Notepad Files as Stated in Request

Newfie Dave · January 21, 2009

Ok,

As requested. I am still having problems and here are the note pad C & P.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:31:44 PM, on 1/21/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.tropicalglen.com

O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing)

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg

--

End of file - 9301 bytes

AND

Avira AntiVir Personal

Report file date: Wednesday, January 21, 2009 12:23

Scanning for 1244138 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: HOME

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 12:51:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 12:26:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 17:14:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 12:28:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:00:36

ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 15:51:02

ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 1/20/2009 15:51:06

ANTIVIR3.VDF : 7.1.1.159 140288 Bytes 1/21/2009 15:51:09

Engineversion : 8.2.0.57

AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 14:35:56

AESCRIPT.DLL : 8.1.1.26 340347 Bytes 1/21/2009 15:51:26

AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 19:36:41

AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 18:28:38

AEPACK.DLL : 8.1.3.5 393588 Bytes 1/21/2009 15:51:24

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/21/2009 15:51:21

AEHEUR.DLL : 8.1.0.84 1540471 Bytes 1/21/2009 15:51:19

AEHELP.DLL : 8.1.2.0 119159 Bytes 1/21/2009 15:51:14

AEGEN.DLL : 8.1.1.10 323957 Bytes 1/21/2009 15:51:13

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 14:35:56

AECORE.DLL : 8.1.5.2 172405 Bytes 1/21/2009 15:51:11

AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 14:35:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 13:10:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 13:58:01

AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 16:32:15

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 15:56:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 12:59:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 16:57:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 21:58:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 17:19:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 16:35:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 18:18:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 18:04:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Wednesday, January 21, 2009 12:23

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'devldr32.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

26 processes with 26 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '64' files ).

Starting the file scan:

Begin scan in 'C:\' <Local Disk>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\BeInSync Settings\Temp\jeepersdx2_1_2_020.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was deleted!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was deleted!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.htm

[DETECTION] Contains recognition pattern of the EXP/HTML.Mht.2.1 exploit

[NOTE] The file was moved to '49a748a1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848a2.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP10.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848a4.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP11.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848a6.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848a8.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP13.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848ac.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP14.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848ad.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP15.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848af.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP16.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848b0.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP17.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848b5.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP18.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848ba.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP19.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848bd.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948c0.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP20.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948c1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP21.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948c4.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP22.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948c8.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP23.exe

[DETECTION] Contains recognition pattern of the WORM/Krepper.C worm

[NOTE] The file was moved to '49a948cf.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP28.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948d1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP29.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948d6.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP3.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49aa48d8.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP30.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49aa48dc.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP31.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49aa48df.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP4.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49ab48e1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49ac48e6.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49ad48e9.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP7.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49ae48ec.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP8.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49af48ef.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP9.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49b048f1.qua'!

C:\Documents and Settings\Karen\Desktop\Dads Pics\setupxv.exe

[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper

[NOTE] The file was moved to '49eb4ac3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\at128megav1[1].1a.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

--> jeepersdx2_1_2_020.zip

[1] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a84ae9.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\beavis_v08.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49d84ada.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\chatternut_9.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49d84add.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\jeepersdx2_1_2_020.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4ade.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo[1].xs.atmega.fix.bev.zip

[0] Archive type: ZIP

--> Juggalo_X's atmega fix (15.08.04)/6000 receiver fix/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

--> Juggalo_X's atmega fix (15.08.04)/All other receivers fix/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49de4af0.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo[1].xs.atmega.fix.v2.2.zip

[0] Archive type: ZIP

--> Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.BEV/Juggalo_X's atmega fix (15.08.04)/6000 receiver fix/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

--> Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.BEV/Juggalo_X's atmega fix (15.08.04)/All other receivers fix/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49de4af1.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo_xs[1].atmega.fix.zip

[0] Archive type: ZIP

--> Juggalo_X's atmega fix (15.08.04)/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '485a4072.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\angelvision v1[1].0.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49de4af3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4acc.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ace.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\AtMega -Anti- Freeze@100kb\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483958ef.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\BEV ATMEGA FIX FOR JEEPERS\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4aef.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\BEV-Atmega-128-Tiers-Fix-And-Keys-Of-2007-04-12\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad0.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\freeway2.0 S1\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad1.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48367662.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad2.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483958f3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483a5314.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48370f04.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad4.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48370f05.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad6.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad5.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483b6f06.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\OriginalJuniorRoba\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483958f7.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\SatJammin BV V5.1\SatJammin BV V5.1.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4af4.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\OriginalJuniorRoba\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4adf.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Bins\BEV Stuff\Jeepers\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ae3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Bins\BEV Stuff\Jeepers\jeepersdx2_1_2_020.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b04.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\Atmega N2.rar

[0] Archive type: RAR

--> Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49e44b1e.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\jan 3 amega card fix.zip

[0] Archive type: ZIP

--> Jan 3 Amega card fix/jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49e54b0c.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b10.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\ATMEGA PROGRAM JUNE 06\CrackedAtmegaPrivateFix\cracked_atmega_load___home_private_fix_v1.rar

[0] Archive type: RAR

--> AtmegaCrack.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '49d84b21.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\ATMEGA PROGRAM JUNE 06\Cracked_Atmega_Load___Home_Private_Fix_v1\AtmegaCrack.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '49e44b25.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV MOD\BEV N2\satvia no rsa all-in-1.zip

[0] Archive type: ZIP

--> SatVia No RSA ALL-IN-1/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b14.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV MOD\BEV N2\SatVia No RSA ALL-IN-1\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4af9.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV N2 ATMEGA SATVIA V5\SatVia ALL-IN-ONE V5\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483a533a.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b1b.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\Atmega N2.rar

[0] Archive type: RAR

--> Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49e44b2b.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\atmega n2.zip

[0] Archive type: ZIP

--> Atmega N2/Atmega N2.rar

[1] Archive type: RAR

--> Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

--> Atmega N2/jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '486252ec.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b1d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\attachment

[0] Archive type: ZIP

--> jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b2e.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b00.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\satvia no rsa all-in-1c.zip

[0] Archive type: ZIP

--> SatVia No RSA ALL-IN-1c/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b1d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\Atmega N2.rar

[0] Archive type: RAR

--> Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49e44b30.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b22.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\Jan 3 Amega card fix\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b23.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\misterfery hits back\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b24.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\SatVia No RSA ALL-IN-1\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b04.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\SatVia No RSA ALL-IN-1a\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b05.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b08.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b0e.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\April16-DN\JEEPERS.EXE

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '4839592f.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\atmega\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b10.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 2.0.2 DN Mega128\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48395931.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 2.0.3 DN Mega128 PFG\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b11.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 229 DN May29\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48395932.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b13.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483677a4.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b14.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c08cd.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b15.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482924fe.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b17.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b16.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482924ff.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482d04f0.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b19.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\NEW VIP ATMEGA AUTOROLL\SatMan_s_147kb_Redux_Including_6000_and_full_AutoRoll_now_with_Dynamic_time

_Zones.rar

[0] Archive type: RAR

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b34.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\NEW VIP ATMEGA AUTOROLL\3m ver2.3\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c08c2.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\OriginalJuniorRoba\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b1a.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\SatJammin_DN_V7.1C_For_WCU_support\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b1f.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\SatMan's 3m 5.6m @ 98KB's 100+kb Reduction B\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b20.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish phoenix 2.1.4 for jeepers by sathaks\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b2b.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\No Rsa For Dummies\SatVia ALL-IN-ONE V5\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b2d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\ROM 102\ROM 102\WINEXPLORER 5.0\WinExplorer.exe

[DETECTION] Is the TR/Agent.1249280.C Trojan

[NOTE] The file was moved to '49e54b6d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\ROM 102\ZIP FILES ROM102\winexplorer5.zip

[0] Archive type: ZIP

--> WinExplorer.exe

[DETECTION] Is the TR/Agent.1249280.C Trojan

[NOTE] The file was moved to '49e54b7d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\SatJammin BV V5.1\SatJammin BV V5.1.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b76.qua'!

C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\VD4KULMJ\setupxv[1].exe

[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper

[NOTE] The file was moved to '49eb50d7.qua'!

C:\Documents and Settings\Karen\My Documents\My Received Files\MsgPlus.exe

[0] Archive type: RSRC

--> Object

[1] Archive type: ZIP

--> 70000011.exe

[DETECTION] Is the TR/Dldr.Swizzor.G.2 Trojan

[NOTE] The file was moved to '49de51aa.qua'!

C:\Program Files\Norton AntiVirus\Quarantine\48A8584C

[0] Archive type: HIDDEN

--> FIL\\\?\C:\Program Files\Norton AntiVirus\Quarantine\48A8584C

[DETECTION] Contains recognition pattern of the DIAL/302102 dialer

[NOTE] The file was moved to '49b8576a.qua'!

C:\Program Files\TClock\tclock.exe

[DETECTION] Is the TR/Tclock.A.3 Trojan

[NOTE] The file was moved to '49e357d1.qua'!

C:\Program Files\TClock\tclock_install.exe

[0] Archive type: NSIS

--> [unknownDir]/tclock.exe

[DETECTION] Is the TR/Tclock.A.3 Trojan

[DETECTION] Is the TR/Tclock.A.1 Trojan

[NOTE] The file was moved to '49e357d2.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002235.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7584f.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002236.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75850.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002237.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45e9.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002238.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75852.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002239.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75851.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002240.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45eb.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002241.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75854.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002242.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75853.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002243.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45ed.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002244.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75856.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002245.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75855.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002246.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45ef.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002247.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75857.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002248.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45e0.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002249.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75858.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002250.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75859.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002251.exe

[DETECTION] Contains recognition pattern of the WORM/Krepper.C worm

[NOTE] The file was moved to '49a7585a.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002252.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45e3.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002253.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585b.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002254.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585c.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002255.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585d.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002256.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45e6.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002257.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585e.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002258.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585f.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002259.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45d8.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002260.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75860.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002261.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75861.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002262.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75862.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002263.exe

[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper

[NOTE] The file was moved to '482c45db.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002264.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75863.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002265.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75865.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002266.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45de.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002267.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75866.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002268.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75867.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002269.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d0.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002270.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75869.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002271.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75868.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002272.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d1.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002273.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586a.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002274.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d2.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002275.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586b.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002276.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d4.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002277.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586d.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002278.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d3.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002279.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586c.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002280.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d5.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002281.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d6.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002282.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586f.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002283.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586e.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002284.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d7.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002285.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '482c45c8.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002286.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75871.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002287.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45ca.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002288.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d9.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002289.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75864.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002290.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45dd.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002291.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45df.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002292.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75873.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002293.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45cc.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002294.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75870.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002295.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c9.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002296.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75872.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002297.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75875.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002298.EXE

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45ce.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002299.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75877.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002300.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45cb.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002301.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75874.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002302.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45cd.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002303.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c0.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002304.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75879.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002305.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c2.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002306.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75876.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002307.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45cf.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002308.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45e1.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002309.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7587b.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002310.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c4.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002311.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7587d.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002312.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45e5.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002313.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45e7.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002314.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75848.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002315.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c6.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002316.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7587f.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002317.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c4538.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002318.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75878.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002319.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c1.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002320.exe

[DETECTION] Is the TR/Agent.1249280.C Trojan

[NOTE] The file was moved to '49a7587a.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002321.exe

[DETECTION] Is the TR/Tclock.A.3 Trojan

[NOTE] The file was moved to '49a75881.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002322.exe

[0] Archive type: NSIS

--> [unknownDir]/tclock.exe

[DETECTION] Is the TR/Tclock.A.3 Trojan

[DETECTION] Is the TR/Tclock.A.1 Trojan

[NOTE] The file was moved to '482c453a.qua'!

C:\unzipped\juggalo[1].xs.atmega.fix.v2.2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc5890.qua'!

C:\unzipped\juggalo[1].xs.atmega.fix.v2.2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc5891.qua'!

C:\WINDOWS\videoc.ocx

[DETECTION] Is the TR/DwnLdr.ARN Trojan

[NOTE] The file was moved to '49db58c7.qua'!

C:\WINDOWS\$NtUninstallKB810217$\admin.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\admin.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\author.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\author.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4amsft.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4anscp.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4apws.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4areg.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4atxt.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4autl.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4avnb.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4avss.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4awebs.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4awel.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpadmcgi.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpadmdll.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpcount.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpexedll.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpmmc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpremadm.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpsrvadm.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpsrvwin.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\shtml.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\shtml.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\tcptest.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\6to4svc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\inetmib1.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\iphlpapi.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\ipv6.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\ipv6mon.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\netoc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\netsh.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\tcpip6.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\tunmp.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\wship6.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB824105$\netbt.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ322011$\fxsclnt.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ329170$\srv.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ329834$\raspptp.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ810565$\pchshell.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ814995$\acgenral.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ815485$\ndis.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ815485$\ndisuio.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ815485$\netshell.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ815485$\wzcdlg.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ817606$\srv.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\in5b4s.dll

[DETECTION] Is the TR/Spy.241664 Trojan

[NOTE] The file was moved to '49ac5eb6.qua'!

End of the scan: Wednesday, January 21, 2009 14:18

Used time: 1:55:48 Hour(s)

The scan has been done completely.

8639 Scanning directories

304408 Files were scanned

213 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

2 files were deleted

0 files were repaired

205 files were moved to quarantine

0 files were renamed

53 Files cannot be scanned

304142 Files not concerned

2647 Archives were scanned

53 Warnings

207 Notes

WHAT NEXT DOC?

Tigger93 · January 21, 2009

Hi.

Download Lop S&D < here

Double-click Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt)

------------------------

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Newfie Dave · January 21, 2009

Hi.
Download Lop S&D < here
Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
As requested:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel Pentium III processor )
BIOS : Award Modular BIOS v4.51PG
USER : Karen ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:9 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 01/21/2009|17:56 )
--------------------\\ Listing folders in APPLIC~1
[06/09/2003|08:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[12/06/2008|10:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[08/02/2006|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 1.0.0.0
[08/18/2008|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/20/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[11/19/2007|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/19/2007|05:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[09/11/2004|06:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ArcSoft
[12/06/2008|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[01/21/2009|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[09/01/2005|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Babylon
[03/21/2005|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BeInSync Settings
[11/25/2006|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Borland
[10/07/2005|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[12/06/2008|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[12/07/2003|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kazaa
[05/16/2006|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[05/01/2005|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[04/12/2005|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision
[01/19/2009|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/23/2008|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MediaLife
[01/25/2007|09:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/16/2003|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[10/01/2005|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pixelStorm
[06/20/2008|05:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[06/04/2003|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[02/05/2006|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SkillJam
[01/12/2009|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SkillRide
[03/28/2006|03:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/11/2005|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[08/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/29/2007|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[10/07/2003|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[03/29/2005|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[08/08/2007|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
[09/10/2005|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/04/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[03/08/2007|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[03/08/2007|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion
[06/04/2003|10:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[10/02/2005|05:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> .bt2
[12/08/2008|09:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Adobe
[12/16/2003|12:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> AdobeUM
[03/28/2006|03:44] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Aim
[01/11/2006|03:53] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Apple Computer
[12/25/2003|08:38] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ArcSoft
[12/06/2008|11:23] C:\DOCUME~1\Karen\APPLIC~1\<DIR> AVGTOOLBAR
[03/21/2005|08:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> BeInSync
[12/31/2006|02:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> BitTorrent
[08/24/2007|12:36] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Camfrog
[10/07/2005|02:11] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Corel
[12/27/2005|11:57] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Creative
[04/23/2008|07:59] C:\DOCUME~1\Karen\APPLIC~1\<DIR> CyberLink
[12/16/2003|09:22] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Freedom
[06/26/2006|07:16] C:\DOCUME~1\Karen\APPLIC~1\<DIR> GewfieNoofy
[11/19/2005|07:18] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Google
[11/28/2006|05:49] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Help
[01/12/2007|09:30] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICAClient
[03/08/2007|10:39] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICQ
[09/21/2004|05:14] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICQLite
[07/28/2003|02:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Identities
[11/01/2003|10:20] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ieSpell
[06/26/2006|07:31] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Ilikebeans
[04/06/2005|11:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> IsolatedStorage
[12/07/2003|12:44] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Kazaa Lite
[03/28/2006|03:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Lavasoft
[05/01/2005|04:56] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Macromedia
[01/19/2009|08:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Malwarebytes
[01/19/2009|08:36] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MalwareRemovalBot
[04/23/2008|07:57] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MediaLife
[08/20/2008|05:56] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Microsoft
[01/14/2007|07:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Mozilla
[09/16/2003|04:03] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MSN6
[10/10/2005|09:32] C:\DOCUME~1\Karen\APPLIC~1\<DIR> NetMedia Providers
[11/15/2005|08:04] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Opera
[04/28/2007|09:50] C:\DOCUME~1\Karen\APPLIC~1\<DIR> OTVREG
[10/21/2006|05:33] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Paltalk
[02/16/2006|02:28] C:\DOCUME~1\Karen\APPLIC~1\<DIR> PC Tools
[10/10/2005|09:32] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Publish Providers
[01/11/2007|09:17] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Real
[07/01/2005|10:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Registry Cleaner
[05/15/2006|02:08] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Rogers Yahoo! Messenger
[06/23/2004|03:54] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Shockwave.com
[12/16/2006|01:48] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Skype
[02/01/2004|01:06] C:\DOCUME~1\Karen\APPLIC~1\<DIR> SmartDraw
[03/23/2006|08:35] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sonic Foundry
[11/28/2005|03:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sony
[09/11/2004|12:49] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sun
[06/20/2003|04:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Symantec
[10/14/2006|04:13] C:\DOCUME~1\Karen\APPLIC~1\<DIR> teamspeak2
[08/22/2003|03:46] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Ulead Systems
[08/24/2007|07:01] C:\DOCUME~1\Karen\APPLIC~1\<DIR> WildTangent
[03/09/2007|07:01] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Yahoo!
[08/11/2003|03:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Yahoo! Messenger
[07/18/2006|03:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[12/06/2008|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/06/2008|10:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[01/21/2009 03:00 AM][--a------] C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
[01/20/2009 05:31 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/21/2009 05:00 PM][--ah-----] C:\WINDOWS\tasks\9406B6C39551419B.job
[01/21/2009 04:39 PM][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[01/20/2009 12:32 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 08:30 AM][-rah-----] C:\WINDOWS\tasks\desktop.ini
( 9406B6C39551419B.job )=( c:\docume~1\karen\applic~1\thisus~1\TitleTickEq.exe )
--------------------\\ Listing Folders in C:\Program Files
[12/08/2008|09:51] C:\Program Files\<DIR> Adobe
[10/09/2005|08:16] C:\Program Files\<DIR> Ahead
[11/19/2007|05:57] C:\Program Files\<DIR> Apple Software Update
[09/11/2004|03:57] C:\Program Files\<DIR> ArcSoft
[10/29/2006|01:53] C:\Program Files\<DIR> Atmega Load At Home
[10/29/2006|10:14] C:\Program Files\<DIR> Audible
[12/06/2008|11:05] C:\Program Files\<DIR> AVG
[01/21/2009|12:19] C:\Program Files\<DIR> Avira
[10/02/2003|06:25] C:\Program Files\<DIR> Borland
[10/02/2005|05:23] C:\Program Files\<DIR> BT2Net
[11/29/2007|04:07] C:\Program Files\<DIR> Camfrog
[04/17/2008|08:38] C:\Program Files\<DIR> CCleaner
[07/16/2003|02:24] C:\Program Files\<DIR> cgi-bin
[02/12/2007|06:20] C:\Program Files\<DIR> Citrix
[06/20/2008|05:10] C:\Program Files\<DIR> Common Files
[04/18/2008|04:07] C:\Program Files\<DIR> Creative
[05/09/2006|11:28] C:\Program Files\<DIR> DIFX
[10/19/2003|01:58] C:\Program Files\<DIR> directx
[06/04/2003|01:22] C:\Program Files\<DIR> EuroTool
[08/09/2007|05:41] C:\Program Files\<DIR> FreshDevices
[07/03/2006|11:36] C:\Program Files\<DIR> ftapirate
[03/01/2004|09:06] C:\Program Files\<DIR> Garmin
[08/24/2007|08:28] C:\Program Files\<DIR> Google
[01/10/2009|01:05] C:\Program Files\<DIR> ICQ
[03/09/2007|12:39] C:\Program Files\<DIR> ICQLite
[03/25/2007|12:08] C:\Program Files\<DIR> InstallShield Installation Information
[12/11/2008|03:20] C:\Program Files\<DIR> Internet Explorer
[11/19/2007|06:01] C:\Program Files\<DIR> iPod
[11/19/2007|06:01] C:\Program Files\<DIR> iTunes
[03/17/2007|06:43] C:\Program Files\<DIR> Java
[01/20/2009|12:30] C:\Program Files\<DIR> Kaspersky Lab
[05/16/2006|02:12] C:\Program Files\<DIR> KODAK
[05/15/2006|04:43] C:\Program Files\<DIR> LimeWire
[01/24/2008|12:48] C:\Program Files\<DIR> Loader
[01/11/2007|09:01] C:\Program Files\<DIR> Logitech
[02/16/2007|06:57] C:\Program Files\<DIR> Macromedia
[03/22/2006|06:18] C:\Program Files\<DIR> Magellan
[07/22/2008|08:47] C:\Program Files\<DIR> Magnifier 2.4
[01/19/2009|08:51] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[12/03/2008|03:02] C:\Program Files\<DIR> Messenger
[06/04/2003|11:49] C:\Program Files\<DIR> Microsoft ActiveSync
[05/10/2007|05:13] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[06/04/2003|10:06] C:\Program Files\<DIR> microsoft frontpage
[10/15/2006|10:28] C:\Program Files\<DIR> Microsoft Office
[06/04/2003|11:46] C:\Program Files\<DIR> Microsoft Visual Studio
[08/16/2003|09:11] C:\Program Files\<DIR> Microsoft Windows Script
[10/18/2006|02:10] C:\Program Files\<DIR> Microsoft Works
[10/12/2006|09:01] C:\Program Files\<DIR> Microsoft.NET
[12/02/2008|01:10] C:\Program Files\<DIR> Movie Maker
[02/22/2007|05:41] C:\Program Files\<DIR> Mozilla Firefox
[12/02/2008|01:10] C:\Program Files\<DIR> msn
[07/19/2006|02:35] C:\Program Files\<DIR> MSN Gaming Zone
[09/08/2007|02:27] C:\Program Files\<DIR> MSXML 4.0
[12/02/2008|01:03] C:\Program Files\<DIR> NetMeeting
[07/17/2005|09:12] C:\Program Files\<DIR> neXBC
[02/13/2007|05:33] C:\Program Files\<DIR> Nortel Networks
[03/22/2005|09:28] C:\Program Files\<DIR> Norton AntiVirus
[04/07/2005|04:20] C:\Program Files\<DIR> Norton SystemWorks
[10/27/2004|11:44] C:\Program Files\<DIR> OfficeUpdate11
[06/04/2003|10:03] C:\Program Files\<DIR> Online Services
[08/08/2007|10:02] C:\Program Files\<DIR> Online TV Player 3
[09/01/2006|10:40] C:\Program Files\<DIR> outlook
[12/02/2008|01:03] C:\Program Files\<DIR> Outlook Express
[01/19/2009|11:08] C:\Program Files\<DIR> Phoenix Installer
[06/08/2007|05:47] C:\Program Files\<DIR> Project64 1.6
[03/01/2005|05:05] C:\Program Files\<DIR> Project64 v1.5
[06/20/2008|05:09] C:\Program Files\<DIR> Pure Networks
[11/19/2007|06:00] C:\Program Files\<DIR> QuickTime
[03/28/2006|03:54] C:\Program Files\<DIR> Spybot - Search & Destroy
[08/08/2007|10:09] C:\Program Files\<DIR> Symantec
[04/07/2005|05:39] C:\Program Files\<DIR> SymNetDrv
[01/21/2009|01:42] C:\Program Files\<DIR> TClock
[09/08/2007|07:58] C:\Program Files\<DIR> Tierra
[03/08/2007|06:40] C:\Program Files\<DIR> Total Video Converter
[01/21/2009|04:31] C:\Program Files\<DIR> Trend Micro
[07/10/2004|12:30] C:\Program Files\<DIR> Uninstall Information
[08/08/2007|09:50] C:\Program Files\<DIR> WildGames
[01/04/2008|04:20] C:\Program Files\<DIR> Windows Live
[01/09/2009|11:55] C:\Program Files\<DIR> Windows Media Connect 2
[01/10/2009|02:05] C:\Program Files\<DIR> Windows Media Player
[12/02/2008|01:03] C:\Program Files\<DIR> Windows NT
[07/19/2006|07:57] C:\Program Files\<DIR> WindowsUpdate
[09/18/2006|09:54] C:\Program Files\<DIR> WinRAR
[08/18/2004|11:42] C:\Program Files\<DIR> WinZip
[06/04/2003|10:06] C:\Program Files\<DIR> xerox
[03/08/2007|09:29] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[08/30/2006|06:28] C:\Program Files\Common Files\<DIR> {E43BA2D9-0257-1033-0822-000430020001}
[08/18/2008|06:05] C:\Program Files\Common Files\<DIR> Adobe
[05/20/2005|11:40] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[10/08/2005|09:04] C:\Program Files\Common Files\<DIR> Ahead
[03/19/2007|06:33] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[11/19/2007|05:56] C:\Program Files\Common Files\<DIR> Apple
[06/04/2003|11:46] C:\Program Files\Common Files\<DIR> Designer
[10/07/2005|02:03] C:\Program Files\Common Files\<DIR> InstallShield
[01/02/2007|12:28] C:\Program Files\Common Files\<DIR> Intuit
[03/17/2007|06:38] C:\Program Files\Common Files\<DIR> Java
[04/01/2005|10:11] C:\Program Files\Common Files\<DIR> KODAK
[06/04/2003|11:31] C:\Program Files\Common Files\<DIR> L&H
[01/11/2007|08:58] C:\Program Files\Common Files\<DIR> Logitech
[05/01/2005|04:49] C:\Program Files\Common Files\<DIR> Macromedia
[05/01/2005|04:51] C:\Program Files\Common Files\<DIR> Macromedia Shared
[12/06/2008|11:05] C:\Program Files\Common Files\<DIR> Microsoft Shared
[06/04/2003|10:01] C:\Program Files\Common Files\<DIR> MSSoap
[06/04/2003|07:21] C:\Program Files\Common Files\<DIR> ODBC
[07/18/2006|10:42] C:\Program Files\Common Files\<DIR> okuw
[06/20/2008|05:10] C:\Program Files\Common Files\<DIR> Pure Networks Shared
[01/11/2007|09:17] C:\Program Files\Common Files\<DIR> Real
[06/04/2003|10:01] C:\Program Files\Common Files\<DIR> Services
[12/29/2006|12:51] C:\Program Files\Common Files\<DIR> snp2std
[06/04/2003|07:20] C:\Program Files\Common Files\<DIR> SpeechEngines
[04/27/2006|03:02] C:\Program Files\Common Files\<DIR> SWF Studio
[08/08/2007|10:09] C:\Program Files\Common Files\<DIR> Symantec Shared
[12/02/2008|01:03] C:\Program Files\Common Files\<DIR> System
[12/05/2004|01:39] C:\Program Files\Common Files\<DIR> VocalTec
[01/04/2008|04:19] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[07/18/2006|01:07] C:\Program Files\Common Files\<DIR> ?racle
--------------------\\ Process
( 24 Processes )
iexplore.exe ~ [PID:1356]
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\Karen\Cookies\karen@adultfriendfinder[2].txt
C:\DOCUME~1\Karen\Cookies\karen@advertising[1].txt
C:\DOCUME~1\Karen\Cookies\karen@adopt.euroclick[1].txt
C:\WINDOWS\Tasks\9406B6C39551419B.job
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 17:59:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\shelldata\cfg\8\(6)Burton(6) : MSN - Hockey Zman11.dat 401 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\(8) The more than new reality, closer to the heart (8) : MSN - Hockey Zman11.dat 11 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\- Lyrics are for poets, this is censoredin Rock 'n Roll : MSN - Hockey Zman11.dat 267 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\kerri_ann23@hotmail.com : MSN - Hockey Zman11.dat 916 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\kerri_ann_boone@hotmail.com : MSN - Hockey Zman11.dat 25 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\KewlDude1031 : AIM - HockeyZman11.dat 1516 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\killermonkey2k3 : AIM - HockeyZman11.dat 5118 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\kylep008 : AIM - HockeyZman11.dat 3498 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\rangerfanalex : AIM - HockeyZman11.dat 1005 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\RETRIBUTION 2 : AIM - HockeyZman11.dat 1195 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Rick : MSN - Hockey Zman11.dat 1896 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\rpittman20 : AIM - HockeyZman11.dat 267 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\funmaster123@hotmail.com : MSN - Hockey Zman11.dat 114 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Gamertag KUJO : AIM - HockeyZman11.dat 2101 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Geoff_Barrow_7 : MSN - Hockey Zman11.dat 432 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\girl__power33@hotmail.com : MSN - Hockey Zman11.dat 45 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\FSCWIDEOUT : AIM - Hockey Zman11.dat 458 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\FSCWIDEOUT : AIM - HockeyZman11.dat 16900 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Hamma Head77 : AIM - HockeyZman11.dat 1699 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\tsullivan@roadrunner.nf.net : MSN - Hockey Zman11.dat 99 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\brokenpost31 : AIM - HockeyZman11.dat 286 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\bsmums311 : AIM - HockeyZman11.dat 3784 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\SHathaway : MSN - Hockey Zman11.dat 2203 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\hezclancey@hotmail.com : MSN - Hockey Zman11.dat 2703 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Hockey@GolfRocks_Barrow_7 : MSN - Hockey Zman11.dat 2858 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\HockeyZman11 : AIM - HockeyZman11.dat 251 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\hotdog700 : AIM - HockeyZman11.dat 10560 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\striker3771 : AIM - HockeyZman11.dat 2018 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\StumbleBum7 2K3 : AIM - HockeyZman11.dat 5811 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\SwVoDoo : AIM - HockeyZman11.dat 3558 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\tabithaeagles817@hotmail.com : MSN - Hockey Zman11.dat 324 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\DisRaeger : AIM - HockeyZman11.dat 4374 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\zapmen_07@hotmail.com : MSN - Hockey Zman11.dat 245 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\

Tigger93 · January 21, 2009

We cannot help you because you have been using cracks.

Newfie Dave · January 22, 2009

We cannot help you because you have been using cracks.

Whats a crack?

AdvancedSetup · January 22, 2009

We're sorry but since you have evidence of cracked or pirated software you're using on the system we have to close this thread now.

If you feel this is inaccurate information please send any Moderator a private message explaining in detail and they will review your information in private.

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

At least one file in question is this one:

C:\DOCUME~1\Karen\Desktop\Jonathan's Folder\Jonathan's Song Folder\Downloaded\Macromedia Flash MX Pro 2004 + Keygen.zip

AdvancedSetup · January 23, 2009

After review and discussion in private we've agreed to re-open the post. Someone should assist you as soon as they have time.

Newfie Dave · January 23, 2009

Thank You for your time

AdvancedSetup · January 23, 2009

CCleaner

CCleaner
Double-click on the downloaded file "ccsetup215.exe" and install the application.
Keep the default installation folder "C:\Program Files\CCleaner"
Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
Click finish when done and close ALL PROGRAMS
Start the CCleaner program.
Click on Registry and Uncheck Registry Integrity so that it does not run
Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
Click on Run Cleaner button on the bottom right side of the program.
Click OK to any prompts

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

When we're done you can go back and install the latest version but for now please do not install any.

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it back when you reply

Then look for the following Java folders and if found delete them.

C:\Program Files\Java

C:\Program Files\Common Files\Java

C:\Documents and Settings\All Users\Application Data\Java

C:\Documents and Settings\All Users\Application Data\Sun\Java

C:\Documents and Settings\username\Application Data\Java

C:\Documents and Settings\username\Application Data\Sun\Java

Update and Scan with Malwarebytes' Anti-Malware

Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
- Update Malwarebytes' Anti-Malware
- Select the Update tab
- Click Update
[*]When the update is complete, select the Scanner tab
[*]Select Perform quick scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Newfie Dave · January 23, 2009

Thank you for the reply. I will post all requested once complete.

D

Newfie Dave · January 23, 2009

MBAM & HJT Logs Below:

Malwarebytes' Anti-Malware 1.33

Database version: 1683

Windows 5.1.2600 Service Pack 3

1/23/2009 12:11:55 PM

mbam-log-2009-01-23 (12-11-55).txt

Scan type: Quick Scan

Objects scanned: 56293

Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AND HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:40 PM, on 1/23/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE