoft Server Process] "C:\WINDOWS\svhst32.exe" -a
O4 - HKLM\..\Run: [Automatic Media Update] "C:\WINDOWS\SYSTEM32\SUPPRT.RVD" -a
O4 - HKLM\..\Run: [Install part II] "C:\WINDOWS\system32\updates.exe" -o
Exit Hijack This but remain in safe mode.
Run Killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\mcache32.exe
C:\WINDOWS\svhst32.exe
C:\WINDOWS\SYSTEM32\SUPPRT.RVD
C:\WINDOWS\system32\updates.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click Here to download and run missingfilesetup.exe. Then try Killbox again.Next run AFT-Cleaner and AVG AntiSpyware from safe mode as suggested in response #4, then post a Combofix log and a new Hijack This log please.
0
Hi Jabuck,
I've done what you suggested in your last response, and the results follow. You said to do a "Combofix" log. I don't know what this is (it hasn't been mentioned before), so I haven't done this. The AVG anti-spyware scan gave a "no threats found" result.
By the way, McAfee is still flagging the Trojan.
Here are the logs:-
Logfile of HijackThis v1.99.1
Scan saved at 09:47:39, on 13/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-b...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\uk.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MM_MODULE] "C:\Program Files\MIC\HAWAII\Hawaii.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" /autorun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [spywarefighterguard] "C:\Program Files\SPYWAREfighter\spftray.exe"
O4 - HKLM\..\Run: [Microsoft Server Process] "C:\WINDOWS\svhst32.exe" -a
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicman...
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
AVG Anti-Spyware - Scan Report
+ Created at: 09:46:24 13/04/2007+ Scan result:
Nothing found.
::Report end
Best regards,
steveq
0
Sorry, long hours at work this week.
Go to start> control panel> add/remove programs and uninstall this program:
spywarefighterguard( it's a rogue program)
Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip
1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop
2. Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXFiles to delete:
C:\WINDOWS\svhst32.exe
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply and post a new Hijack This log.Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the log it produces.
0
Hi again,
I'm with you regarding time problems - my younger daughter's recently bought a house and I've had to dig the ground to prepare for a lawn this morning. Still, it's done now and I'm back to the Trojan problem!
Here are the logs you requested:-Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nlugrghy*******************
Script file located at: \??\C:\kbnxkxaj.txt
Script file opened successfully.Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\svhst32.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 15:32:02, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wandrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-b...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
F3 - REG:win.ini: run=C:\WINDOWS\system32\wandrv.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MM_MODULE] "C:\Program Files\MIC\HAWAII\Hawaii.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" /autorun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Microsoft Server Process] "C:\WINDOWS\svhst32.exe" -a
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Install part II] "C:\WINDOWS\system32\updates.exe" -o
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STManager] "C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" /START
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicman...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BF79732-DD4C-4B3B-A568-49E08AFC9E16}: NameServer = 80.225.255.58 80.225.255.50
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"Steve" - 07-04-14 15:34:41 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "D:\Documents and Settings\Steve\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))
2007-04-14 15:29 187,904 --a------ C:\WINDOWS\svhst32.exe
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:29 <DIR> d-------- C:\avenger
2007-04-14 15:14 187,904 --a------ C:\WINDOWS\system32\updates.exe
2007-04-13 09:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-04-13 07:58 <DIR> d-------- C:\!KillBox
2007-03-31 19:53 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-31 19:53 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-31 19:53 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-31 19:53 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-31 19:53 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-31 19:53 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-31 19:53 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-31 19:53 <DIR> d-------- C:\Program Files\Alwil Software
2007-03-31 19:53 <DIR> d-------- C:\Program Files\Alwil Software
2007-03-31 19:19 187,904 --a------ C:\WINDOWS\system32\ukgcri.dat
2007-03-29 18:42 187,904 --a------ C:\WINDOWS\system32\remomivi.exe
2007-03-25 12:42 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-03-25 10:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-24 20:36 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-24 18:31 <DIR> d-------- C:\Program Files\ESTsoft
2007-03-24 18:31 <DIR> d-------- C:\Program Files\ESTsoft
2007-03-23 17:15 <DIR> d-------- C:\Program Files\PCClear_Plus
2007-03-23 17:15 <DIR> d-------- C:\Program Files\PCClear_Plus
2007-03-23 16:45 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-03-23 16:45 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-03-23 16:45 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-03-23 16:45 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-03-23 16:45 <DIR> d-------- C:\Program Files\Webroot
2007-03-23 16:45 <DIR> d-------- C:\Program Files\Webroot
2007-03-22 20:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-03-22 20:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-03-22 11:06 <DIR> d-------- C:\WINDOWS\pss
2007-03-22 09:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-17 13:42 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-03-15 17:11 187,904 --a------ C:\WINDOWS\system32\wandrv.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-31 22:02 44288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-24 16:16 -------- d-------- C:\Program Files\mcafee
2007-03-24 16:16 -------- d-------- C:\Program Files\mcafee
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 19:47 -------- d-------- C:\Program Files\thomson
2007-03-15 19:47 -------- d-------- C:\Program Files\thomson
2007-03-09 18:33 -------- d-------- C:\Program Files\tweaknow regcleaner
2007-03-09 18:33 -------- d-------- C:\Program Files\tweaknow regcleaner
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-21 12:06 167936 --a------ C:\WINDOWS\system32\pcclear_plus_r.exe
2007-02-17 15:53 -------- d-------- C:\Program Files\xnview
2007-02-17 15:53 -------- d-------- C:\Program Files\xnview
2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SmpcSys"="C:\\APPS\\SMP\\SmpSys.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"STManager"="\"C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe\" -b"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"McAfee QuickClean Imonitor"="\"C:\\Program Files\\McAfee\\McAfee QuickClean\\Plguni.exe\" /START"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NECHotkey"="mHotkey.exe"
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\""
"ATIPTA"="\"C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe\""
"OASClnt"="\"C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MM_MODULE"="\"C:\\Program Files\\MIC\\HAWAII\\Hawaii.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"McRegWiz"="\"C:\\PROGRA~1\\McAfee.com\\Agent\\McRegWiz.exe\" /autorun"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"Microsoft Server Process"="\"C:\\WINDOWS\\svhst32.exe\" -a"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Install part II"="\"C:\\WINDOWS\\system32\\updates.exe\" -o"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Disabled]
"Ulead AutoDetector v2"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"
"Omnipage"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=hex:00,00,00,00
"NoSaveSettings"=hex:00,00,00,00
"ClearRecentDocsOnExit"=hex:00,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Extended Warranty.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.netscanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0********************************************************************
Completion time: 07-04-14 15:39:43
C:\ComboFix-quarantined-files.txt ... 07-04-14 15:39
0
Go to start> control panel> add/remove programs and uninstall this program if it was free, if you paid for it don't uninstall it yet:
PCClear_Plus
Run Hijack This and remove these items:
F3 - REG:win.ini: run=C:\WINDOWS\system32\wandrv.exe
O4 - HKLM\..\Run: [Microsoft Server Process] "C:\WINDOWS\svhst32.exe" -a
O4 - HKLM\..\Run: [Install part II] "C:\WINDOWS\system32\updates.exe" -o
Exit Hijack This.
Run avenger again and delete these files.
C:\WINDOWS\svhst32.exe
C:\WINDOWS\system32\updates.exe
C:\WINDOWS\system32\wandrv.exe
Navigate to and delete these folders if found:
C:\Program Files\PCClear_Plus (same allpies as in the uninstall)
C:\!KillBox
Next open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Install part II"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXGo to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Post a new Hijack This log and a new Combofix log please.<PP>Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives.
A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable.
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log on your desktop.
0
Hi again.
Here are the logs you wanted:-Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yvuestwq*******************
Script file located at: \??\C:\Program Files\rswekyah.txt
Script file opened successfully.Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\svhst32.exe deleted successfully.
File C:\WINDOWS\system32\updates.exe not found!
Deletion of file C:\WINDOWS\system32\updates.exe failed!Could not process line:
C:\WINDOWS\system32\updates.exe
Status: 0xc0000034File C:\WINDOWS\system32\wandrv.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 13:21:53, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-b...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MM_MODULE] "C:\Program Files\MIC\HAWAII\Hawaii.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" /autorun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STManager] "C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" /START
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicman...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BF79732-DD4C-4B3B-A568-49E08AFC9E16}: NameServer = 80.225.255.58 80.225.255.50
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"Steve" - 07-04-15 13:23:59 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "D:\sq-data\Downloads\Downloaded Programs"
((((((((((((((((((((((((((((((( Files Created from 2007-03-15 to 2007-04-15 ))))))))))))))))))))))))))))))))))
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-15 13:15 <DIR> d-------- C:\avenger
2007-04-13 09:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-31 19:53 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-31 19:53 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-31 19:53 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-31 19:53 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-31 19:53 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-31 19:53 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-31 19:53 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-31 19:53 <DIR> d-------- C:\Program Files\Alwil Software
2007-03-31 19:53 <DIR> d-------- C:\Program Files\Alwil Software
2007-03-31 19:19 187,904 --a------ C:\WINDOWS\system32\ukgcri.dat
2007-03-29 18:42 187,904 --a------ C:\WINDOWS\system32\remomivi.exe
2007-03-25 12:42 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-03-25 10:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-24 20:36 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-24 18:31 <DIR> d-------- C:\Program Files\ESTsoft
2007-03-24 18:31 <DIR> d-------- C:\Program Files\ESTsoft
2007-03-23 16:45 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-03-23 16:45 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-03-23 16:45 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-03-23 16:45 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-03-23 16:45 <DIR> d-------- C:\Program Files\Webroot
2007-03-23 16:45 <DIR> d-------- C:\Program Files\Webroot
2007-03-22 20:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-03-22 20:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-03-22 11:06 <DIR> d-------- C:\WINDOWS\pss
2007-03-22 09:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-17 13:42 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-31 22:02 44288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-24 16:16 -------- d-------- C:\Program Files\mcafee
2007-03-24 16:16 -------- d-------- C:\Program Files\mcafee
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 19:47 -------- d-------- C:\Program Files\thomson
2007-03-15 19:47 -------- d-------- C:\Program Files\thomson
2007-03-09 18:33 -------- d-------- C:\Program Files\tweaknow regcleaner
2007-03-09 18:33 -------- d-------- C:\Program Files\tweaknow regcleaner
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-21 12:06 167936 --a------ C:\WINDOWS\system32\pcclear_plus_r.exe
2007-02-17 15:53 -------- d-------- C:\Program Files\xnview
2007-02-17 15:53 -------- d-------- C:\Program Files\xnview
2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SmpcSys"="C:\\APPS\\SMP\\SmpSys.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"STManager"="\"C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe\" -b"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"McAfee QuickClean Imonitor"="\"C:\\Program Files\\McAfee\\McAfee QuickClean\\Plguni.exe\" /START"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NECHotkey"="mHotkey.exe"
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\""
"ATIPTA"="\"C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe\""
"OASClnt"="\"C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MM_MODULE"="\"C:\\Program Files\\MIC\\HAWAII\\Hawaii.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"McRegWiz"="\"C:\\PROGRA~1\\McAfee.com\\Agent\\McRegWiz.exe\" /autorun"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Disabled]
"Ulead AutoDetector v2"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"
"Omnipage"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=hex:00,00,00,00
"NoSaveSettings"=hex:00,00,00,00
"ClearRecentDocsOnExit"=hex:00,00,00,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Extended Warranty.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
********************************************************************catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.netscanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0********************************************************************
Completion time: 07-04-15 13:28:37
C:\ComboFix-quarantined-files.txt ... 07-04-15 13:28
C:\ComboFix2.txt ... 07-04-14 15:39Sleep sweet - Home Video_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Smack that - Akon Ft Eminem_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Smile_-_Lily Allen_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Smoke and Mirrors - Snowman_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Smooth Criminal_-_Michael Jackson_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Snap Yo Fingers_-_Lil Jon_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Snow (Hey Oh)_-_Red Hot Chili Peppers_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
So Far Gone - The Early Years_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
So Klingt Liebe_-_And One_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
So Sick_-_Ne Yo_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
So Sick_-_Ne-Yo_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Soapte_-_DJ Project_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Some Loud Thunder - Clap Your Hands Say Yeah!_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Somebodys Watching me_-_Beatfreakz_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Something Kinda Ooooh (Original Radio Edit) - Girls Aloud_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Something Kinda Ooooh - Girls Aloud_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Sommer Unseres Lebens_-_Sebastian Haemer_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Song for Clay - Bloc Party_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
SonyEricsson_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Sorry's not good enough - Mcfly_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Sorry_-_Madonna_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Soundtrack to Your Life_-_Ashley Parker Angel_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Sour Shores - Portastatic_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Space Jam_-_Quad City DJ's_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(deutsch).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(deutsch)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(deutsch)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(deutsch)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(en).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(en)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(en)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(en)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(german).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(german)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(german)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(german)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(US).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(US)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(US)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_(US)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spamkiller_v.7.0.23_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Speak To Our Empty Pockets - Strike Anywhere_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spiders House - Califone_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Springt Hoch_-_Killerpilze_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(deutsch).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(deutsch)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(deutsch)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(deutsch)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(en).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(en)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(en)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(en)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(german).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(german)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(german)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(german)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(US).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(US)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(US)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_(US)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Spyware_Doctor_3.2_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Starlight - Muse_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(deutsch).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(deutsch)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(deutsch)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(deutsch)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(en).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(en)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(en)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(en)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(german).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(german)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(german)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(german)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(US).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(US)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(US)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_(US)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
StarMoney_5.0_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Stars are Blind_-_Paris Hilton_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steady as she goes (Acoustic) - The Raconteurs_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steady as she Goes._-_The Raconteurs_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(deutsch).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(deutsch)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(deutsch)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(deutsch)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(en).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(en)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(en)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(en)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(german).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(german)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(german)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(german)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(US).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(US)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(US)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_(US)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Steinberg_Wavelab_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Step on inside - Vietnam_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Stop Dimentica_-_Tiziano Ferro_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Stuntin' like my Daddy - Birdman & Lil Wayne_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Stupid Girls_-_Pink_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Suddenly I see - K T Tunstall_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Sugar and Lime - Strip Music_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Super Sommer_-_Luttenberger-Klug_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Sureshot_-_Tomcraft Ft Sido & Tai Ja_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Suspicious Character - The Blood Arm_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Suzie_-_Boy Kill Boy_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Sweet Dreams_-_La Bouche_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Swing the Mood_-_Jive Bunny & The Mastermixers_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Swisha - Ratatat_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tag mit Schutzumschlag_-_Bela B_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Take a Chance - The Magic Numbers_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Take It From Me - The Weepies_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tanz der Molekuele_-_Mia_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Te Queiro a Veces_-_Azuquita Ft Reim_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tears Dont Fall_-_Bullet For My Valentine_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Teenage Life_-_Daz Simpson_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tell me - Diddy Ft. Christina Aguilera_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tell me Baby_-_Red Hot Chili Peppers_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tell me keep me - Field Music_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tell me Wh_-_Supermode_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Temperature_-_Sean Paul_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tennessee Girl_-_Sammy Kershaw_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Thank You_-_Roger Moore_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
That Girl is a Cowboy_-_Garth Brooks_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
That You Might - Home Video_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
That's that s--- - Snoop Dogg Ft. R. Kelly_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Thats the Way my Heart goes_-_Marie Serneholt_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Adventure_-_Angels & Airwaves_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Burning Ambition of Early Diuretics - The Pipettes_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Californian - Bob Schnieder_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Day I Turned To Glass - Honeycut_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Day is a Downer - IV Thieves_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The great Escape - Art Brut_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The great Escape_-_Ilse DeLange_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Pick of Destiny - Tenacious D_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Pieces don't Fit Anymore - James Morrison_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Right Thing - Prophet Omega_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Rockafeller Skank_-_Fatboy Slim_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Rule Of V - Roman Numerals_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Saints are Coming - Green Day & U2_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Sun goes down on Manor Road - The Wonder Stuff_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Surfer - The Citizens_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Time of our Lives_-_Il Divo With Toni Braxton_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
The Wisdom Song - Demetri Martin_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Thick as Thieves - The Others_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Thinking of You - Molly Jenson_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Three Lions_-_Baddiel & Skinner & Lightning Seeds_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Thrill Of It - Robert Randolph & The Family B_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Through Glass_-_Stone Sour_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Ticket To Immorality - The Dears_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tim Mcgraw - Taylor Swift_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
To Your Ghost - Venice Is Sinking_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tom's Diner_-_Suzanne Vega_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Toms Diner_-_Karmah_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tonight is the Night_-_Le Click_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tonight_-_Reamonn_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Too Late For Us Now - Roger Joseph Manning Jr._(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Too little too Late - JoJo_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Too much to Hide - Joseph Arthur_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tootsee Roll_-_69 Boyz_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Toppertje_-_Guillermo & Tropical Danny_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Total Eclipse of the Heart_-_Nicki French_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Touch it_-_Busta Rhymes_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Touch me_-_Cathy Dennis_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Treehouse - I'm From Barcelona_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Truly Madly Deeply - Cascada_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Trumpets_-_Flipsyde_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Tuning the Air - The New Sound Of Numbers_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Two Left Feet - The Holloways_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Typical - MuteMath_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Ulcer Soul - The Willowz_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Ultimatum_-_Shaggy Feat. Natasha Watkin_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Un Dos Trés_-_Frans Bauer_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Undercover - Pete Yorn_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Unendlich_-_Silbermond_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Unfaithful (Maurice's Club Mix_-_Rihanna_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Unfaithful_-_Rihanna_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
United States of Love_-_Westbam_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Unser Stadion - Unsere Regeln_-_Nordend Antistars_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Up all Night_-_Matt Willis_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Upside down_-_Jack Johnson_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Van Nuys (Es Very Nice) - Los Abandoned_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Virus_-_LaFee_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Visual Basic keygenerator.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Voice Electric - Stephen Brodsky_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Von Vorn Anfangen_-_Neuser_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wait a Minute (Feat. Timbaland) - p--sycat Dolls_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wait a Minute - Your Code Name Is Milo_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Waiting 4 You (Say Say Say)_-_Hi Tack_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Waiting on the World to Change - John Mayer_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Walk away - Paula Deanda_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Walk it out (Dirty) - DJ Unk_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wasted State of Mind - And You Will Know Us By The Trail Of Dead_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Watchin over You_-_Patrick Nuo_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Watching You - Rodney Atkins_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
We are the Champions_-_Crazy Frog_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
We Fly high (Ballin') - Jim Jones_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
We Fly high - Jim Jones_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Weil Du bei mir bist_-_Pur_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Welcome 2 Detroit_-_Trick Trick Ft Eminem_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Welcome Home Son - Radical Face_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Welcome to the Black Parade - My Chemical Romance_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wenn jetzt Sommer Waer_-_Pohlmann_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wet And Rusting - Menomena_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
What goes Around...comes Around - Justin Timberlake_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
What Hurts the Most - Rascal Flatts_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
What You do - Big Bass Vs Michelle Narine_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
What You Waiting for - Franz Ferdinand_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Whats Left of me_-_Nick Lachey_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
When The Creepers Creep In - The Village Green_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
When You gonna (Give it up to me_-_Sean Paul Ft. Keyshia Cole_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Where Does the Love go_-_Eric Benet Yvonne Catterfeld_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Whered You go_-_Fort Minor_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Whistle for the Choir - The Fratellis_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
White and Nerdy - Weird Al Yankovic_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
white_house_porno_demo.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Who do You Think You are Kidding Jurgen Klinsmann_-_Tonedef Allstars_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Who Knew_-_Pink_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Who Let The Lights Off Baby - Guillemots_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Who Says You Cant go Home_-_Bon Jovi_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Whos Your Daddy_-_Lordi_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wind it up - Gwen Stefani_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Window in the Skies (Album Version) - U2_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Window in the Skies - U2_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows 2003 seriales.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows 98 Seriales.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows Me seriales.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows Xp Home serial number.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows Xp Profesional serial number.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(deutsch)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(deutsch)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(deutsch)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(en)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(en)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(en)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(german).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(german)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(german)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(german)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(US)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(US)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_(US)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Windows_vista_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(deutsch)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(deutsch)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(deutsch)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(en)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(en)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(en)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(german)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(german)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(german)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(US)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(US)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_(US)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(deutsch).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(deutsch)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(deutsch)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(deutsch)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(en)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(en)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(en)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(german).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(german)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(german)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(german)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(US)_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(US)_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_(US)_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_keygen.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_patch.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
windows_xp_sp2_serial.exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Winter - Cord_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wire and Glass (E.p)_-_The Who_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wiseman_-_James Blunt_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Womit Hab ich das Verdient_-_Saad_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wonderful World(Re) - James Morrison_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wondering - Dirty Pretty Things_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Wont Forget these Days 2006_-_Music Team Germany_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
World at Your Feet_-_Embrace_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
World hold on (Children of the Sky) - Bob Sinclar_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Worldhold on_-_Bob Sinclar_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Worthy - The Suffrajets_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Writing On The Wall (Remix) - Cities_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Yeah Yeah - Bodyrox Ft. Luciana_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You (Remix) - Lloyd Featuring Lil Wayne_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You Are Not My Boyfriend - Britta Persson_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You Came 2006_-_Kim Wilde_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You don't know - Eminem_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You Dont know - Eminem 50 Cent Lloyd Banks_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You give me Something_-_James Morrison_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You got the Love_-_The Source Ft Candi Staton_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You know I'm no good - Amy Winehouse_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You know my Name - Chris Cornell_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You Look Ready - The Zebras_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
You make me feel_-_Postman_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Your Biggest Fan - Voxtrot_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Your Face Looks All Wrong - Hot Club De Paris_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Zeilen aus Gold_-_Xavier Naidoo_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Zeit Dass Sich was Dreht_-_Herbert Groenemeyer Ft Amad_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
Zieh die Schuh aus_-_Roger Cicero_(self_extracting).exe;C:\Program Files\Common Files\Microsoft Shared;Trojan.Szlig;Deleted.;
A0000403.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000404.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000405.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000406.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000407.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000408.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000409.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000410.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000411.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000412.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000413.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000414.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000415.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000416.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000417.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000418.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000419.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000420.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000421.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000422.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000423.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000424.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000425.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000426.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000427.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000428.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000429.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000430.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000431.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000432.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000433.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000434.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000435.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000436.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000437.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000438.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000439.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000440.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000441.exe;C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP10;Trojan.Szlig;Deleted.;
A0000442.exe;C:\System Volume Information\_resto
0
Those p2p shared folders can really house some baddies that's for sure.
Navigate to and delete this folder if found:
C:\WINDOWS\system32\pcclear_plus_r.exe
Next, your java is out of date as soon as possible. Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.
How is the computer operating?
0
Hi again,
the computer seems fine now. I've done a McAfee scan and it reports all clear.
That was a real toughee to get rid of, I can't thank you enough for your advice and guidance.
For the future, in your opinion, which programs should I use to keep viruses, Trojans, spyware etc. at bay? I thought I'd taken reasonable precautions, but I obviously hadn't. Would really appreciate your thoughts.
Thanks a million,
steveq.
0
Hello steveg, I can only tell you that what I use has been very succesfull which is AVG Free Antivirus, Zonealarm Free Firewall, SpywareBlaster Free Antispyware, Popup Stopper Free Edition and keep Windows, Java, and all the above updated.
Glad we could help.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
