Help pls trojan-gen - Free Antivirus Forum

Help pls trojan-gen

BullGuard Antivirus Forum > Virus > Alerts & New Threats > Help pls trojan-gen

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Cole
New Member

Date Joined Feb 2008
Total Posts : 8

Posted 2-16-2008 6:05 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:51 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 2240 bytes

excuse me sir my computer have a virus.. can you tell me how to remove it?? uhm what do you think cause my computer to restart and something hang.. and my video card is damage.. i change my video card and its working but the problem now sometimes it hangs ,restart and no connectivity on my internet..

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13619

Posted 2-16-2008 8:49 (GMT +1)

Hello

See if You can download and run combofix -

Please download Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

and save to the desktop.

Important-> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Close all other browser windows.

Go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /killall

When finished, it will produce a logfile located at C:\ComboFix.txt.

Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Cole
New Member

Date Joined Feb 2008
Total Posts : 8

Posted 2-16-2008 10:25 (GMT +1)

ComboFix 08-02-16.2 - Administrator 2008-02-16 17:09:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1684 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\pskill.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 16:23 . 2008-02-16 16:23 <DIR> d-------- C:\Program Files\Xvid
2008-02-16 16:23 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-16 16:23 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-16 16:23 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-16 15:15 . 2008-02-16 15:15 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-02-16 15:15 . 2008-02-16 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-16 15:15 . 2008-02-16 15:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MegauploadToolbar
2008-02-16 15:02 . 2008-02-16 15:42 <DIR> d-------- C:\PSP Gameboy
2008-02-16 14:01 . 2008-02-16 14:00 113,217 -r-hs---- C:\p3r1ud.exe
2008-02-16 14:00 . 2008-02-11 13:02 116,321 -r-hs---- C:\g2p3s.exe
2008-02-16 13:14 . 2008-02-16 13:14 <DIR> d-------- C:\Program Files\CCleaner
2008-02-16 12:17 . 2008-02-16 12:17 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-15 10:21 . 2008-02-15 10:21 <DIR> d--hs---- C:\found.000
2008-02-15 03:13 . 2008-02-15 03:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-15 02:50 . 2008-02-15 02:50 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-02-15 02:50 . 2008-02-15 02:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-02-15 02:50 . 2004-09-23 18:57 6,676,480 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-02-15 02:50 . 2004-09-23 18:57 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx
2008-02-15 02:50 . 2002-12-20 12:40 675,328 --a------ C:\WINDOWS\system32\ir50_32.qtx
2008-02-15 02:50 . 2004-09-23 18:57 430,592 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-02-15 02:50 . 2005-06-10 17:40 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx
2008-02-15 02:50 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl
2008-02-15 02:50 . 2002-11-08 20:04 225,280 --a------ C:\WINDOWS\system32\qtmlClient.dll
2008-02-15 02:50 . 2004-09-23 18:57 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx
2008-02-15 02:49 . 2008-02-15 02:49 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-15 02:41 . 2008-02-15 02:41 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-02-15 02:30 . 2008-02-15 02:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ViStart
2008-02-15 02:29 . 2008-02-15 02:29 <DIR> d-------- C:\Program Files\WinFlip
2008-02-15 02:29 . 2008-02-15 02:29 <DIR> d-------- C:\Program Files\TrueTransparency
2008-02-15 02:29 . 2008-02-15 02:41 <DIR> d-------- C:\Program Files\Styler
2008-02-15 02:29 . 2008-02-15 02:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Styler
2008-02-15 02:26 . 2008-02-15 02:42 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-02-15 02:26 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-02-15 02:26 . 2008-02-15 02:26 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-02-15 02:26 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-02-15 02:26 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-02-15 02:15 . 2008-02-15 02:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-15 02:14 . 2008-02-16 13:14 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-15 01:22 . 2008-02-15 01:22 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-15 01:01 . 2008-02-15 01:01 <DIR> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 09:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-15 03:10 90,112 ----a-w C:\WINDOWS\DUMP48cb.tmp
2008-02-15 00:35 --------- d-----w C:\Program Files\uTorrent
2008-02-14 16:42 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-02-14 16:37 --------- d-----w C:\Program Files\VIA
2008-02-14 16:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-14 16:23 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-15 08:35 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31d83a36-db1c-11dc-ada6-001617ee4cb7}]
\Shell\AutoRun\command - H:\p3r1ud.exe
\Shell\explore\Command - H:\p3r1ud.exe
\Shell\open\Command - H:\p3r1ud.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5299098-dc53-11dc-9deb-001617ee4cb7}]
\Shell\AutoRun\command - G:\p3r1ud.exe
\Shell\explore\Command - G:\p3r1ud.exe
\Shell\open\Command - G:\p3r1ud.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 17:12:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-16 17:13:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 09:12:51

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16, on 2008-02-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 2929 bytes

Thank You Sir.. Hoping for your reply :)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13619

Posted 2-16-2008 11:20 (GMT +1)

Please download Free Version of Superantispyware

http://www.superantispyware.com/superantispywarefreevspro.html

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.

close the program

Please download ATF Cleaner:

http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only

Download DrWebCureit:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

to your desktop.

Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.

Reboot to Safe mode

Delete the following files or folders (delete item in bold). Please do not be concerned if

any of the items are not found as they may have been automatically removed by actions I had

you take earlier in the cleaning process.

Open Folder Options in Controlpanel >view and check your settings:

Select

Show hidden files and folders

Display the contents of system folders

Uncheck: Hide protected operating system files

Delete:

Files:

C:\p3r1ud.exe
C:\g2p3s.exe

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch (Windows XP) only.
Java Cache

Recycle Bin

NB. It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".

It will first make a quick scan of your system, let it clean what it find, and when it says "done"

Click on the Options->Change settings.

Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename

Click – Apply - OK

Click on Scan Tab. Move dot from Express scan to Complete Scan. Click on The Green arrow to the right. It will now scan your drive(s), say yes to all

After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Start Superantispyware.

Hit - Scan Your Computer - button

Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,

it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot

Start Superantispyware again –

Click Preferences and then click the statistics/logs tab.

Click the dated log and press view log and a text file will appear.

Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Cole
New Member

Date Joined Feb 2008
Total Posts : 8

Posted 2-16-2008 4:44 (GMT +1)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/16/2008 at 11:30 PM

Application Version : 3.9.1008

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type : Complete Scan
Total Scan Time : 00:17:57

Memory items scanned : 156
Memory threats detected : 0
Registry items scanned : 3344
Registry threats detected : 0
File items scanned : 18902
File threats detected : 1

Trojan.Downloader-Gen/Kavo
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\KAVO.EXE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:19 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 3305 bytes

p3r1ud.exe;c:\;Modification of Win32.Besso - decompression error;Moved.;
p3r1ud.exe;f:\;Modification of Win32.Besso - decompression error;Moved.;
g2p3s.exe;C:\;Trojan.MulDrop.6474;Deleted.;
tbuninstall.exe;C:\Program Files\MegauploadToolbar;Trojan.Popuper;Deleted.;
autorun.inf.vir;C:\QooBox\Quarantine\C;Win32.HLLW.Autoruner.1271;Deleted.;
kavo.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Modification of Win32.Besso - decompression error;Moved.;
pskill.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Tool.Prockill;Renamed.;
autorun.inf.vir;C:\QooBox\Quarantine\F;Win32.HLLW.Autoruner.1271;Deleted.;
A0000004.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP2;Modification of Win32.Besso - decompression error;Moved.;
A0000006.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP2;Tool.Prockill;Renamed.;
A0000007.inf;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP2;Win32.HLLW.Autoruner.1271;Deleted.;
A0000030.bat;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP2;Probably BATCH.Virus;;
A0000075.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP2;Modification of Win32.Besso - decompression error;Moved.;
A0000284.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP3;Modification of Win32.Besso - decompression error;Moved.;
A0000285.inf;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP3;Win32.HLLW.Autoruner.1271;Deleted.;
A0000307.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP4;Modification of Win32.Besso - decompression error;Moved.;
A0000308.inf;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP4;Win32.HLLW.Autoruner.1271;Deleted.;
A0000472.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP5;Modification of Win32.Besso - decompression error;Moved.;
A0000473.inf;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP5;Win32.HLLW.Autoruner.1271;Deleted.;
A0000503.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP6;Modification of Win32.Besso - decompression error;Moved.;
A0000504.inf;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP6;Win32.HLLW.Autoruner.1271;Deleted.;
A0000529.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP6;Modification of Win32.Besso - decompression error;Moved.;
A0000530.inf;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP6;Win32.HLLW.Autoruner.1271;Deleted.;
A0001567.inf;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Win32.HLLW.Autoruner.1271;Deleted.;
A0001568.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Modification of Win32.Besso - decompression error;Moved.;
A0001571.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Trojan.MulDrop.6474;Deleted.;
A0001572.exe;C:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Trojan.Popuper;Deleted.;
kavo.exe;C:\WINDOWS\system32;Modification of Win32.Besso - decompression error;Moved.;
g2p3s.exe;F:\;Trojan.MulDrop.6474;Deleted.;
start-poseidon.exe;F:\bot\autoCreate Potion 1.6.8;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\bot\Autodeal 1.6.9;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\bot\Forge 1.6.9;Dialer.Premium;Deleted.;
Version 7.0.1.321 ( English ) 25.82 MB.exe;F:\Installer\Programs\Kaspersky AntiVirus v7.0.1.32. Final(FRESH KEYS-17.01);Trojan.Popuper;Deleted.;
start-poseidon.exe;F:\Ragnarok Patch\open kore\Openkore 2.0\openkore-2.0.0;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\Ragnarok Patch\open kore\openkore-1.6.7;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\Ragnarok Patch\open kore\openkore-1.6.8;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\Ragnarok Patch\open kore\openkore-1.6.9;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\Ragnarok Patch\open kore\openkore-1.9.2;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\Ragnarok Patch\open kore\openkore-1.9.3;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\Ragnarok Patch\open kore\openkore-2.0.2;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\Ragnarok Patch\open kore\openkore-2.0.3;Dialer.Premium;Deleted.;
A0001754.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001760.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001813.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001828.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001841.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001858.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001864.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001881.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001892.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001897.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001907.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001913.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001918.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001925.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001932.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001939.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001946.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001953.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001960.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001967.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001974.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0001982.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Dialer.Premium;Deleted.;
A0002062.des;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Probably BACKDOOR.Trojan;;
A0002071.des;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP10;Probably BACKDOOR.Trojan;;
A0000207.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP4;Dialer.Premium;Deleted.;
A0000229.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP4;Dialer.Premium;Deleted.;
A0000235.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP4;Dialer.Premium;Deleted.;
A0000356.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP5;Dialer.Premium;Deleted.;
A0000362.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP5;Dialer.Premium;Deleted.;
A0000368.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP5;Dialer.Premium;Deleted.;
A0000390.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP5;Dialer.Premium;Deleted.;
A0000404.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP6;Dialer.Premium;Deleted.;
A0000465.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP7;Dialer.Premium;Deleted.;
A0000882.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP9;Dialer.Premium;Deleted.;
A0001229.exe;F:\System Volume Information\_restore{160DB4B1-75BD-4D64-A453-0F6D244E5D12}\RP9;Dialer.Premium;Deleted.;
A0002785.des;F:\System Volume Information\_restore{1BF816C3-EC29-4D43-92DA-D3FC0D214677}\RP10;Probably BACKDOOR.Trojan;;
A0000140.des;F:\System Volume Information\_restore{1BF816C3-EC29-4D43-92DA-D3FC0D214677}\RP3;Probably BACKDOOR.Trojan;;
A0012759.des;F:\System Volume Information\_restore{1CCC8212-9735-492F-94A5-3D3DCAE42841}\RP29;Probably BACKDOOR.Trojan;;
A0021038.des;F:\System Volume Information\_restore{1CCC8212-9735-492F-94A5-3D3DCAE42841}\RP42;Probably BACKDOOR.Trojan;;
A0022740.des;F:\System Volume Information\_restore{1CCC8212-9735-492F-94A5-3D3DCAE42841}\RP44;Probably BACKDOOR.Trojan;;
A0025195.des;F:\System Volume Information\_restore{1CCC8212-9735-492F-94A5-3D3DCAE42841}\RP44;Probably BACKDOOR.Trojan;;
A0029981.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP14;Probably BACKDOOR.Trojan;;
A0029990.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP14;Probably BACKDOOR.Trojan;;
A0031638.exe;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP14;Dialer.Premium;Deleted.;
A0041113.exe;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP17;Dialer.Premium;Deleted.;
A0041119.exe;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP17;Dialer.Premium;Deleted.;
A0041126.exe;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP17;Dialer.Premium;Deleted.;
A0041133.exe;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP17;Dialer.Premium;Deleted.;
A0041146.exe;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP17;Dialer.Premium;Deleted.;
A0041186.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP17;Probably BACKDOOR.Trojan;;
A0041195.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP17;Probably BACKDOOR.Trojan;;
A0003559.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP3;Probably BACKDOOR.Trojan;;
A0003568.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP3;Probably BACKDOOR.Trojan;;
A0003805.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP3;Probably BACKDOOR.Trojan;;
A0003814.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP3;Probably BACKDOOR.Trojan;;
A0004929.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP3;Probably BACKDOOR.Trojan;;
A0004938.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP3;Probably BACKDOOR.Trojan;;
A0020032.exe;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP6;Dialer.Premium;Deleted.;
A0020298.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP6;Probably BACKDOOR.Trojan;;
A0020307.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP6;Probably BACKDOOR.Trojan;;
A0021615.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP6;Probably BACKDOOR.Trojan;;
A0021624.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP6;Probably BACKDOOR.Trojan;;
A0021794.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP6;Probably BACKDOOR.Trojan;;
A0021803.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP6;Probably BACKDOOR.Trojan;;
A0026156.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP9;Probably BACKDOOR.Trojan;;
A0026165.des;F:\System Volume Information\_restore{611EA0DF-0CA5-4A08-92B6-101FF860AD15}\RP9;Probably BACKDOOR.Trojan;;
A0010058.des;F:\System Volume Information\_restore{A748DA79-3B97-4D9A-8991-C548F54B3AA8}\RP16;Probably BACKDOOR.Trojan;;
A0011646.des;F:\System Volume Information\_restore{A748DA79-3B97-4D9A-8991-C548F54B3AA8}\RP23;Probably BACKDOOR.Trojan;;
A0011901.des;F:\System Volume Information\_restore{A748DA79-3B97-4D9A-8991-C548F54B3AA8}\RP26;Probably BACKDOOR.Trojan;;
A0012250.exe;F:\System Volume Information\_restore{A748DA79-3B97-4D9A-8991-C548F54B3AA8}\RP27;Dialer.Premium;Deleted.;
A0012256.exe;F:\System Volume Information\_restore{A748DA79-3B97-4D9A-8991-C548F54B3AA8}\RP27;Dialer.Premium;Deleted.;
A0012292.exe;F:\System Volume Information\_restore{A748DA79-3B97-4D9A-8991-C548F54B3AA8}\RP27;Dialer.Premium;Deleted.;
A0012332.des;F:\System Volume Information\_restore{A748DA79-3B97-4D9A-8991-C548F54B3AA8}\RP27;Probably BACKDOOR.Trojan;;
A0012341.des;F:\System Volume Information\_restore{A748DA79-3B97-4D9A-8991-C548F54B3AA8}\RP27;Probably BACKDOOR.Trojan;;
A0004290.des;F:\System Volume Information\_restore{DCEBFF8F-427F-445B-ABC3-A7D5DB87B09C}\RP12;Probably BACKDOOR.Trojan;;
A0004299.des;F:\System Volume Information\_restore{DCEBFF8F-427F-445B-ABC3-A7D5DB87B09C}\RP12;Probably BACKDOOR.Trojan;;
A0001115.des;F:\System Volume Information\_restore{DCEBFF8F-427F-445B-ABC3-A7D5DB87B09C}\RP4;Probably BACKDOOR.Trojan;;
A0001124.des;F:\System Volume Information\_restore{DCEBFF8F-427F-445B-ABC3-A7D5DB87B09C}\RP4;Probably BACKDOOR.Trojan;;
A0000008.inf;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP2;Win32.HLLW.Autoruner.1271;Deleted.;
A0000076.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP2;Modification of Win32.Besso - decompression error;Moved.;
A0000286.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP3;Modification of Win32.Besso - decompression error;Moved.;
A0000287.inf;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP3;Win32.HLLW.Autoruner.1271;Deleted.;
A0000309.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP4;Modification of Win32.Besso - decompression error;Moved.;
A0000310.inf;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP4;Win32.HLLW.Autoruner.1271;Deleted.;
A0000474.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP5;Modification of Win32.Besso - decompression error;Moved.;
A0000475.inf;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP5;Win32.HLLW.Autoruner.1271;Deleted.;
A0000505.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP6;Modification of Win32.Besso - decompression error;Moved.;
A0000506.inf;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP6;Win32.HLLW.Autoruner.1271;Deleted.;
A0000531.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP6;Modification of Win32.Besso - decompression error;Moved.;
A0000532.inf;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP6;Win32.HLLW.Autoruner.1271;Deleted.;
A0001569.inf;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Win32.HLLW.Autoruner.1271;Deleted.;
A0001570.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Modification of Win32.Besso - decompression error;Moved.;
A0001574.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Trojan.MulDrop.6474;Deleted.;
A0001575.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001576.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001577.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001578.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Trojan.Popuper;Deleted.;
A0001579.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001580.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001581.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001582.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001583.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001584.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001585.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
A0001586.exe;F:\System Volume Information\_restore{F3D7ED90-82DF-45F6-85FD-58214CB1E26B}\RP7;Dialer.Premium;Deleted.;
start-poseidon.exe;F:\tob\bot vend thor 1.6.8;Dialer.Premium;Deleted.;

Cole
New Member

Date Joined Feb 2008
Total Posts : 8

Posted 2-16-2008 4:50 (GMT +1)

Thank you i will observe my computer again.. i just post it next week cause im gonna be on vacation and i cant test my computer.. again Thank you.. for your time, effort and understanding my english.. sorry for my wrong grammar.. hehe take care Ü

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13619

Posted 2-16-2008 5:46 (GMT +1)

You´re welcome, and I´ll be here in next week as well smile

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Cole
New Member

Date Joined Feb 2008
Total Posts : 8

Posted 2-16-2008 6:21 (GMT +1)

Sir Touch.. uhm is it possible i have bad sector in my hard disk? cause used to boot up my computer fast.. now in windows logo bootup it takes some time now...

Cole
New Member

Date Joined Feb 2008
Total Posts : 8

Posted 2-16-2008 6:36 (GMT +1)

oh i forgot i used to run virtualdub while copying some files and downloading with no lag.. now after i patch its kinda slow.. what do you thing the problem is it in the virus or have a bad sector in hard disk?.. or do i need to uninstall SuperAntispyware?

Cole
New Member

Date Joined Feb 2008
Total Posts : 8

Posted 2-17-2008 8:41 (GMT +1)

Sir Touch i think i still have the virus g2p3s.exe and p3r1ud.exe, i just format my flash drive and copy some files from my computer when i inserted my flash drive in my girlfriend's pc it detected the virus. i think i infected her as well..i try to do the do not show system file thing.. i saw her drive c: have the same virus.. what do you think i should do? do i need to format it again? what is low level format? and btw i cannot change the setting of my folder the do not show the hidden files and folder.. but in my gf's computer i can change the settings.... Thanks again..

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13619

Posted 2-18-2008 4:46 (GMT +1)

I´ll suggest You run a scan on the flash drive -

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Your desktop will vanish for a while, and then reappear. This is normal.
Wait until the program has finished scanning, then please exit the program.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Cole
New Member

Date Joined Feb 2008
Total Posts : 8

Posted 2-18-2008 9:01 (GMT +1)

thanks i'll try that.. when i got home.. Ü what about my hard disk what to you think about my theory hehe.. about the badsector thing..

Forum Information

Currently it is Friday, November 21, 2008 2:58 PM (GMT +1)
There are a total of 63.988 posts in 15.829 threads.
In the last 3 days there were 34 new threads and 167 reply posts. View Active Threads