Solved Malware and Virus Removal

[Resolved] Malware and Virus Removal

This is regarding the logs required to check if there is a Malware or else something suspicious.



DDS (Ver_09-06-26.01) - NTFSx86
Run by Phoenix at 22:28:23.39 on Fri 07/03/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1052 [GMT 5.5:30]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\McAfee.com\Agent\mcagent.exe
F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
F:\Program Files\Nero\Nero 7\InCD\InCD.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\lg_fwupdate\fwupdate.exe
F:\Program Files\MessengerPlus! 3\MsgPlus.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Program Files\McAfee\MSK\MskSrver.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\Program Files\SiteAdvisor\6172\SAService.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
f:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
f:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\Xilero\XiLeRO!.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Phoenix\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Phoenix\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - f:\program files\siteadvisor\6172\SiteAdv.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - f:\progra~1\mcafee\msk\mcapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - f:\program files\mcafee\virusscan\scriptsn.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - f:\program files\siteadvisor\6172\SiteAdv.dll
uRun: [cdoosoft] f:\windows\system32\olhrwef.exe
uRun: [msnmsgr] "f:\program files\msn messenger\msnmsgr.exe" /background
uRun: [BitTorrent DNA] "f:\program files\dna\btdna.exe "
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [defaultintra] f:\docume~1\phoenix\applic~1\great1\CurbJoy.exe
uRun: [Google Update] "f:\documents and settings\phoenix\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] f:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] f:\windows\system32\hkcmd.exe
mRun: [igfxpers] f:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [mcagent_exe] f:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SiteAdvisor] f:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [McENUI] f:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [NeroFilterCheck] f:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] f:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] f:\program files\nero\nero 7\incd\InCD.exe
mRun: [RemoteControl] "f:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "f:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [LGODDFU] "f:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [MessengerPlus3] "f:\program files\messengerplus! 3\MsgPlus.exe "
mRun: [upload curb default new] f:\documents and settings\all users\application data\lies shim upload curb\Inside Bike.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
TCP: {6DC3FA05-5EC9-40B5-870D-BE9C14909E63} = 172.16.0.45,4.2.2.2
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - f:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - f:\program files\siteadvisor\6172\SiteAdv.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\phoenix\applic~1\mozilla\firefox\profiles\sr7yhlo2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.type - 2
FF - component: f:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: f:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: f:\program files\siteadvisor\6172\ff\components\FFHook.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;f:\windows\system32\drivers\mfehidk.sys [2009-1-25 201320]
R2 McProxy;McAfee Proxy Service;f:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-25 358224]
R2 McShield;McAfee Real-time Scanner;f:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-25 144704]
R3 McSysmon;McAfee SystemGuards;f:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-25 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;f:\windows\system32\drivers\mfeavfk.sys [2009-1-25 79304]
R3 mfebopk;McAfee Inc. mfebopk;f:\windows\system32\drivers\mfebopk.sys [2009-1-25 35240]
R3 mferkdk;McAfee Inc. mferkdk;f:\windows\system32\drivers\mferkdk.sys [2009-1-25 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;f:\windows\system32\drivers\mfesmfk.sys [2009-1-25 40488]
S2 qysztbpa;System Installer;f:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;f:\windows\system32\drivers\dm9usb.sys [2009-5-23 54272]
S3 hzrlh;hzrlh;f:\windows\system32\01.tmp [2009-2-11 4096]
S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;f:\windows\system32\drivers\slnt.sys [2009-1-26 18004]

=============== Created Last 30 ================

2009-06-28 15:34 <DIR> --d----- f:\program files\Windows Media Connect 2
2009-06-28 15:32 <DIR> --d----- F:\7930e1e3eea0ba41db38
2009-06-28 15:31 <DIR> --d----- f:\windows\system32\LogFiles
2009-06-28 14:53 <DIR> -cd-h--- f:\docume~1\alluse~1\applic~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-28 13:51 <DIR> --d----- f:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-06-28 13:50 <DIR> --d----- f:\program files\Great1
2009-06-28 13:50 <DIR> --d----- f:\docume~1\phoenix\applic~1\Great1
2009-06-28 13:49 <DIR> --d----- f:\program files\Adverts
2009-06-28 13:49 <DIR> --d----- f:\program files\MessengerPlus! 3
2009-06-25 11:07 <DIR> -cdsh--- f:\program files\common files\WindowsLiveInstaller
2009-06-25 11:04 <DIR> --d----- f:\docume~1\phoenix\applic~1\MSNInstaller
2009-06-25 11:03 2,890,240 ac------ f:\windows\system32\dllcache\msi.dll
2009-06-25 11:03 884,736 ac------ f:\windows\system32\dllcache\msimsg.dll
2009-06-25 11:03 271,360 ac------ f:\windows\system32\dllcache\msihnd.dll
2009-06-25 11:03 78,848 ac------ f:\windows\system32\dllcache\msiexec.exe
2009-06-25 11:03 15,360 ac------ f:\windows\system32\dllcache\msisip.dll
2009-06-25 11:03 2,890,240 a------- f:\windows\system32\msi.dll
2009-06-25 11:03 884,736 a------- f:\windows\system32\msimsg.dll
2009-06-25 11:03 271,360 a------- f:\windows\system32\msihnd.dll
2009-06-25 11:03 78,848 a------- f:\windows\system32\msiexec.exe
2009-06-25 11:03 15,360 a------- f:\windows\system32\msisip.dll
2009-06-15 14:26 16,742,799 a------- f:\docume~1\alluse~1\applic~1\vlc-0.9.9-win32.exe
2009-06-14 22:10 299,008 a------- f:\windows\system32\MSDBRPTR.DLL
2009-06-14 22:10 137,216 a------- f:\windows\system32\MSDERUN.DLL
2009-06-14 22:10 77,824 a------- f:\windows\system32\msbind.dll
2009-06-14 22:10 <DIR> --d----- f:\program files\PublicSoft
2009-06-12 16:16 <DIR> --d----- f:\program files\DNA
2009-06-12 16:16 <DIR> --d----- f:\docume~1\phoenix\applic~1\DNA
2009-06-11 12:31 18,312 a------- f:\docume~1\phoenix\applic~1\GDIPFONTCACHEV1.DAT
2009-06-09 15:29 <DIR> --d----- F:\Temp

==================== Find3M ====================

2009-04-07 10:45 4,096 a------- f:\windows\system32\03.tmp
2009-02-01 23:40 648,055 a------- f:\docume~1\phoenix\applic~1\firefox.exe
2004-08-04 17:30 168,096 a--shr-- f:\windows\system32\lpxcm.dll
2009-02-25 19:14 91,648 ---shr-- f:\windows\system32\nmdfgds0.dll
2009-02-22 18:11 91,648 ---shr-- f:\windows\system32\nmdfgds1.dll

============= FINISH: 22:28:45.51 ===============



Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2009 4:00:11 PM
System Uptime: 7/3/2009 9:58:46 PM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 945GCM-S2L
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 2400/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 2400/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 20 GiB total, 8.613 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 33.541 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 17.386 GiB free.
F: is FIXED (NTFS) - 51 GiB total, 43.94 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP9: 4/5/2009 2:14:24 PM - Update to an unsigned driver
RP10: 4/11/2009 6:36:09 PM - System Checkpoint
RP11: 5/21/2009 2:30:40 PM - Removed Opera 9.60
RP12: 5/21/2009 2:30:47 PM - Installed Opera 9.64
RP13: 5/22/2009 4:48:22 PM - System Checkpoint
RP14: 5/22/2009 7:09:01 PM - Installed Windows Installer KB893803v2.
RP15: 5/22/2009 7:18:41 PM - Installed Windows XP WIC.
RP16: 5/22/2009 7:18:51 PM - Installed %1 %2.
RP17: 5/22/2009 7:18:55 PM - Printer Driver Microsoft XPS Document Writer Installed
RP18: 5/22/2009 7:22:19 PM - Installed DirectX
RP19: 5/23/2009 6:48:32 AM - Removed Autodesk 3ds Max 2009 32-bit
RP20: 5/23/2009 6:49:44 AM - Removed Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries
RP21: 5/23/2009 6:50:27 AM - Removed Autodesk 3ds Max 2009 32-bit Architectural Materials Library
RP22: 5/23/2009 6:50:57 AM - Removed Autodesk 3ds Max 2009 32-bit Movies
RP23: 5/23/2009 6:51:28 AM - Removed Autodesk 3ds Max 2009 32-bit ProMaterialsâ„¢ Library
RP24: 5/23/2009 6:51:42 AM - Removed Autodesk 3ds Max 2009 32-bit Vault 2008 Plug-In
RP25: 5/23/2009 6:51:52 AM - Removed Autodesk 3ds Max 2009 32-bit Vault 2009 Plug-In
RP26: 5/23/2009 6:52:03 AM - Removed Autodesk Backburner 2008.1
RP27: 5/23/2009 6:52:17 AM - Removed Bluerock Technologies Flight Studio 3ds Max 2009 32-bit
RP28: 5/23/2009 6:54:08 AM - Removed Turbo Squid Tentacles 3ds Max 2009 32-bit.
RP29: 5/23/2009 11:09:48 AM - Update to an unsigned driver
RP30: 6/3/2009 7:19:18 AM - System Checkpoint
RP31: 6/7/2009 9:43:25 AM - System Checkpoint
RP32: 6/11/2009 10:37:34 AM - System Checkpoint
RP33: 6/13/2009 12:12:57 PM - System Checkpoint
RP34: 6/25/2009 10:28:40 AM - Installed Windows Live Messenger
RP35: 6/25/2009 10:41:14 AM - Removed Windows Live Sign-in Assistant
RP36: 6/25/2009 10:46:01 AM - Installed Windows Installer KB893803v2.
RP37: 6/25/2009 11:03:53 AM - Installed Windows Installer KB893803v2.
RP38: 6/25/2009 11:06:52 AM - Installed Windows Live installer
RP39: 6/25/2009 11:07:26 AM - Installed Windows Live
RP40: 6/28/2009 3:18:38 PM - Installed Windows Media Player 11
RP41: 6/28/2009 3:26:57 PM - Installed Windows Installer KB893803v2.
RP42: 6/28/2009 3:30:35 PM - Installed Windows Media Player 11
RP43: 6/28/2009 3:31:30 PM - Installed Windows XP Wudf01000.
RP44: 6/28/2009 3:35:32 PM - Installed Windows XP MSCompPackV1.
RP45: 6/28/2009 3:36:15 PM - Installed Windows XP KB926239.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
DNA
DVD Suite
Google Chrome
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB926239)
Intel(R) Graphics Media Accelerator Driver
K-Lite Codec Pack 3.8.5 Full
LG ODD Auto Firmware Update
McAfee SecurityCenter
Messenger Plus! 3 & Sponsor
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (2.0)
MSXML 6.0 Parser (KB925673)
Nero 7 Essentials
neroxml
Opera 9.64
PowerDVD
PowerProducer
Realtek High Definition Audio Driver
Rhapsody Player Engine
Spice Handset Manager
VLC media player 1.0.0-rc4
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

6/28/2009 3:37:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
6/28/2009 10:26:48 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/28/2009 1:08:13 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/26/2009 8:58:21 PM, error: Service Control Manager [7023] - The System Installer service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
6/26/2009 8:08:55 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.

==== End Of File ===========================

 

Hi and welcome


Download Combofix© by sUBs from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3



Example:

* IamNotMalware.exe
* PleaseDontEatMe.exe

• If you are using Firefox, make sure that your download settings are as follows:
• Tools->Options->Main tab
• Set to "Always ask me where to Save the files ".

--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html

Please leave the flash drive plugged in while completing the following.

Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

The log u had asked for i guess its the same...



ComboFix 09-07-03.03 - Phoenix 07/04/2009 20:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1548 [GMT 5.5:30]
Running from: f:\documents and settings\Phoenix\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\gy.exe
C:\uvsqfgwd.cmd
D:\autorun.inf
D:\gy.exe
D:\uvsqfgwd.cmd
E:\Autorun.inf
E:\gy.exe
E:\uvsqfgwd.cmd
F:\autorun.inf
F:\gy.exe
F:\uvsqfgwd.cmd
f:\windows\system32\nmdfgds0.dll
f:\windows\system32\nmdfgds1.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 10:28 . 2004-08-03 19:26 159232 ----a-w- f:\windows\system32\ptpusd.dll
2009-07-04 10:28 . 2001-08-17 17:06 5632 ----a-w- f:\windows\system32\ptpusb.dll
2009-07-04 10:28 . 2004-08-03 17:28 15104 -c--a-w- f:\windows\system32\dllcache\usbscan.sys
2009-07-04 10:28 . 2004-08-03 17:28 15104 ----a-w- f:\windows\system32\drivers\usbscan.sys
2009-06-28 15:54 . 2009-07-04 09:54 -------- d-----w- f:\documents and settings\Phoenix\Application Data\vlc
2009-06-28 10:06 . 2004-08-04 12:00 25600 ----a-w- f:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-28 10:05 . 2009-06-28 10:05 -------- d-----w- f:\program files\Windows Live
2009-06-28 10:04 . 2009-06-28 10:04 -------- d-----w- f:\program files\Windows Media Connect 2
2009-06-28 10:02 . 2009-06-28 10:04 -------- d-----w- F:\7930e1e3eea0ba41db38
2009-06-28 10:01 . 2009-06-28 10:02 -------- d-----w- f:\windows\system32\drivers\UMDF
2009-06-28 10:01 . 2009-06-28 10:01 -------- d-----w- f:\windows\system32\LogFiles
2009-06-28 08:23 . 2009-06-28 08:23 339968 ----a-w- f:\documents and settings\Phoenix\Application Data\Great1\Mail Hold Meta.exe
2009-06-28 08:23 . 2009-06-28 08:23 372736 ----a-w- f:\documents and settings\Phoenix\Application Data\Great1\Managercoalboneford.exe
2009-06-28 08:22 . 2009-07-04 14:18 819200 ----a-w- f:\documents and settings\All Users\Application Data\Lies shim upload curb\Inside Bike.exe
2009-06-28 08:22 . 2009-06-28 08:22 819200 ----a-w- f:\documents and settings\Phoenix\Application Data\Great1\cpxukrpr.exe
2009-06-28 08:21 . 2009-06-28 08:21 -------- d-----w- f:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-28 08:20 . 2009-06-28 08:20 -------- d-----w- f:\program files\Great1
2009-06-28 08:20 . 2009-06-28 08:23 -------- d-----w- f:\documents and settings\Phoenix\Application Data\Great1
2009-06-28 08:20 . 2009-06-28 08:20 565248 ----a-w- f:\documents and settings\Phoenix\Application Data\Great1\CurbJoy.exe
2009-06-28 08:19 . 2009-06-28 08:19 -------- d-----w- f:\program files\Adverts
2009-06-28 08:19 . 2009-06-28 08:19 -------- d-----w- f:\program files\MessengerPlus! 3
2009-06-25 05:38 . 2009-06-25 05:38 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\PCHealth
2009-06-25 05:37 . 2009-06-25 05:37 -------- dcsh--w- f:\program files\Common Files\WindowsLiveInstaller
2009-06-25 05:36 . 2009-06-25 05:36 -------- d-----w- f:\documents and settings\All Users\Application Data\WLInstaller
2009-06-25 05:34 . 2009-06-25 05:34 -------- d-----w- f:\documents and settings\Phoenix\Application Data\MSNInstaller
2009-06-25 05:33 . 2005-05-04 09:15 884736 -c--a-w- f:\windows\system32\dllcache\msimsg.dll
2009-06-25 05:33 . 2005-05-04 09:15 884736 ----a-w- f:\windows\system32\msimsg.dll
2009-06-25 05:33 . 2005-05-04 09:15 78848 -c--a-w- f:\windows\system32\dllcache\msiexec.exe
2009-06-25 05:33 . 2005-05-04 09:15 78848 ----a-w- f:\windows\system32\msiexec.exe
2009-06-25 05:33 . 2005-05-04 09:15 271360 -c--a-w- f:\windows\system32\dllcache\msihnd.dll
2009-06-25 05:33 . 2005-05-04 09:15 271360 ----a-w- f:\windows\system32\msihnd.dll
2009-06-25 05:33 . 2005-05-04 09:15 15360 -c--a-w- f:\windows\system32\dllcache\msisip.dll
2009-06-25 05:33 . 2005-05-04 09:15 15360 ----a-w- f:\windows\system32\msisip.dll
2009-06-25 05:33 . 2005-05-04 09:15 2890240 -c--a-w- f:\windows\system32\dllcache\msi.dll
2009-06-25 05:33 . 2005-05-04 09:15 2890240 ----a-w- f:\windows\system32\msi.dll
2009-06-15 15:19 . 2009-06-15 15:19 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\Yahoo
2009-06-15 15:18 . 2009-06-15 15:18 -------- d-----w- f:\documents and settings\All Users\Application Data\Yahoo!
2009-06-15 08:56 . 2009-06-15 09:07 16742799 ----a-w- f:\documents and settings\All Users\Application Data\vlc-0.9.9-win32.exe
2009-06-14 16:40 . 2001-04-05 05:13 77824 ----a-w- f:\windows\system32\msbind.dll
2009-06-14 16:40 . 1998-06-17 18:30 299008 ----a-w- f:\windows\system32\MSDBRPTR.DLL
2009-06-14 16:40 . 1998-06-08 18:30 137216 ----a-w- f:\windows\system32\MSDERUN.DLL
2009-06-14 16:40 . 2009-06-14 16:40 -------- d-----w- f:\program files\PublicSoft
2009-06-12 10:46 . 2009-06-12 10:46 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\DNA
2009-06-12 10:46 . 2009-07-04 15:18 -------- d-----w- f:\documents and settings\Phoenix\Application Data\DNA
2009-06-12 10:46 . 2009-07-04 14:18 -------- d-----w- f:\program files\DNA
2009-06-09 09:59 . 2009-06-09 10:00 -------- d-----w- F:\Temp
2009-06-07 17:05 . 2009-06-07 17:05 0 ----a-w- f:\windows\nsreg.dat
2009-06-07 17:05 . 2009-06-07 17:05 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 14:18 . 2009-06-02 16:52 -------- d-----w- f:\program files\lg_fwupdate
2009-07-04 07:36 . 2009-01-25 14:01 -------- d-----w- f:\documents and settings\LocalService\Application Data\SiteAdvisor
2009-06-28 09:30 . 2009-06-28 09:23 -------- dc-h--w- f:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-28 08:22 . 2009-02-20 16:16 -------- d-----w- f:\documents and settings\All Users\Application Data\Lies shim upload curb
2009-06-28 07:41 . 2009-05-23 03:53 -------- d-----w- f:\program files\Google
2009-06-17 02:57 . 2009-01-25 14:01 -------- d-----w- f:\documents and settings\Phoenix\Application Data\SiteAdvisor
2009-06-15 15:20 . 2009-01-25 13:42 -------- d-----w- f:\program files\Yahoo!
2009-06-15 03:57 . 2009-01-30 04:27 18312 ----a-w- f:\documents and settings\Phoenix\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 11:37 . 2009-01-25 13:59 -------- d-----w- f:\program files\McAfee
2009-06-06 10:45 . 2009-06-02 16:53 -------- d-----w- f:\documents and settings\Phoenix\Application Data\CyberLink
2009-06-02 16:53 . 2009-06-02 16:53 -------- d-----w- f:\documents and settings\All Users\Application Data\CyberLink
2009-06-02 16:52 . 2009-01-25 13:47 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-06-02 16:51 . 2009-06-02 16:50 -------- d-----w- f:\program files\CyberLink
2009-06-02 16:50 . 2009-01-25 13:47 -------- d-----w- f:\program files\Common Files\InstallShield
2009-06-02 16:39 . 2009-02-01 11:52 -------- d-----w- f:\documents and settings\Phoenix\Application Data\dvdcss
2009-05-30 11:56 . 2009-01-30 04:27 -------- d-----w- f:\documents and settings\Phoenix\Application Data\Ahead
2009-05-23 01:23 . 2009-05-22 16:24 -------- d-----w- f:\program files\Super Audio Converter
2009-05-23 01:22 . 2009-05-22 13:52 -------- d-----w- f:\program files\Autodesk
2009-05-23 01:19 . 2009-05-22 13:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Autodesk
2009-05-22 14:12 . 2009-05-22 14:11 -------- d-----w- f:\documents and settings\Phoenix\Application Data\Autodesk
2009-05-22 14:01 . 2009-05-22 14:01 10134 ----a-r- f:\documents and settings\Phoenix\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-22 14:01 . 2009-05-22 14:01 -------- d-----w- f:\program files\Microsoft WSE
2009-05-22 13:51 . 2009-05-22 13:51 -------- d-----w- f:\program files\MSBuild
2009-05-22 13:51 . 2009-05-22 13:51 75488 ----a-w- f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-22 13:49 . 2009-05-22 13:49 -------- d-----w- f:\program files\Reference Assemblies
2009-05-21 09:00 . 2009-02-14 04:21 -------- d-----w- f:\program files\Opera
2009-04-07 05:15 . 2009-04-07 05:15 4096 ----a-w- f:\windows\system32\03.tmp
2006-10-11 08:04 . 2009-06-07 17:04 61036 ----a-w- f:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-06-07 17:04 48742 ----a-w- f:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-06-07 17:04 29313 ----a-w- f:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-06-07 17:04 41082 ----a-w- f:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-06-07 17:04 166510 ----a-w- f:\program files\mozilla firefox\components\xpinstal.dll
2004-08-04 12:00 . 2004-08-04 12:00 168096 --sha-r- f:\windows\system32\lpxcm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA "= "f:\program files\DNA\btdna.exe" [2009-06-12 318272]
"MSMSGS "= "f:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"defaultintra "= "f:\docume~1\Phoenix\APPLIC~1\Great1\CurbJoy.exe" [2009-06-28 565248]
"Google Update "= "f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "f:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd "= "f:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers "= "f:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"mcagent_exe "= "f:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SiteAdvisor "= "f:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"McENUI "= "f:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"NeroFilterCheck "= "f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc "= "f:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD "= "f:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"RemoteControl "= "f:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut "= "f:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU "= "f:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"MessengerPlus3 "= "f:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-06-28 190024]
"upload curb default new "= "f:\documents and settings\All Users\Application Data\Lies shim upload curb\Inside Bike.exe" [2009-07-04 819200]
"RTHDCPL "= "RTHDCPL.EXE" - f:\windows\RTHDCPL.exe [2008-02-13 16857600]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2006-10-6 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"f:\\Program Files\\DNA\\btdna.exe "=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7236:TCP "= 7236:TCP:bvxei

S2 qysztbpa;System Installer;f:\windows\system32\svchost.exe -k netsvcs [8/4/2004 5:30 PM 14336]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;f:\windows\system32\drivers\dm9usb.sys [5/23/2009 11:09 AM 54272]
S3 hzrlh;hzrlh;f:\windows\system32\01.tmp [2/11/2009 12:33 PM 4096]
S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;f:\windows\system32\drivers\slnt.sys [1/26/2009 3:12 PM 18004]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NPKCRYPT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qysztbpa
.
Contents of the 'Scheduled Tasks' folder

2009-07-04 f:\windows\Tasks\AEFE3F809111B88C.job
- f:\docume~1\phoenix\applic~1\great1\Mail Hold Meta.exe [2009-06-28 08:23]

2009-07-01 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1202660629-839522115-1003Core.job
- f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 08:22]

2009-07-04 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1202660629-839522115-1003UA.job
- f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 08:22]

2009-01-25 f:\windows\Tasks\McDefragTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-25 08:02]

2009-01-25 f:\windows\Tasks\McQcTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-25 08:02]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - f:\program files\MSN Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {6DC3FA05-5EC9-40B5-870D-BE9C14909E63} = 172.16.0.45,4.2.2.2
FF - ProfilePath - f:\documents and settings\Phoenix\Application Data\Mozilla\Firefox\Profiles\sr7yhlo2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.type - 2
FF - component: f:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: f:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: f:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: f:\program files\SiteAdvisor\6172\FF\components\FFHook.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 20:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hzrlh]
"ImagePath "= "\??\f:\windows\system32\01.tmp "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qysztbpa]
"ServiceDll "= "f:\windows\system32\lpxcm.dll "
.
Completion time: 2009-07-04 20:54
ComboFix-quarantined-files.txt 2009-07-04 15:24

Pre-Run: 47,310,409,728 bytes free
Post-Run: 47,501,426,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

222

 

Welcome back

You appear to have downloaded and installed MessengerPlus! 3 with sponsors.
At this time it is best to uninstall/delete. After your machine is clean you can reinstall again making note NOT to install with sponsors.



Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
f:\windows\Tasks\AEFE3F809111B88C.job
f:\windows\system32\01.tmp
:\windows\system32\03.tmp
f:\documents and settings\Phoenix\Application Data\Great1\Mail Hold Meta.exe
f:\documents and settings\All Users\Application Data\Lies shim upload curb\Inside Bike.exe
Folder::
f:\program files\Great1
f:\documents and settings\All Users\Application Data\Lies shim upload curb
f:\documents and settings\Phoenix\Application Data\Great1
Driver::
hzrlh
qysztbpa
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "defaultintra "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "upload curb default new "=-
NetSvc::
qysztbpa

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NEXT**
Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, so please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.



Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Ensure your external and/or USB/Flash or Pen drives are inserted during the scan.


Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
Kaspersky log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.


Please give me an update on how the computer is at the moment.

 

Thanks a lot for the help...

Here's the combofix log

ComboFix 09-07-03.03 - Phoenix 07/05/2009 10:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1572 [GMT 5.5:30]
Running from: f:\documents and settings\Phoenix\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Phoenix\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"f:\documents and settings\All Users\Application Data\Lies shim upload curb\Inside Bike.exe "
"f:\documents and settings\Phoenix\Application Data\Great1\Mail Hold Meta.exe "
"f:\windows\system32\01.tmp "
"f:\windows\Tasks\AEFE3F809111B88C.job "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\All Users\Application Data\Lies shim upload curb
f:\windows\system32\01.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QYSZTBPA
-------\Service_hzrlh
-------\Service_qysztbpa


((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-04 10:28 . 2004-08-03 19:26 159232 ----a-w- f:\windows\system32\ptpusd.dll
2009-07-04 10:28 . 2001-08-17 17:06 5632 ----a-w- f:\windows\system32\ptpusb.dll
2009-07-04 10:28 . 2004-08-03 17:28 15104 -c--a-w- f:\windows\system32\dllcache\usbscan.sys
2009-07-04 10:28 . 2004-08-03 17:28 15104 ----a-w- f:\windows\system32\drivers\usbscan.sys
2009-06-28 15:54 . 2009-07-04 09:54 -------- d-----w- f:\documents and settings\Phoenix\Application Data\vlc
2009-06-28 10:06 . 2004-08-04 12:00 25600 ----a-w- f:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-28 10:05 . 2009-06-28 10:05 -------- d-----w- f:\program files\Windows Live
2009-06-28 10:04 . 2009-06-28 10:04 -------- d-----w- f:\program files\Windows Media Connect 2
2009-06-28 10:02 . 2009-06-28 10:04 -------- d-----w- F:\7930e1e3eea0ba41db38
2009-06-28 10:01 . 2009-06-28 10:02 -------- d-----w- f:\windows\system32\drivers\UMDF
2009-06-28 10:01 . 2009-06-28 10:01 -------- d-----w- f:\windows\system32\LogFiles
2009-06-25 05:38 . 2009-06-25 05:38 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\PCHealth
2009-06-25 05:37 . 2009-06-25 05:37 -------- dcsh--w- f:\program files\Common Files\WindowsLiveInstaller
2009-06-25 05:36 . 2009-06-25 05:36 -------- d-----w- f:\documents and settings\All Users\Application Data\WLInstaller
2009-06-25 05:34 . 2009-06-25 05:34 -------- d-----w- f:\documents and settings\Phoenix\Application Data\MSNInstaller
2009-06-25 05:33 . 2005-05-04 09:15 884736 -c--a-w- f:\windows\system32\dllcache\msimsg.dll
2009-06-25 05:33 . 2005-05-04 09:15 884736 ----a-w- f:\windows\system32\msimsg.dll
2009-06-25 05:33 . 2005-05-04 09:15 78848 -c--a-w- f:\windows\system32\dllcache\msiexec.exe
2009-06-25 05:33 . 2005-05-04 09:15 78848 ----a-w- f:\windows\system32\msiexec.exe
2009-06-25 05:33 . 2005-05-04 09:15 271360 -c--a-w- f:\windows\system32\dllcache\msihnd.dll
2009-06-25 05:33 . 2005-05-04 09:15 271360 ----a-w- f:\windows\system32\msihnd.dll
2009-06-25 05:33 . 2005-05-04 09:15 15360 -c--a-w- f:\windows\system32\dllcache\msisip.dll
2009-06-25 05:33 . 2005-05-04 09:15 15360 ----a-w- f:\windows\system32\msisip.dll
2009-06-25 05:33 . 2005-05-04 09:15 2890240 -c--a-w- f:\windows\system32\dllcache\msi.dll
2009-06-25 05:33 . 2005-05-04 09:15 2890240 ----a-w- f:\windows\system32\msi.dll
2009-06-15 15:19 . 2009-06-15 15:19 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\Yahoo
2009-06-15 15:18 . 2009-06-15 15:18 -------- d-----w- f:\documents and settings\All Users\Application Data\Yahoo!
2009-06-15 08:56 . 2009-06-15 09:07 16742799 ----a-w- f:\documents and settings\All Users\Application Data\vlc-0.9.9-win32.exe
2009-06-14 16:40 . 2001-04-05 05:13 77824 ----a-w- f:\windows\system32\msbind.dll
2009-06-14 16:40 . 1998-06-17 18:30 299008 ----a-w- f:\windows\system32\MSDBRPTR.DLL
2009-06-14 16:40 . 1998-06-08 18:30 137216 ----a-w- f:\windows\system32\MSDERUN.DLL
2009-06-14 16:40 . 2009-06-14 16:40 -------- d-----w- f:\program files\PublicSoft
2009-06-12 10:46 . 2009-06-12 10:46 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\DNA
2009-06-12 10:46 . 2009-07-05 04:58 -------- d-----w- f:\program files\DNA
2009-06-12 10:46 . 2009-07-05 04:58 -------- d-----w- f:\documents and settings\Phoenix\Application Data\DNA
2009-06-09 09:59 . 2009-06-09 10:00 -------- d-----w- F:\Temp
2009-06-07 17:05 . 2009-06-07 17:05 0 ----a-w- f:\windows\nsreg.dat
2009-06-07 17:05 . 2009-06-07 17:05 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 04:58 . 2009-06-02 16:52 -------- d-----w- f:\program files\lg_fwupdate
2009-07-04 07:36 . 2009-01-25 14:01 -------- d-----w- f:\documents and settings\LocalService\Application Data\SiteAdvisor
2009-06-28 09:30 . 2009-06-28 09:23 -------- dc-h--w- f:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-28 07:41 . 2009-05-23 03:53 -------- d-----w- f:\program files\Google
2009-06-17 02:57 . 2009-01-25 14:01 -------- d-----w- f:\documents and settings\Phoenix\Application Data\SiteAdvisor
2009-06-15 15:20 . 2009-01-25 13:42 -------- d-----w- f:\program files\Yahoo!
2009-06-15 03:57 . 2009-01-30 04:27 18312 ----a-w- f:\documents and settings\Phoenix\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 11:37 . 2009-01-25 13:59 -------- d-----w- f:\program files\McAfee
2009-06-06 10:45 . 2009-06-02 16:53 -------- d-----w- f:\documents and settings\Phoenix\Application Data\CyberLink
2009-06-02 16:53 . 2009-06-02 16:53 -------- d-----w- f:\documents and settings\All Users\Application Data\CyberLink
2009-06-02 16:52 . 2009-01-25 13:47 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-06-02 16:51 . 2009-06-02 16:50 -------- d-----w- f:\program files\CyberLink
2009-06-02 16:50 . 2009-01-25 13:47 -------- d-----w- f:\program files\Common Files\InstallShield
2009-06-02 16:39 . 2009-02-01 11:52 -------- d-----w- f:\documents and settings\Phoenix\Application Data\dvdcss
2009-05-30 11:56 . 2009-01-30 04:27 -------- d-----w- f:\documents and settings\Phoenix\Application Data\Ahead
2009-05-23 01:23 . 2009-05-22 16:24 -------- d-----w- f:\program files\Super Audio Converter
2009-05-23 01:22 . 2009-05-22 13:52 -------- d-----w- f:\program files\Autodesk
2009-05-23 01:19 . 2009-05-22 13:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Autodesk
2009-05-22 14:12 . 2009-05-22 14:11 -------- d-----w- f:\documents and settings\Phoenix\Application Data\Autodesk
2009-05-22 14:01 . 2009-05-22 14:01 10134 ----a-r- f:\documents and settings\Phoenix\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-22 14:01 . 2009-05-22 14:01 -------- d-----w- f:\program files\Microsoft WSE
2009-05-22 13:51 . 2009-05-22 13:51 -------- d-----w- f:\program files\MSBuild
2009-05-22 13:51 . 2009-05-22 13:51 75488 ----a-w- f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-22 13:49 . 2009-05-22 13:49 -------- d-----w- f:\program files\Reference Assemblies
2009-05-21 09:00 . 2009-02-14 04:21 -------- d-----w- f:\program files\Opera
2009-04-07 05:15 . 2009-04-07 05:15 4096 ----a-w- f:\windows\system32\03.tmp
2006-10-11 08:04 . 2009-06-07 17:04 61036 ----a-w- f:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-06-07 17:04 48742 ----a-w- f:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-06-07 17:04 29313 ----a-w- f:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-06-07 17:04 41082 ----a-w- f:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-06-07 17:04 166510 ----a-w- f:\program files\mozilla firefox\components\xpinstal.dll
2004-08-04 12:00 . 2004-08-04 12:00 168096 --sha-r- f:\windows\system32\lpxcm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-04_15.22.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-25 10:36 . 2009-07-05 04:42 32768 f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-25 10:36 . 2009-07-04 13:55 32768 f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-25 10:36 . 2009-07-05 04:42 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-25 10:36 . 2009-07-04 13:55 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-25 10:36 . 2009-07-05 04:42 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-25 10:36 . 2009-07-04 13:55 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA "= "f:\program files\DNA\btdna.exe" [2009-06-12 318272]
"MSMSGS "= "f:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Google Update "= "f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "f:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd "= "f:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers "= "f:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"mcagent_exe "= "f:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SiteAdvisor "= "f:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"McENUI "= "f:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"NeroFilterCheck "= "f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc "= "f:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD "= "f:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"RemoteControl "= "f:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut "= "f:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU "= "f:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"RTHDCPL "= "RTHDCPL.EXE" - f:\windows\RTHDCPL.exe [2008-02-13 16857600]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2006-10-6 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"f:\\Program Files\\DNA\\btdna.exe "=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7236:TCP "= 7236:TCP:bvxei

S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;f:\windows\system32\drivers\dm9usb.sys [5/23/2009 11:09 AM 54272]
S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;f:\windows\system32\drivers\slnt.sys [1/26/2009 3:12 PM 18004]
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1202660629-839522115-1003Core.job
- f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 08:22]

2009-07-04 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1202660629-839522115-1003UA.job
- f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 08:22]

2009-01-25 f:\windows\Tasks\McDefragTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-25 08:02]

2009-01-25 f:\windows\Tasks\McQcTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-25 08:02]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {6DC3FA05-5EC9-40B5-870D-BE9C14909E63} = 172.16.0.45,4.2.2.2
FF - ProfilePath - f:\documents and settings\Phoenix\Application Data\Mozilla\Firefox\Profiles\sr7yhlo2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.type - 2
FF - component: f:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: f:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: f:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: f:\program files\SiteAdvisor\6172\FF\components\FFHook.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 10:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3996)
f:\program files\SiteAdvisor\6172\saHook.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Nero\Nero 7\InCD\InCDsrv.exe
f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
f:\program files\CyberLink\Shared Files\RichVideo.exe
f:\program files\SiteAdvisor\6172\SAService.exe
f:\program files\McAfee\MSC\mcregist.exe
f:\progra~1\McAfee\MSC\mcmscsvc.exe
f:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
f:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
f:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
f:\progra~1\McAfee.com\Agent\mcagent.exe
f:\program files\McAfee\MPF\MpfSrv.exe
f:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-05 10:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-05 05:01
ComboFix2.txt 2009-07-04 15:24

Pre-Run: 47,505,809,408 bytes free
Post-Run: 47,442,575,360 bytes free

220


Here are the Kaspersky Scan Details

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 05, 2009 08:27:25
Records in database: 2428546
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 46790
Threat name: 10
Infected objects: 220
Suspicious objects: 0
Duration of the scan: 00:43:18


File name / Threat name / Threats count
D:\Xilero\XiLeRO!.exe/D:\Xilero\XiLeRO!.exe Infected: Trojan.Win32.Patched.gy 1
D:\Softwares\EngHindiDict.exe Infected: Trojan-Banker.Win32.Banbra.ewa 1
D:\Softwares\PhotoShopCS3Extended\PhotoShopCS3Extended\Adobe Photoshop CS3 Extended Setup.exe Infected: Trojan.Win32.Vapsup.ver 1
D:\Xilero\XiLeRO!.exe Infected: Trojan.Win32.Patched.gy 1
F:\Program Files\Adobe\Adobe Photoshop CS3\AXEDOMCore.dll Infected: Trojan.Win32.Vapsup.ver 1
F:\Qoobox\Quarantine\C\gy.exe.vir Infected: Trojan.Win32.Agent2.sv 1
F:\Qoobox\Quarantine\C\uvsqfgwd.cmd.vir Infected: Trojan-GameThief.Win32.Magania.audk 1
F:\Qoobox\Quarantine\D\gy.exe.vir Infected: Trojan.Win32.Agent2.sv 1
F:\Qoobox\Quarantine\D\uvsqfgwd.cmd.vir Infected: Trojan-GameThief.Win32.Magania.audk 1
F:\Qoobox\Quarantine\E\gy.exe.vir Infected: Trojan.Win32.Agent2.sv 1
F:\Qoobox\Quarantine\E\uvsqfgwd.cmd.vir Infected: Trojan-GameThief.Win32.Magania.audk 1
F:\Qoobox\Quarantine\F\gy.exe.vir Infected: Trojan.Win32.Agent2.sv 1
F:\Qoobox\Quarantine\F\uvsqfgwd.cmd.vir Infected: Trojan-GameThief.Win32.Magania.audk 1
F:\Qoobox\Quarantine\F\WINDOWS\system32\01.tmp.vir Infected: Net-Worm.Win32.Kido.jq 1
F:\Qoobox\Quarantine\F\WINDOWS\system32\nmdfgds0.dll.vir Infected: Trojan-GameThief.Win32.Magania.avuv 1
F:\Qoobox\Quarantine\F\WINDOWS\system32\nmdfgds1.dll.vir Infected: Trojan-GameThief.Win32.Magania.avuv 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027164.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027169.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027209.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027241.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027246.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027251.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027263.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027277.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027310.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027333.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027342.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0027347.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0028347.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0028354.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0028549.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0028557.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0029557.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP10\A0029565.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0030565.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031565.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031575.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031593.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031607.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031609.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031610.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031611.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031621.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031627.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031633.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031638.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031643.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031649.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP12\A0031654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP13\A0031659.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP13\A0032654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP18\A0032880.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP18\A0033655.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP18\A0034654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP18\A0035654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP18\A0036654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP28\A0037216.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP28\A0037654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP28\A0038654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP28\A0039654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP28\A0040654.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP28\A0040660.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0040661.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0040666.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0041666.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0041674.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0042674.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0043674.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0043680.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0043685.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0043690.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0044690.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0044697.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0044704.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0045704.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0045715.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0045722.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0045729.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0046729.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0047729.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0048729.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0048736.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0048743.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0048749.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0048757.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0049757.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0049766.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0049772.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0049777.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0050777.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP29\A0050800.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP30\A0050812.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP30\A0050823.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP30\A0051823.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP30\A0051843.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP30\A0051859.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP30\A0052859.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP30\A0052872.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP30\A0052887.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0052909.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0052920.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0053920.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0053939.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0054939.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0055940.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0056939.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0056953.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0056973.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0056986.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0057004.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0057043.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0057076.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0057087.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0057106.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0057145.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0058145.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0058199.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0058211.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0058232.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0059232.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0059259.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0059271.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0059283.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0059295.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0060295.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP31\A0060307.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0060309.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0061307.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0061337.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0061349.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0061377.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0062377.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0063377.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0063388.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0063401.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0064401.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP32\A0065401.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0066401.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0066433.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0067433.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0068433.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0068450.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0068466.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0069466.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0070466.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0070503.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0070531.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0070547.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0070577.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0070592.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0071592.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0071611.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0072611.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0072619.exe Infected: Trojan-Banker.Win32.Banbra.ewa 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0072637.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0072652.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0072677.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0072698.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0073698.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0074698.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0074713.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0075713.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0075728.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0076728.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0077728.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0077755.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0078755.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0078776.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0079776.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0079794.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0079830.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0079831.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0079832.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0079833.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0080794.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081794.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081810.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081830.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081856.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081880.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081899.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081918.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081939.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0081954.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0082954.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0082998.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0083015.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0083030.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0084030.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0084046.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0084077.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0084094.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP33\A0085094.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP35\A0085178.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP35\A0085189.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085217.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085218.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085219.exe Infected: Trojan.Win32.Obfuscated.acao 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085220.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085221.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085222.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085223.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085224.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP36\A0085225.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP46\A0088862.exe Infected: Trojan.Win32.Agent2.sv 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP46\A0088863.cmd Infected: Trojan-GameThief.Win32.Magania.audk 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP46\A0088864.dll Infected: Trojan-GameThief.Win32.Magania.avuv 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP46\A0088865.dll Infected: Trojan-GameThief.Win32.Magania.avuv 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP46\A0088973.exe Infected: Trojan.Win32.Obfuscated.gen 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0021116.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0021121.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0022121.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0023121.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0023135.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0024135.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0025135.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0026135.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0026140.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0027140.exe Infected: Trojan.Win32.Swizzor.a 1
F:\System Volume Information\_restore{FF0FCF39-225A-47D3-834A-584DDCA8B4D9}\RP9\A0027159.exe Infected: Trojan.Win32.Swizzor.a 1

The selected area was scanned.


Allthough i dint understand wat u mean by new HJT Log?
So if u can just tell me i ma also put that over here.
And thanks again.

 

Thats an error on my part, we can omit that and continue.


What Kaspersky found in Qoobox and system volume restore we can take care of in a bit, it's not a threat at the moment.


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
f:\windows\system32\03.tmp
D:\Xilero
D:\Softwares\EngHindiDict.exe
D:\Softwares\PhotoShopCS3Extended\PhotoShopCS3Extended\Adobe Photoshop CS3 Extended Setup.exe
D:\Xilero\XiLeRO!.exe
F:\Program Files\Adobe\Adobe Photoshop CS3\AXEDOMCore.dll

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.





NEXT**
Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: C:\lopR.txt


In your next reply post:
ComboFix.txt
C:\lopR.txt
new DDS log



How's your computer now?

 

My PC is doing pretty good now has no problems regarding the speed. Also Before i could not have a look at Hidden Folders directly now i can. And I used to explore all the drives to Use them now they can be opened Directly. The sites which i cud not browse this long r now Easily accesible.
I just wanted to ask if "Xilero.exe" Was only to be deleted...... Can i download the Patcher for it again? Will it be harmful Bcoz thats the one reason why i had taken a Computer =)
Any which ways thanks for the help.. and here r the logs

combofix

ComboFix 09-07-05.04 - Phoenix 07/06/2009 22:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1506 [GMT 5.5:30]
Running from: f:\documents and settings\Phoenix\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Phoenix\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"d:\softwares\EngHindiDict.exe "
"d:\softwares\PhotoShopCS3Extended\PhotoShopCS3Extended\Adobe Photoshop CS3 Extended Setup.exe "
"D:\Xilero "
"d:\xilero\XiLeRO!.exe "
"f:\program files\Adobe\Adobe Photoshop CS3\AXEDOMCore.dll "
"f:\windows\system32\03.tmp "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\softwares\EngHindiDict.exe
d:\softwares\PhotoShopCS3Extended\PhotoShopCS3Extended\Adobe Photoshop CS3 Extended Setup.exe
d:\xilero\XiLeRO!.exe
f:\program files\Adobe\Adobe Photoshop CS3\AXEDOMCore.dll
f:\windows\system32\03.tmp

.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-05 10:38 . 2009-07-05 10:38 -------- d-----w- f:\program files\Microsoft Silverlight
2009-07-05 10:37 . 2009-02-06 12:38 55152 ----a-w- f:\windows\system32\drivers\fssfltr_tdi.sys
2009-07-05 10:37 . 2009-07-05 10:37 -------- d-----w- f:\program files\Microsoft Sync Framework
2009-07-05 10:36 . 2009-07-05 10:36 -------- d-----w- f:\program files\Microsoft SQL Server Compact Edition
2009-07-05 10:35 . 2009-07-05 10:38 -------- d-----w- f:\program files\Microsoft
2009-07-05 10:34 . 2009-07-05 10:34 -------- d-----w- f:\program files\Windows Live SkyDrive
2009-07-05 09:25 . 2009-07-05 09:25 -------- d-----w- f:\program files\Common Files\Windows Live
2009-07-05 05:50 . 2009-07-05 05:50 -------- d-----w- f:\windows\Sun
2009-07-05 05:49 . 2009-07-05 05:49 410984 ----a-w- f:\windows\system32\deploytk.dll
2009-07-05 05:49 . 2009-07-05 05:49 -------- d-----w- f:\program files\Java
2009-07-05 05:48 . 2009-07-05 05:48 152576 ----a-w- f:\documents and settings\Phoenix\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-04 10:28 . 2004-08-03 19:26 159232 ----a-w- f:\windows\system32\ptpusd.dll
2009-07-04 10:28 . 2001-08-17 17:06 5632 ----a-w- f:\windows\system32\ptpusb.dll
2009-07-04 10:28 . 2004-08-03 17:28 15104 -c--a-w- f:\windows\system32\dllcache\usbscan.sys
2009-07-04 10:28 . 2004-08-03 17:28 15104 ----a-w- f:\windows\system32\drivers\usbscan.sys
2009-06-28 15:54 . 2009-07-06 17:06 -------- d-----w- f:\documents and settings\Phoenix\Application Data\vlc
2009-06-28 10:06 . 2004-08-04 12:00 25600 ----a-w- f:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-28 10:05 . 2009-07-05 10:37 -------- d-----w- f:\program files\Windows Live
2009-06-28 10:04 . 2009-06-28 10:04 -------- d-----w- f:\program files\Windows Media Connect 2
2009-06-28 10:02 . 2009-06-28 10:04 -------- d-----w- F:\7930e1e3eea0ba41db38
2009-06-28 10:01 . 2009-06-28 10:02 -------- d-----w- f:\windows\system32\drivers\UMDF
2009-06-28 10:01 . 2009-06-28 10:01 -------- d-----w- f:\windows\system32\LogFiles
2009-06-25 05:38 . 2009-06-25 05:38 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\PCHealth
2009-06-25 05:37 . 2009-06-25 05:37 -------- dcsh--w- f:\program files\Common Files\WindowsLiveInstaller
2009-06-25 05:36 . 2009-06-25 05:36 -------- d-----w- f:\documents and settings\All Users\Application Data\WLInstaller
2009-06-25 05:34 . 2009-06-25 05:34 -------- d-----w- f:\documents and settings\Phoenix\Application Data\MSNInstaller
2009-06-25 05:33 . 2005-05-04 09:15 884736 -c--a-w- f:\windows\system32\dllcache\msimsg.dll
2009-06-25 05:33 . 2005-05-04 09:15 884736 ----a-w- f:\windows\system32\msimsg.dll
2009-06-25 05:33 . 2005-05-04 09:15 78848 -c--a-w- f:\windows\system32\dllcache\msiexec.exe
2009-06-25 05:33 . 2005-05-04 09:15 78848 ----a-w- f:\windows\system32\msiexec.exe
2009-06-25 05:33 . 2005-05-04 09:15 271360 -c--a-w- f:\windows\system32\dllcache\msihnd.dll
2009-06-25 05:33 . 2005-05-04 09:15 271360 ----a-w- f:\windows\system32\msihnd.dll
2009-06-25 05:33 . 2005-05-04 09:15 15360 -c--a-w- f:\windows\system32\dllcache\msisip.dll
2009-06-25 05:33 . 2005-05-04 09:15 15360 ----a-w- f:\windows\system32\msisip.dll
2009-06-25 05:33 . 2005-05-04 09:15 2890240 -c--a-w- f:\windows\system32\dllcache\msi.dll
2009-06-25 05:33 . 2005-05-04 09:15 2890240 ----a-w- f:\windows\system32\msi.dll
2009-06-15 15:19 . 2009-06-15 15:19 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\Yahoo
2009-06-15 15:18 . 2009-06-15 15:18 -------- d-----w- f:\documents and settings\All Users\Application Data\Yahoo!
2009-06-15 08:56 . 2009-06-15 09:07 16742799 ----a-w- f:\documents and settings\All Users\Application Data\vlc-0.9.9-win32.exe
2009-06-14 16:40 . 2001-04-05 05:13 77824 ----a-w- f:\windows\system32\msbind.dll
2009-06-14 16:40 . 1998-06-17 18:30 299008 ----a-w- f:\windows\system32\MSDBRPTR.DLL
2009-06-14 16:40 . 1998-06-08 18:30 137216 ----a-w- f:\windows\system32\MSDERUN.DLL
2009-06-14 16:40 . 2009-06-14 16:40 -------- d-----w- f:\program files\PublicSoft
2009-06-12 10:46 . 2009-06-12 10:46 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\DNA
2009-06-12 10:46 . 2009-07-06 17:14 -------- d-----w- f:\documents and settings\Phoenix\Application Data\DNA
2009-06-12 10:46 . 2009-07-06 12:34 -------- d-----w- f:\program files\DNA
2009-06-09 09:59 . 2009-06-09 10:00 -------- d-----w- F:\Temp
2009-06-07 17:05 . 2009-06-07 17:05 0 ----a-w- f:\windows\nsreg.dat
2009-06-07 17:05 . 2009-06-07 17:05 -------- d-----w- f:\documents and settings\Phoenix\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 12:34 . 2009-06-02 16:52 -------- d-----w- f:\program files\lg_fwupdate
2009-07-05 13:51 . 2009-01-25 13:59 -------- d-----w- f:\program files\McAfee
2009-07-05 11:02 . 2009-01-25 14:01 -------- d-----w- f:\documents and settings\Phoenix\Application Data\SiteAdvisor
2009-07-05 10:55 . 2009-01-30 04:27 18896 ----a-w- f:\documents and settings\Phoenix\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 09:20 . 2009-01-25 14:01 -------- d-----w- f:\program files\SiteAdvisor
2009-07-04 07:36 . 2009-01-25 14:01 -------- d-----w- f:\documents and settings\LocalService\Application Data\SiteAdvisor
2009-06-28 09:30 . 2009-06-28 09:23 -------- dc-h--w- f:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-28 07:41 . 2009-05-23 03:53 -------- d-----w- f:\program files\Google
2009-06-15 15:20 . 2009-01-25 13:42 -------- d-----w- f:\program files\Yahoo!
2009-06-06 10:45 . 2009-06-02 16:53 -------- d-----w- f:\documents and settings\Phoenix\Application Data\CyberLink
2009-06-02 16:53 . 2009-06-02 16:53 -------- d-----w- f:\documents and settings\All Users\Application Data\CyberLink
2009-06-02 16:52 . 2009-01-25 13:47 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-06-02 16:51 . 2009-06-02 16:50 -------- d-----w- f:\program files\CyberLink
2009-06-02 16:50 . 2009-01-25 13:47 -------- d-----w- f:\program files\Common Files\InstallShield
2009-06-02 16:39 . 2009-02-01 11:52 -------- d-----w- f:\documents and settings\Phoenix\Application Data\dvdcss
2009-05-30 11:56 . 2009-01-30 04:27 -------- d-----w- f:\documents and settings\Phoenix\Application Data\Ahead
2009-05-23 01:23 . 2009-05-22 16:24 -------- d-----w- f:\program files\Super Audio Converter
2009-05-23 01:22 . 2009-05-22 13:52 -------- d-----w- f:\program files\Autodesk
2009-05-23 01:19 . 2009-05-22 13:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Autodesk
2009-05-22 14:12 . 2009-05-22 14:11 -------- d-----w- f:\documents and settings\Phoenix\Application Data\Autodesk
2009-05-22 14:01 . 2009-05-22 14:01 10134 ----a-r- f:\documents and settings\Phoenix\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-22 14:01 . 2009-05-22 14:01 -------- d-----w- f:\program files\Microsoft WSE
2009-05-22 13:51 . 2009-05-22 13:51 -------- d-----w- f:\program files\MSBuild
2009-05-22 13:51 . 2009-05-22 13:51 75488 ----a-w- f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-22 13:49 . 2009-05-22 13:49 -------- d-----w- f:\program files\Reference Assemblies
2009-05-21 09:00 . 2009-02-14 04:21 -------- d-----w- f:\program files\Opera
2006-10-11 08:04 . 2009-06-07 17:04 61036 ----a-w- f:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-06-07 17:04 48742 ----a-w- f:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-06-07 17:04 29313 ----a-w- f:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-06-07 17:04 41082 ----a-w- f:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-06-07 17:04 166510 ----a-w- f:\program files\mozilla firefox\components\xpinstal.dll
2004-08-04 12:00 . 2004-08-04 12:00 168096 --sha-r- f:\windows\system32\lpxcm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-04_15.22.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-06 12:34 . 2009-07-06 12:34 16384 f:\windows\temp\Perflib_Perfdata_3dc.dat
+ 2009-06-28 10:05 . 2007-11-30 12:39 17272 f:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-07-05 11:07 68112 f:\windows\system32\perfc009.dat
+ 2009-07-05 10:37 . 2009-02-06 12:38 55152 f:\windows\system32\DRVSTORE\fssfltr_A1BAE7BA557F7F8ABCBF040E8C71D6B14223DCB0\fssfltr_tdi.sys
- 2009-01-25 10:36 . 2009-07-04 13:55 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-25 10:36 . 2009-07-06 16:59 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-25 10:36 . 2009-07-06 16:59 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-25 10:36 . 2009-07-04 13:55 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-05 10:54 . 2009-07-05 10:54 98816 f:\windows\Installer\607a9e.msi
+ 2009-07-05 10:38 . 2009-07-05 10:38 51712 f:\windows\Installer\51f652.msi
+ 2009-07-05 10:35 . 2009-07-05 10:35 25088 f:\windows\Installer\51f5f0.msi
+ 2009-07-05 10:35 . 2009-07-05 10:35 28160 f:\windows\Installer\51f5e2.msi
+ 2009-07-05 10:34 . 2009-07-05 10:34 23040 f:\windows\Installer\51f5ca.msi
+ 2009-07-05 10:34 . 2009-07-05 10:34 83456 f:\windows\Installer\51f5c2.msi
+ 2009-07-05 10:34 . 2009-07-05 10:34 59904 f:\windows\Installer\51f5ba.msi
+ 2009-07-05 10:35 . 2009-07-05 10:35 58945 f:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
+ 2009-07-05 11:28 . 2009-07-05 11:28 49152 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\1a69f2433c9d15d5ed86091964aa5184\WindowsLiveWriter.ni.exe
+ 2009-02-06 13:33 . 2009-02-06 13:33 307576 f:\windows\WLXPGSS.SCR
+ 2005-09-22 17:18 . 2005-09-22 17:18 626688 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-22 17:18 . 2005-09-22 17:18 548864 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 17:18 . 2005-09-22 17:18 479232 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2007-12-03 21:26 . 2007-12-03 21:26 635904 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll
+ 2007-12-03 21:26 . 2007-12-03 21:26 558080 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll
+ 2007-12-03 13:28 . 2007-12-03 13:28 479232 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcm80.dll
+ 2006-10-24 06:59 . 2008-07-11 08:55 347648 f:\windows\system32\windowscodecsext.dll
+ 2006-10-24 07:00 . 2008-07-11 08:55 712704 f:\windows\system32\windowscodecs.dll
+ 2004-08-04 12:00 . 2009-07-05 11:07 433518 f:\windows\system32\perfh009.dat
+ 2009-07-05 05:49 . 2009-07-05 05:49 148888 f:\windows\system32\javaws.exe
+ 2009-07-05 05:49 . 2009-07-05 05:49 144792 f:\windows\system32\javaw.exe
+ 2009-07-05 05:49 . 2009-07-05 05:49 144792 f:\windows\system32\java.exe
+ 2009-01-25 15:11 . 2009-07-05 11:02 118952 f:\windows\system32\FNTCACHE.DAT
+ 2009-07-05 10:55 . 2009-07-05 10:55 727040 f:\windows\Installer\607ac4.msi
+ 2009-07-05 10:55 . 2009-07-05 10:55 483328 f:\windows\Installer\607ab3.msi
+ 2009-07-05 10:38 . 2009-07-05 10:38 549888 f:\windows\Installer\51f64a.msi
+ 2009-07-05 10:37 . 2009-07-05 10:37 968704 f:\windows\Installer\51f641.msi
+ 2009-07-05 10:37 . 2009-07-05 10:37 570368 f:\windows\Installer\51f639.msi
+ 2009-07-05 10:37 . 2009-07-05 10:37 183296 f:\windows\Installer\51f631.msi
+ 2009-07-05 10:36 . 2009-07-05 10:36 781824 f:\windows\Installer\51f610.msi
+ 2009-07-05 10:36 . 2009-07-05 10:36 464896 f:\windows\Installer\51f608.msi
+ 2009-07-05 10:36 . 2009-07-05 10:36 891904 f:\windows\Installer\51f600.msi
+ 2009-07-05 10:35 . 2009-07-05 10:35 736768 f:\windows\Installer\51f5f8.msi
+ 2009-07-05 10:35 . 2009-07-05 10:35 140288 f:\windows\Installer\51f5da.msi
+ 2009-07-05 10:34 . 2009-07-05 10:34 202752 f:\windows\Installer\51f5d2.msi
+ 2009-07-05 10:34 . 2009-07-05 10:34 107008 f:\windows\Installer\51f5b2.msi
+ 2009-07-05 10:34 . 2009-07-05 10:34 301056 f:\windows\Installer\51f5aa.msi
+ 2009-07-05 05:49 . 2009-07-05 05:49 536576 f:\windows\Installer\1abc7f.msi
+ 2009-07-05 10:36 . 2009-07-05 10:36 132096 f:\windows\Installer\{3C52E7DA-C431-4239-B66B-1BF703D5B194}\WLXPhotoGalleryIcon.exe
+ 2009-07-05 11:28 . 2009-07-05 11:28 634880 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\542de0d1b6e269c35169bb0ebe60158e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 139264 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7763f69f454e8d98998951f805eed06\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 348160 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e606ee5c083456b61f01863dca1a33ed\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 131072 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e2ba25e018ed3ecdac82978053eae744\WindowsLive.Writer.Passport.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 163840 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df877561c9bfcef447d163451d1e9faf\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 376832 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d5a8a22065837bde5abaddca1bd1210e\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 335872 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c25e8c74456a5b7340589a5457c22e35\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 200704 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b3217fa87ed1f8e3d8c5da5971eb51ed\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 335872 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\acc3759bf6558b7b3f1f07960b9db27d\WindowsLive.Writer.Interop.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 143360 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a82a16758b71291ebf35c64216f1546b\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 475136 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8af8a8ba37744d09a028566829f9e964\WindowsLive.Writer.Localization.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 282624 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70714e6d0c656df3792d9c44c214adaf\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 176128 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43bc7d79650bc43f9a143dfeeebf4549\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 114688 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f11652952fd2f51b7506879343f7289\WindowsLive.Writer.Api.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 921600 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b2a6aa0a2758d21b155fea5a498d9c3\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 634880 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\30e26e6fc391e51fcf4ad24d0097aebb\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 868352 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\21bf88d832fad106823d5e3fb7715cdb\WindowsLive.Writer.Controls.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 163840 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\0024607ccdb9930d0e82f4289d386489\WindowsLive.Client.ni.dll
+ 2009-07-05 10:36 . 2009-07-05 10:36 236392 f:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2008-10-04 22:42 . 2008-10-04 22:42 4784128 f:\windows\Installer\51f65b.msp
+ 2009-07-05 11:28 . 2009-07-05 11:28 2080768 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a39ca3f05b95dfca526e39353ba86c48\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 1155072 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\25879a16bea29a61420a05639017bd3e\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-07-05 11:28 . 2009-07-05 11:28 6492160 f:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d92e2974417f7e8a81827e43479f0dd\WindowsLive.Writer.PostEditor.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA "= "f:\program files\DNA\btdna.exe" [2009-06-12 318272]
"MSMSGS "= "f:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Google Update "= "f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "f:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd "= "f:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers "= "f:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"mcagent_exe "= "f:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SiteAdvisor "= "f:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"McENUI "= "f:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"NeroFilterCheck "= "f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc "= "f:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD "= "f:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"RemoteControl "= "f:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut "= "f:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU "= "f:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"SunJavaUpdateSched "= "f:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888]
"fssui "= "f:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"RTHDCPL "= "RTHDCPL.EXE" - f:\windows\RTHDCPL.exe [2008-02-13 16857600]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2006-10-6 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"f:\\Program Files\\DNA\\btdna.exe "=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7236:TCP "= 7236:TCP:bvxei

R2 fssfltr;FssFltr;f:\windows\system32\drivers\fssfltr_tdi.sys [7/5/2009 4:07 PM 55152]
R2 fsssvc;Windows Live Family Safety;f:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;f:\windows\system32\drivers\dm9usb.sys [5/23/2009 11:09 AM 54272]
S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;f:\windows\system32\drivers\slnt.sys [1/26/2009 3:12 PM 18004]
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1202660629-839522115-1003Core.job
- f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 08:22]

2009-07-06 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1202660629-839522115-1003UA.job
- f:\documents and settings\Phoenix\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 08:22]

2009-01-25 f:\windows\Tasks\McDefragTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-25 08:02]

2009-01-25 f:\windows\Tasks\McQcTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-25 08:02]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {6DC3FA05-5EC9-40B5-870D-BE9C14909E63} = 172.16.0.45,4.2.2.2
FF - ProfilePath - f:\documents and settings\Phoenix\Application Data\Mozilla\Firefox\Profiles\sr7yhlo2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.type - 2
FF - component: f:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: f:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: f:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: f:\program files\SiteAdvisor\6172\FF\components\FFHook.dll
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 22:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-06 22:54
ComboFix-quarantined-files.txt 2009-07-06 17:24
ComboFix2.txt 2009-07-05 05:01
ComboFix3.txt 2009-07-04 15:24

Pre-Run: 46,733,053,952 bytes free
Post-Run: 46,692,478,976 bytes free

279


LopR


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Phoenix ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Activated)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:33 Go)
E:\ (Local Disk) - NTFS - Total:39 Go (Free:17 Go)
F:\ (Local Disk) - NTFS - Total:51 Go (Free:43 Go)
G:\ (CD or DVD)
I:\ (USB) - FAT - Total:467 Mo (Free:0 Go)
J:\ (USB) - FAT - Total:15 Mo (Free:0 Go)

"F:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 07/06/2009|23:05 )

--------------------\\ Listing folders in APPLIC~1

[06/28/2009|03:00] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[01/26/2009|07:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[05/23/2009|06:49] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Autodesk
[06/02/2009|10:23] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[01/25/2009|07:32] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[01/30/2009|02:46] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/26/2009|07:10] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[01/25/2009|07:31] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[06/28/2009|03:18] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[06/25/2009|11:06] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[06/15/2009|08:48] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[01/25/2009|03:56] F:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/25/2009|03:56] F:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[07/04/2009|01:06] F:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SiteAdvisor

[01/25/2009|03:56] F:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[02/01/2009|11:03] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> {0ad60112-2f78-45b6-ae98-2d47cf197898}
[01/31/2009|01:42] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Adobe
[05/30/2009|05:26] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Ahead
[05/22/2009|07:42] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Autodesk
[06/06/2009|04:15] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> CyberLink
[07/06/2009|11:04] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> DNA
[06/02/2009|10:09] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> dvdcss
[01/25/2009|04:08] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Identities
[02/14/2009|09:52] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Macromedia
[01/30/2009|03:06] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Media Player Classic
[07/05/2009|10:02] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Microsoft
[06/07/2009|10:35] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Mozilla
[06/25/2009|11:04] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> MSNInstaller
[02/14/2009|09:52] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Opera
[07/05/2009|04:32] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> SiteAdvisor
[07/05/2009|10:43] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> Sun
[07/06/2009|10:36] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> vlc
[01/25/2009|07:28] F:\DOCUME~1\Phoenix\APPLIC~1\<DIR> WinRAR

--------------------\\ Scheduled Tasks located in F:\WINDOWS\Tasks

[07/06/2009 10:24 PM][--a------] F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1202660629-839522115-1003UA.job
[07/06/2009 06:24 PM][--a------] F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1202660629-839522115-1003Core.job
[01/25/2009 07:29 PM][--a------] F:\WINDOWS\tasks\McDefragTask.job
[01/25/2009 07:29 PM][--a------] F:\WINDOWS\tasks\McQcTask.job
[07/06/2009 10:54 PM][--ah-----] F:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:30 PM][-r-h-----] F:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in F:\Program Files

[01/30/2009|02:32] F:\Program Files\<DIR> Adobe
[05/23/2009|06:52] F:\Program Files\<DIR> Autodesk
[07/06/2009|10:52] F:\Program Files\<DIR> Common Files
[01/25/2009|03:53] F:\Program Files\<DIR> ComPlus Applications
[06/02/2009|10:21] F:\Program Files\<DIR> CyberLink
[07/06/2009|06:04] F:\Program Files\<DIR> DNA
[06/28/2009|01:11] F:\Program Files\<DIR> Google
[06/02/2009|10:22] F:\Program Files\<DIR> InstallShield Installation Information
[01/25/2009|07:12] F:\Program Files\<DIR> Intel
[05/22/2009|07:14] F:\Program Files\<DIR> Internet Explorer
[07/05/2009|11:19] F:\Program Files\<DIR> Java
[01/31/2009|12:02] F:\Program Files\<DIR> K-Lite Codec Pack
[07/06/2009|06:04] F:\Program Files\<DIR> lg_fwupdate
[07/05/2009|07:21] F:\Program Files\<DIR> McAfee
[01/25/2009|07:29] F:\Program Files\<DIR> McAfee.com
[01/25/2009|03:53] F:\Program Files\<DIR> Messenger
[07/05/2009|04:08] F:\Program Files\<DIR> Microsoft
[01/30/2009|02:19] F:\Program Files\<DIR> Microsoft ActiveSync
[01/25/2009|03:57] F:\Program Files\<DIR> microsoft frontpage
[01/30/2009|02:18] F:\Program Files\<DIR> Microsoft Office
[07/05/2009|04:08] F:\Program Files\<DIR> Microsoft Silverlight
[07/05/2009|04:06] F:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[07/05/2009|04:07] F:\Program Files\<DIR> Microsoft Sync Framework
[05/22/2009|07:31] F:\Program Files\<DIR> Microsoft WSE
[01/25/2009|03:54] F:\Program Files\<DIR> Movie Maker
[07/05/2009|09:38] F:\Program Files\<DIR> Mozilla Firefox
[05/22/2009|07:21] F:\Program Files\<DIR> MSBuild
[01/25/2009|03:53] F:\Program Files\<DIR> MSN Gaming Zone
[01/26/2009|07:10] F:\Program Files\<DIR> Nero
[01/25/2009|03:55] F:\Program Files\<DIR> NetMeeting
[01/25/2009|03:53] F:\Program Files\<DIR> Online Services
[05/21/2009|02:30] F:\Program Files\<DIR> Opera
[01/25/2009|03:54] F:\Program Files\<DIR> Outlook Express
[06/14/2009|10:10] F:\Program Files\<DIR> PublicSoft
[01/30/2009|02:47] F:\Program Files\<DIR> Real
[01/25/2009|07:17] F:\Program Files\<DIR> Realtek
[05/22/2009|07:19] F:\Program Files\<DIR> Reference Assemblies
[07/05/2009|02:50] F:\Program Files\<DIR> SiteAdvisor
[05/03/2009|01:17] F:\Program Files\<DIR> Spice Handset Manager
[05/23/2009|06:53] F:\Program Files\<DIR> Super Audio Converter
[01/25/2009|04:08] F:\Program Files\<DIR> Uninstall Information
[01/27/2009|12:35] F:\Program Files\<DIR> VideoLAN
[07/05/2009|04:07] F:\Program Files\<DIR> Windows Live
[07/05/2009|04:04] F:\Program Files\<DIR> Windows Live SkyDrive
[06/28/2009|03:34] F:\Program Files\<DIR> Windows Media Connect 2
[06/28/2009|03:34] F:\Program Files\<DIR> Windows Media Player
[01/25/2009|03:52] F:\Program Files\<DIR> Windows NT
[01/25/2009|03:55] F:\Program Files\<DIR> WindowsUpdate
[01/25/2009|07:28] F:\Program Files\<DIR> WinRAR
[01/25/2009|03:57] F:\Program Files\<DIR> xerox
[06/15/2009|08:50] F:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in F:\Program Files\Common Files

[01/30/2009|02:33] F:\Program Files\Common Files\<DIR> Adobe
[01/26/2009|07:27] F:\Program Files\Common Files\<DIR> Ahead
[01/30/2009|02:18] F:\Program Files\Common Files\<DIR> Designer
[06/02/2009|10:20] F:\Program Files\Common Files\<DIR> InstallShield
[01/25/2009|07:30] F:\Program Files\Common Files\<DIR> McAfee
[07/05/2009|04:05] F:\Program Files\Common Files\<DIR> Microsoft Shared
[01/25/2009|03:54] F:\Program Files\Common Files\<DIR> MSSoap
[01/25/2009|08:43] F:\Program Files\Common Files\<DIR> ODBC
[01/25/2009|03:55] F:\Program Files\Common Files\<DIR> Services
[01/25/2009|08:42] F:\Program Files\Common Files\<DIR> SpeechEngines
[01/30/2009|02:18] F:\Program Files\Common Files\<DIR> System
[07/05/2009|02:55] F:\Program Files\Common Files\<DIR> Windows Live
[06/25/2009|11:07] F:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 44 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 23:05:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:2][D:0]-> F:\DOCUME~1\Phoenix\LOCALS~1\Temp
[F:35][D:0]-> F:\DOCUME~1\Phoenix\Cookies
[F:2][D:0]-> F:\DOCUME~1\Phoenix\LOCALS~1\TEMPOR~1\content.IE5

1 - "F:\Lop SD\LopR_1.txt" - Mon 07/06/2009|23:06 - Option : [1]

--------------------\\ Scan completed at 23:06:52

 

Is my PC done with?
O.O

 

Good deal

You can download it again if it was from a legitimate source.

We can do final clean up now.


Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Go to Start > Run > copy and paste the full text path in the run box

"%userprofile%\desktop\combofix.exe" /u




Lop S&D <--delete
C:\lopR.txt <--delete




Download OTC by Old Timer to your desktop
* Double-click OTC.exe to run it
* Click Yes to begin the Cleanup process and remove these components, including this application
* You will be asked to reboot the machine to finish the Cleanup process. Choose Yes

Now delete any logs that you have left over on your desktop




Your good to go, good job!

Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware-
Please note that these products can also be run as free without a licience as a scan on demand scanner.

Please read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

Everything done.
Thanks a lot for your help.
I would appreciate the way u gave me every detail of how can i counter it and always be very thankful to u for the same.
And ya will also be following the guidelines you mentioned at the end to keep my PC protected and not let the virus to affect my PC again.
Thanks a lot again and my warm regards to you.

 

Your welcome, Glad we could help.