User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 427,221 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,256 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
Views: 1163 | Replies: 10
Reply
Page 1 of 2 1 2 >
Join Date: Mar 2008
Posts: 8
Reputation: nctw123 is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
nctw123 nctw123 is offline Offline
Newbie Poster

Help What do i do with pos.tmp files?

  #1  
Mar 7th, 2008
I keep getting pop-ups and other annoying junk about system cleanup and stuff like that along with my folders being cluttered with pos.tmp files. And there's a big "X" on the C drive heres the HJT log, can someone tell me what to do next?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:07 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\StorageProtector\strpmon .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutu.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(12)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(13)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(14)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(15)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(16)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(17)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(18)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [Salestart(19)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [78062acc] rundll32.exe "C:\WINDOWS\system32\bdlyfppb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9039 bytes
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Dec 2006
Posts: 305
Reputation: PhilliePhan is an unknown quantity at this point 
Rep Power: 2
Solved Threads: 14
PhilliePhan's Avatar
PhilliePhan PhilliePhan is offline Offline
Posting Whiz

Solution Re: What do i do with pos.tmp files?

  #2  
Mar 7th, 2008
Hi nctw123,

Please do the following:

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.
  • DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by Clicking Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

NEXT:
  • Download combofix.exe by sUBs to your computer's Desktop.
  • Alternate Download
  • (If you already have a previous version, delete it and download a new version).
  • Double click combofix.exe & follow the prompts.
    Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought to
  • Produce a log for you. ( C:\ComboFix\ComboFix.txt)
  • Restore your Internet connection.

IMPORTANT:
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
Please post that log for us.

LASTLY:
Run HijackThis and Open the Misc Tools section.
Open the Uninstall Manager and Click Save list
Save it to your desktop and then please post the list.


I'd like to see those three logs:
1 - MBA-M Log
2 - ComboFix Log
3 - Uninstall List


I will try to check back in a timely manner, but I am not sure what sort of free time I will have over the weekend.

Best Luck
PP
Linky---> PROTECT YOURSELF FROM MALWARE:Tools & Tips <---Linky

No Reply To Your Post? Try ---> PhilliePhan's Malware Cleaning Steps

ASAP
Reply With Quote  
Join Date: Mar 2008
Posts: 8
Reputation: nctw123 is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
nctw123 nctw123 is offline Offline
Newbie Poster

Re: What do i do with pos.tmp files?

  #3  
Mar 8th, 2008
MBA-M log:
Malwarebytes' Anti-Malware 1.07
Database version: 467

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 181654
Time elapsed: 1 hour(s), 12 minute(s), 59 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 4
Registry Keys Infected: 22
Registry Values Infected: 20
Registry Data Items Infected: 3
Folders Infected: 14
Files Infected: 210

Memory Processes Infected:
c:\program files\common files\storageprotector\strpmon .exe (Rogue.SystemErrorFixer) -> Unloaded process successfully.
c:\program files\common files\storageprotector\strpmon .exe (Rogue.SystemErrorFixer) -> Unloaded process successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Unloaded process successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\amddqsom.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\bdlyfppb.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\lfhbmpac.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vtutu.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20e95601-8278-4eea-b84f-242df7ae2e66} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{20e95601-8278-4eea-b84f-242df7ae2e66} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Storageprotector (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43132710-a996-478a-863b-7d0765b643d5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(9) (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(19) (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(18) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(17) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(16) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(15) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(14) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(13) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(12) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(11) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(10) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(8) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(7) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(6) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(5) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(4) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(3) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(2) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(1) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (Rogue.Storageprotector) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Vundo) -> Data: c:\windows\system32\vtutu.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtutu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtutu -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\bak (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\bak\bak (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 Free (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\common files\storageprotector\strpmon .exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
c:\program files\common files\storageprotector\strpmon .exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amddqsom.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mosqddma.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdlyfppb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bppfyldb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibljpbjv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjbpjlbi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfhbmpac.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\capmbhfl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsmcexef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fexecmsn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqhiopcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccpoihqt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtutu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtutu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ututv.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ututv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xafwfbcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rcbfwfax.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylbkaleq.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\afjyqmuk.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\cacooyjy.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\caqlyuvv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\dlwixoql.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\dswtmhmj.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\dyekuyln.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\efcgxlvu.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\exjegpqb.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\gcaaqyqf.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\gfnsaqmf.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\gitobxmn.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\glcjwfdv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\gxwbvyhb.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\hknbrhhh.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\hqhmhmdi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jqkbaytg.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\kaxqtjro.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\kjymxiuq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\lfnhfjob.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\lnbofxck.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\lpllfrfy.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mihungvi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mlaitrtq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mofugclq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\nephiqpn.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ngproxvf.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\oxjhwwnr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\peuagbsx.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\qrjatydi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\qvlnnfkd.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\roamakdt.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\sdoxevme.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\sheqipoi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\snancrds.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\tevobesr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP109.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP11B.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP2E61.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP461A.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP4620.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP4629.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP6307.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP7746.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP7926.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP792F.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP794A.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP8787.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP8793.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP8799.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP87A5.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPAC.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPBB.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPC9.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPDE.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPF0.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPF2.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ujjivnwv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ukssxmod.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\urclqecd.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\vhgtvwel.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\vntmrykt.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\wjiumwsc.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xaisfvxg.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xdyitjoc.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xihvkrno.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xqedqkpr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xunsrkcf.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xysjgjdy.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ymqysuwq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ywssmfiq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ywuecxwm.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\bak\bak\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\matrix.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\matrix.dll.1194711701.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\matrix.dll.1195315464.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\matrix.dll.1196195676.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP12\A0006463.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0007002.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0007019.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0008017.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0009017.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0009053.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0009054.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0010053.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0010055.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011053.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011056.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011090.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011092.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011094.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0012116.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0012118.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0012120.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013090.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013092.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013094.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013124.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013129.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013161.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013166.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013185.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0019412.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0020413.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0020436.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0021436.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0022438.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0022459.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0022463.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0023463.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0024460.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0024464.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0025490.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0025494.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0026494.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0028755.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0028760.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0029758.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0029760.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP22\A0029859.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP23\A0029894.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP23\A0029898.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP23\A0031900.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0033226.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0033230.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0034221.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0034230.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0034266.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0034275.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes1285.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\offun.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\rau001978.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\retadpu572.exe (Trojan.Agant) -> Quarantined and deleted successfully.
C:\WINDOWS\TISKY009.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\tk58.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\TTC-4444.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\windows (Trojan.Zapchast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\bak\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\icmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\icthis.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\ictmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\ictun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\icun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\isfmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\isfmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\isfmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\isfun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\uninst.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\em (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\oid (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\user (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon.exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 Free\description.txt (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\images.zip (Worm.NetSky) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1285.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1119OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest.YOUR-D0F670B45A\Local Settings\Temp\mshtml2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nelson\Start Menu\Programs\Startup\Think-Adz.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nelson\Start Menu\Programs\Startup\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully.
Reply With Quote  
Join Date: Mar 2008
Posts: 8
Reputation: nctw123 is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
nctw123 nctw123 is offline Offline
Newbie Poster

Re: What do i do with pos.tmp files?

  #4  
Mar 8th, 2008
Combofix log:

ComboFix 08-03-07.4 - Compaq_Owner 2008-03-08 0:26:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.117 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\int_rem.bat
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\License_Manager
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\baaadd.ini
C:\WINDOWS\BM7b351950.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\crosof~1.net\j?vaw.exe
C:\WINDOWS\ddaaab.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\ssembl~1
C:\WINDOWS\stem~1
C:\WINDOWS\stem~1\??stem\
C:\WINDOWS\stem~1\rundll32.exe
C:\WINDOWS\system32\alqywqkh.dll
C:\WINDOWS\system32\amddqsom.dll
C:\WINDOWS\system32\avfliqwm.dll
C:\WINDOWS\system32\baayyhkj.dll
C:\WINDOWS\system32\bdlyfppb.dll
C:\WINDOWS\system32\bppfyldb.ini
C:\WINDOWS\system32\cfqrmtbo.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dvifotjb.dll
C:\WINDOWS\system32\erdgvdxe.dll
C:\WINDOWS\system32\evndcvcm.dll
C:\WINDOWS\system32\faypimal.dll
C:\WINDOWS\system32\glyraphp.dll
C:\WINDOWS\system32\grpwxodq.dll
C:\WINDOWS\system32\hpxgbwth.dll
C:\WINDOWS\system32\ivjcswrs.dll
C:\WINDOWS\system32\iwwfkjdv.dll
C:\WINDOWS\system32\jipjcufq.dll
C:\WINDOWS\system32\lfhbmpac.dll
C:\WINDOWS\system32\ljxpnata.dll
C:\WINDOWS\system32\lniyeysd.dll
C:\WINDOWS\system32\luflcnyc.dll
C:\WINDOWS\system32\lulfraxh.dll
C:\WINDOWS\system32\maogjxyx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrtkaeaw.dll
C:\WINDOWS\system32\nvktngwg.dll
C:\WINDOWS\system32\nyossclw.dll
C:\WINDOWS\system32\otwgsawm.dll
C:\WINDOWS\system32\pihkcnjr.dll
C:\WINDOWS\system32\pyyobvbc.dll
C:\WINDOWS\system32\qqxqefbe.dll
C:\WINDOWS\system32\quligxew.dll
C:\WINDOWS\system32\reqjqxoe.dll
C:\WINDOWS\system32\rgeaayhf.dll
C:\WINDOWS\system32\rytpmmwj.dll
C:\WINDOWS\system32\system.exe
C:\WINDOWS\system32\thylfnwu.dll
C:\WINDOWS\system32\tqsupyhj.dll
C:\WINDOWS\system32\ufrftlgk.dll
C:\WINDOWS\system32\uogjvymh.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\uwvsluhw.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\widgskub.dll
C:\WINDOWS\system32\wpyrdevm.dll
C:\WINDOWS\system32\xdpjllhy.dll
C:\WINDOWS\system32\xdqrprov.dll
C:\WINDOWS\system32\xwuhxxny.dll
C:\WINDOWS\system32\ylumvmjs.dll
C:\WINDOWS\system32\yudjrchd.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-07 19:35 . 2008-03-07 19:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-03-07 19:28 . 2008-03-07 19:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-07 19:28 . 2008-03-07 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-05 21:07 . 2008-03-05 21:07 326,656 --a------ C:\WINDOWS\system32\RCX4B.tmp
2008-03-04 23:15 . 2008-03-04 23:15 326,656 --a------ C:\WINDOWS\system32\RCX44.tmp
2008-03-04 15:33 . 2008-03-05 07:12 1,494 ---hs---- C:\WINDOWS\system32\emcbsbik.ini
2008-03-03 23:38 . 2008-03-08 00:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-03 23:38 . 2008-03-03 23:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 23:36 . 2008-03-03 23:36 326,656 --a------ C:\WINDOWS\system32\RCX41.tmp
2008-03-03 15:31 . 2008-03-04 15:32 1,314 ---hs---- C:\WINDOWS\system32\wqvpfgxw.ini
2008-03-02 08:44 . 2008-03-03 15:25 1,194 ---hs---- C:\WINDOWS\system32\csiuloni.ini
2008-02-29 18:36 . 2008-02-29 18:36 326,656 --a------ C:\WINDOWS\system32\RCX3E.tmp
2008-02-29 15:32 . 2008-03-02 08:41 1,074 ---hs---- C:\WINDOWS\system32\pprkuifl.ini
2008-02-28 15:28 . 2008-02-29 15:29 774 ---hs---- C:\WINDOWS\system32\xorohqel.ini
2008-02-26 21:14 . 2008-02-28 15:28 654 ---hs---- C:\WINDOWS\system32\sroikmrx.ini
2008-02-25 19:10 . 2008-02-26 21:11 534 ---hs---- C:\WINDOWS\system32\xchqoame.ini
2008-02-25 18:07 . 2008-02-25 18:08 294 ---hs---- C:\WINDOWS\system32\tcecreer.ini
2008-02-24 13:28 . 2008-02-24 13:28 <DIR> d-------- C:\Program Files\Webroot
2008-02-24 13:28 . 2008-02-24 13:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-24 13:28 . 2008-02-24 13:28 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Webroot
2008-02-24 13:28 . 2008-02-24 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-24 13:28 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-24 13:28 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-24 13:28 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-24 13:28 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-24 13:28 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-24 13:23 . 2008-02-24 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-24 11:32 . 2008-02-24 11:32 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-23 16:36 . 2008-02-24 16:37 1,154,241 ---hs---- C:\WINDOWS\system32\ikrvtjmh.ini
2008-02-23 15:30 . 2008-02-23 15:31 1,153,692 ---hs---- C:\WINDOWS\system32\rbkugrmv.ini
2008-02-22 15:30 . 2008-02-22 22:47 1,154,857 ---hs---- C:\WINDOWS\system32\jgyqprlr.ini
2008-02-21 15:34 . 2008-02-22 15:26 1,154,361 ---hs---- C:\WINDOWS\system32\qurpshjd.ini
2008-02-20 15:29 . 2008-02-21 15:29 1,207,013 ---hs---- C:\WINDOWS\system32\ntcpimka.ini
2008-02-18 21:05 . 2008-02-20 15:28 1,250,261 ---hs---- C:\WINDOWS\system32\pqpcnvbh.ini
2008-02-18 11:06 . 2008-02-18 21:05 1,238,973 ---hs---- C:\WINDOWS\system32\rxfdbuje.ini
2008-02-17 22:30 . 2008-02-17 22:30 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-17 22:20 . 2008-02-18 11:05 1,248,947 ---hs---- C:\WINDOWS\system32\enldmlcr.ini
2008-02-16 22:21 . 2008-02-17 02:06 1,248,767 ---hs---- C:\WINDOWS\system32\tdwjuhba.ini
2008-02-16 22:07 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-16 22:07 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-16 22:07 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-16 21:55 . 2008-02-16 21:56 <DIR> d-------- C:\Program Files\AVI MPEG Video Converter
2008-02-15 22:19 . 2008-02-16 22:19 1,248,647 ---hs---- C:\WINDOWS\system32\bmttocru.ini
2008-02-15 21:19 . 2008-02-15 21:20 1,248,467 ---hs---- C:\WINDOWS\system32\yrhtflmr.ini
2008-02-14 21:19 . 2008-02-15 12:22 1,242,300 ---hs---- C:\WINDOWS\system32\nhrmnthc.ini
2008-02-12 21:22 . 2008-02-13 16:09 1,235,221 ---hs---- C:\WINDOWS\system32\kfjnncvu.ini
2008-02-11 23:56 . 2008-02-12 20:36 1,222,540 ---hs---- C:\WINDOWS\system32\vexnjjpj.ini
2008-02-11 01:08 . 2008-02-11 01:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-11 01:08 . 2008-02-11 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-11 00:58 . 2008-02-11 00:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 19:51 . 2008-02-10 20:07 9,296 --a------ C:\22.exe
2008-02-09 21:16 . 2008-02-10 17:49 1,220,770 ---hs---- C:\WINDOWS\system32\tthlccou.ini
2008-02-09 14:34 . 2008-02-09 14:34 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-08 22:13 . 2008-02-09 02:14 137,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-08 22:13 . 2008-02-09 02:14 4,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-08 22:13 . 2008-02-09 02:14 2,684 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-08 22:13 . 2008-02-09 02:14 1,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-08 22:12 . 2008-02-08 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-08 22:12 . 2008-02-10 17:46 364,544 --a------ C:\WINDOWS\mrofinu1285.exe.tmp
2008-02-08 21:40 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-08 21:40 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-08 21:40 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-08 21:40 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-08 21:40 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-08 21:40 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-08 21:40 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-08 21:40 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-08 21:40 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-08 19:29 . 2008-03-05 21:08 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-02-08 16:21 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-08 15:36 . 2008-02-08 15:36 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 05:36 --------- d-----w C:\Program Files\QuickTime
2008-03-08 05:36 --------- d-----w C:\Program Files\iTunes
2008-03-04 02:59 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-02-27 21:08 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-02-27 20:41 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-02-24 17:49 --------- d-----w C:\Program Files\Sonic
2008-02-24 15:08 --------- d-----w C:\Program Files\iPod
2008-02-17 03:07 --------- d-----w C:\Program Files\XviD
2008-02-13 01:23 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-02-09 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 03:34 --------- d-----w C:\Program Files\Common Files\Command Software
2008-02-09 00:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-08 21:20 --------- d-----w C:\Program Files\Java
2008-02-08 20:23 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-02-08 02:43 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 02:23 --------- d-----w C:\Program Files\Google
2008-02-08 02:00 --------- d-----w C:\Program Files\WildTangent
2008-01-26 21:21 --------- d-----w C:\Program Files\World of Warcraft
2008-01-26 01:30 --------- d-----w C:\Program Files\7-Zip
2008-01-14 05:36 5,197 ----a-w C:\is9.exe
2008-01-02 19:44 3,029,431 ----a-w C:\steam.exe
2007-10-02 18:51 2,674,688 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\Steam.dll
2007-03-29 14:57 6,656 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\sx.exe
2006-10-01 21:38 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
Help with Code Tags 
<pre>
----a-w            27,136 2007-02-08 22:40:48  C:\hp\bin\cloaker .exe
----a-w           307,200 2008-02-19 02:04:39  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            50,528 2007-02-05 20:26:05  C:\Program Files\AIM6\aim6 .exe
----a-w           344,064 2007-02-08 22:40:28  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           180,269 2008-03-02 13:41:29  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            52,848 2008-02-08 22:00:43  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           218,240 2008-02-08 22:00:53  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
----a-w           847,872 2008-02-24 17:39:04  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w           249,856 2007-02-07 05:31:45  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                                 .exe
----a-w           577,536 2007-02-07 05:29:36  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                                .exe
----a-w           577,536 2007-02-07 03:45:18  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                               .exe
----a-w           577,536 2007-02-06 20:24:04  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                              .exe
----a-w           577,536 2007-02-05 20:25:02  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                             .exe
----a-w           577,536 2007-02-05 02:15:54  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                            .exe
----a-w           577,536 2007-02-04 20:30:06  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                           .exe
----a-w           577,536 2007-02-04 03:42:20  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                          .exe
----a-w           577,536 2007-02-03 23:49:31  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                         .exe
----a-w           577,536 2008-02-03 14:10:03  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                        .exe
----a-w           577,536 2008-02-03 06:22:07  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                       .exe
----a-w           577,536 2008-02-03 01:18:38  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                      .exe
----a-w           577,536 2008-02-02 16:42:30  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                     .exe
----a-w           577,536 2008-02-01 20:46:12  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                    .exe
----a-w           577,536 2008-02-01 20:24:40  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                   .exe
----a-w           577,536 2008-01-31 20:24:48  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                  .exe
----a-w           577,536 2008-01-31 02:06:28  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                 .exe
----a-w           577,536 2008-01-30 20:28:12  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                .exe
----a-w           577,536 2008-01-29 21:16:31  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                               .exe
----a-w           577,536 2008-01-29 20:26:38  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                              .exe
----a-w           577,536 2008-01-28 20:25:39  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                             .exe
----a-w           577,536 2008-01-27 17:24:07  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                            .exe
----a-w           577,536 2008-01-26 20:59:29  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                           .exe
----a-w           577,536 2008-01-26 15:35:53  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                          .exe
----a-w           577,536 2008-01-25 16:21:11  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                         .exe
----a-w           577,536 2008-01-25 01:47:56  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                        .exe
----a-w           577,536 2008-01-25 01:34:29  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                       .exe
----a-w           577,536 2008-01-25 01:26:40  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                      .exe
----a-w           577,536 2007-01-24 14:23:51  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                     .exe
----a-w           577,536 2007-01-23 16:42:43  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                    .exe
----a-w           577,536 2007-01-23 16:25:36  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                   .exe
----a-w           577,536 2007-01-23 00:48:06  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                  .exe
----a-w           577,536 2007-01-22 20:34:51  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                 .exe
----a-w           577,536 2007-01-22 20:23:53  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                .exe
----a-w           577,536 2007-01-22 01:08:56  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                               .exe
----a-w           577,536 2007-01-21 23:08:16  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                              .exe
----a-w           577,536 2008-01-21 15:26:49  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                             .exe
----a-w           577,536 2008-01-20 18:39:47  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                            .exe
----a-w           577,536 2008-01-20 08:37:27  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                           .exe
----a-w           577,536 2008-01-20 02:15:04  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                          .exe
----a-w           577,536 2008-01-19 14:34:43  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                         .exe
----a-w           577,536 2008-01-18 20:30:46  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                        .exe
----a-w           577,536 2008-01-18 01:11:49  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                       .exe
----a-w           577,536 2008-01-17 02:42:23  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                      .exe
----a-w           577,536 2008-01-17 02:14:22  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                     .exe
----a-w           577,536 2008-01-16 20:26:23  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                    .exe
----a-w           577,536 2008-01-15 20:29:15  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                   .exe
----a-w           577,536 2008-01-15 02:14:22  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                  .exe
----a-w           577,536 2008-01-14 20:25:40  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                 .exe
----a-w           577,536 2008-01-13 15:59:26  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                .exe
----a-w           577,536 2008-01-13 15:33:34  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                               .exe
----a-w           577,536 2008-01-13 02:20:48  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                              .exe
----a-w           577,536 2008-01-12 15:56:11  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                             .exe
----a-w           577,536 2008-01-11 20:25:48  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                            .exe
----a-w           577,536 2008-01-11 04:22:42  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                           .exe
----a-w           577,536 2008-01-10 21:30:31  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                          .exe
----a-w           577,536 2008-01-09 20:27:04  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                         .exe
----a-w           577,536 2008-01-08 20:27:47  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                        .exe
----a-w           577,536 2008-01-07 22:51:06  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                       .exe
----a-w           577,536 2008-01-07 20:30:46  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                      .exe
----a-w           577,536 2008-01-07 01:24:02  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                     .exe
----a-w           577,536 2008-01-06 19:15:59  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                    .exe
----a-w           577,536 2008-01-06 08:46:24  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                   .exe
----a-w           577,536 2008-01-05 18:28:42  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                  .exe
----a-w           577,536 2008-01-05 18:19:42  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                 .exe
----a-w           577,536 2008-01-04 17:49:14  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                .exe
----a-w           577,536 2008-01-04 02:12:51  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp               .exe
----a-w           577,536 2008-02-11 04:42:03  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp              .exe
----a-w           577,536 2008-02-10 22:46:34  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp             .exe
----a-w           577,536 2008-02-10 14:27:29  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp            .exe
----a-w           577,536 2008-02-10 03:16:52  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp           .exe
----a-w           577,536 2008-02-10 02:08:58  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp          .exe
----a-w           577,536 2008-02-09 21:39:08  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp         .exe
----a-w           577,536 2008-02-09 20:06:08  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp        .exe
----a-w           577,536 2008-02-09 19:39:56  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp       .exe
----a-w           577,536 2008-02-09 18:48:05  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp      .exe
----a-w           577,536 2008-02-09 16:31:54  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp     .exe
----a-w           577,536 2008-02-09 16:05:52  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp    .exe
----a-w           577,536 2008-02-09 03:05:15  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp   .exe
----a-w           577,536 2008-02-09 01:06:45  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp  .exe
----a-w           577,536 2008-02-09 00:26:57  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w            49,152 2008-02-10 22:47:49  C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
----a-w           267,048 2008-03-08 05:20:36  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            36,975 2007-02-08 22:40:25  C:\Program Files\Java\jre1.5.0_05\bin\jusched .exe
----a-w           132,496 2008-02-10 22:47:56  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w         1,694,208 2008-02-10 22:48:58  C:\Program Files\Messenger\msmsgs .exe
----a-w            53,248 2008-02-08 20:25:45  C:\Program Files\PC-Doctor 5 for Windows\RunProfiler .exe
----a-w           286,720 2007-01-24 14:24:49  C:\Program Files\QuickTime\qttask                                                            .exe
----a-w           640,512 2007-01-24 14:24:01  C:\Program Files\QuickTime\qttask                                                           .exe
----a-w           640,512 2007-01-23 16:42:45  C:\Program Files\QuickTime\qttask                                                          .exe
----a-w           640,512 2007-01-23 16:25:38  C:\Program Files\QuickTime\qttask                                                         .exe
----a-w           640,512 2007-01-23 00:48:09  C:\Program Files\QuickTime\qttask                                                        .exe
----a-w           640,512 2007-01-22 20:34:54  C:\Program Files\QuickTime\qttask                                                       .exe
----a-w           640,512 2007-01-22 20:23:56  C:\Program Files\QuickTime\qttask                                                      .exe
----a-w           640,512 2007-01-22 01:08:59  C:\Program Files\QuickTime\qttask                                                     .exe
----a-w           640,512 2007-01-21 23:08:19  C:\Program Files\QuickTime\qttask                                                    .exe
----a-w           640,512 2008-01-21 15:26:52  C:\Program Files\QuickTime\qttask                                                   .exe
----a-w           640,512 2008-01-20 18:39:51  C:\Program Files\QuickTime\qttask                                                  .exe
----a-w           640,512 2008-01-20 08:37:29  C:\Program Files\QuickTime\qttask                                                 .exe
----a-w           640,512 2008-01-20 02:15:07  C:\Program Files\QuickTime\qttask                                                .exe
----a-w           640,512 2008-01-19 14:34:50  C:\Program Files\QuickTime\qttask                                               .exe
----a-w           640,512 2008-01-18 20:30:53  C:\Program Files\QuickTime\qttask                                              .exe
----a-w           640,512 2008-01-18 01:11:52  C:\Program Files\QuickTime\qttask                                             .exe
----a-w           640,512 2008-01-18 01:04:12  C:\Program Files\QuickTime\qttask                                            .exe
----a-w           640,512 2008-01-17 20:28:30  C:\Program Files\QuickTime\qttask                                           .exe
----a-w           640,512 2008-01-17 02:42:25  C:\Program Files\QuickTime\qttask                                          .exe
----a-w           640,512 2008-01-17 02:14:30  C:\Program Files\QuickTime\qttask                                         .exe
----a-w           640,512 2008-01-16 20:26:27  C:\Program Files\QuickTime\qttask                                        .exe
----a-w           640,512 2008-01-15 20:29:20  C:\Program Files\QuickTime\qttask                                       .exe
----a-w           640,512 2008-01-15 02:14:25  C:\Program Files\QuickTime\qttask                                      .exe
----a-w           640,512 2008-01-14 20:25:43  C:\Program Files\QuickTime\qttask                                     .exe
----a-w           640,512 2008-01-14 05:33:48  C:\Program Files\QuickTime\qttask                                    .exe
----a-w           640,512 2008-01-13 15:59:28  C:\Program Files\QuickTime\qttask                                   .exe
----a-w           640,512 2008-01-13 15:33:37  C:\Program Files\QuickTime\qttask                                  .exe
----a-w           640,512 2008-01-13 02:20:50  C:\Program Files\QuickTime\qttask                                 .exe
----a-w           640,512 2008-01-12 15:56:13  C:\Program Files\QuickTime\qttask                                .exe
----a-w           385,024 2006-02-07 05:31:59  C:\Program Files\QuickTime\qttask                               .exe
----a-w           738,816 2007-02-07 05:29:44  C:\Program Files\QuickTime\qttask                              .exe
----a-w           738,816 2007-02-07 03:45:36  C:\Program Files\QuickTime\qttask                             .exe
----a-w           738,816 2007-02-06 20:24:12  C:\Program Files\QuickTime\qttask                            .exe
----a-w           738,816 2007-02-06 13:06:03  C:\Program Files\QuickTime\qttask                           .exe
----a-w           738,816 2007-02-05 20:25:09  C:\Program Files\QuickTime\qttask                          .exe
----a-w           738,816 2007-02-05 02:16:00  C:\Program Files\QuickTime\qttask                         .exe
----a-w           738,816 2007-02-04 20:30:11  C:\Program Files\QuickTime\qttask                        .exe
----a-w           738,816 2007-02-04 03:42:26  C:\Program Files\QuickTime\qttask                       .exe
----a-w           738,816 2007-02-03 23:49:39  C:\Program Files\QuickTime\qttask                      .exe
----a-w           738,816 2008-02-03 18:28:10  C:\Program Files\QuickTime\qttask                     .exe
----a-w           738,816 2008-02-03 14:10:07  C:\Program Files\QuickTime\qttask                    .exe
----a-w           738,816 2008-02-03 06:22:14  C:\Program Files\QuickTime\qttask                   .exe
----a-w           385,024 2008-03-06 02:07:49  C:\Program Files\QuickTime\QTTask                .exe
----a-w           738,816 2008-03-06 02:07:16  C:\Program Files\QuickTime\QTTask               .exe
----a-w           738,816 2008-03-05 12:10:13  C:\Program Files\QuickTime\QTTask              .exe
----a-w           738,816 2008-03-05 04:15:14  C:\Program Files\QuickTime\QTTask             .exe
----a-w           738,816 2008-03-04 04:36:04  C:\Program Files\QuickTime\QTTask            .exe
----a-w           738,816 2008-03-01 10:59:57  C:\Program Files\QuickTime\QTTask           .exe
----a-w           738,816 2008-02-29 23:36:09  C:\Program Files\QuickTime\QTTask          .exe
----a-w           738,816 2008-02-29 05:11:36  C:\Program Files\QuickTime\QTTask         .exe
----a-w           738,816 2008-02-26 20:59:17  C:\Program Files\QuickTime\QTTask        .exe
----a-w           738,816 2008-02-25 03:43:22  C:\Program Files\QuickTime\QTTask       .exe
----a-w           738,816 2008-02-24 21:43:05  C:\Program Files\QuickTime\QTTask      .exe
----a-w           738,816 2008-02-24 18:31:30  C:\Program Files\QuickTime\QTTask     .exe
----a-w           738,816 2008-02-24 17:59:38  C:\Program Files\QuickTime\QTTask    .exe
----a-w           738,816 2008-02-24 17:37:57  C:\Program Files\QuickTime\QTTask   .exe
----a-w           738,816 2008-02-24 16:50:46  C:\Program Files\QuickTime\QTTask  .exe
----a-w           738,816 2008-02-24 15:14:32  C:\Program Files\QuickTime\QTTask .exe
----a-w         5,367,664 2008-03-08 05:20:42  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w           189,952 2007-02-07 05:31:46  C:\WINDOWS\wkssvr .exe
----a-w           237,568 2008-02-10 22:47:39  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w            52,736 2007-02-08 22:40:24  C:\WINDOWS\system\hpsysdrv .exe
----a-w            15,360 2008-03-06 02:08:38  C:\WINDOWS\system32\ctfmon .exe
</pre>