Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogues


  • Please log in to reply
12 replies to this topic

#1 ICBM

ICBM

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 22 November 2007 - 11:09 PM

I got infected by a lot of rogue programs. Please help me and advise me on what to do.

Here is a hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:38 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: bemocked - {b0883848-1466-4470-a418-3fe7d36694b9} - C:\WINDOWS\system32\rldyt.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 4148 bytes

BC AdBot (Login to Remove)

 


#2 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:47 PM

Posted 23 November 2007 - 07:00 AM

Hi, Wellcome to Bleeping Computer Forums!

You might want to save this page on your favorites, so you can find it again when you return.


Please take note of the following:
  • I will be handling your log and helping you, please do not make any system changes yet.
  • The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.

:thumbsup:
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:47 PM

Posted 23 November 2007 - 10:50 AM

Hello,

1. Download Roguescanfix.
  • Double-click roguescanfix_setup install automatically to C:\Program Files\Roguescanfix.
  • Accept the agreement and click Next.
  • Under additional icons, check "create a desktop icon", click Next, then Install.
  • You will be prompted to launch roguescanfix now. Click "Finish"
  • At the DOS window that opens "Press any key to continue..."
Note: This tool needs internet connection because it downloads an additional file to let the tool work properly. If your firewall gives an alert, allow it instead of blocking it.

In case you still get the message "BFU.exe is not present", download BFU.zip from here.
Unzip it and place BFU.exe inside the Roguescanfix folder. Then double-click Run.bat again.
  • The tool will uninstall some programs and delete related files and registry keys.
  • When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot.
  • Please make sure the uninstall of the programs are finished before you click Yes to reboot.
  • A textfile wil open. Place the contents of that file in your next reply, along with a new Hijackthis logfile. (The textfile can also be found at C:\Program Files\Roguescanfix\task.txt)
2. Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


3. In your next reply, please post:
  • A new HijackThis log.
  • The results from Roguescanfix (Step nș 1).
  • The results from SmitfraudFix (Step nș 2)
Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 23 November 2007 - 03:31 PM

Edit: Prior to taking the steps you provided, I ran the anti malware programs recommended (such as adaware, spybot S&D, macafee stinger, etc) a second time (the day before I ran these programs, yet seemingly to no avail), and the problem seems to be somewhat curtailed.

I followed the steps you provided, and ran both roguescanfix and smitfraudfix, both of which executed successfully. I pasted the scan logs of both along with a new hijackthis log below.


Thanks for your help.



Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"










SmitFraudFix v2.253

Scan done at 12:26:47.34, Fri 11/23/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jerry.JV-YGF9H2DG396G


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JERRY~2.JV-\FAVORI~1

C:\DOCUME~1\JERRY~2.JV-\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DF94A17-CDE2-4F11-BC17-B57A30F9B5BF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DF94A17-CDE2-4F11-BC17-B57A30F9B5BF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0DF94A17-CDE2-4F11-BC17-B57A30F9B5BF}: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:22 PM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 2830 bytes

Edited by ICBM, 23 November 2007 - 03:36 PM.


#5 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:47 PM

Posted 26 November 2007 - 01:00 PM

Hello,

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#6 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 26 November 2007 - 06:35 PM

Hi,

Here they are


SmitFraudFix v2.253

Scan done at 15:23:35.59, Mon 11/26/2007
Run from C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\application\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DF94A17-CDE2-4F11-BC17-B57A30F9B5BF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DF94A17-CDE2-4F11-BC17-B57A30F9B5BF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0DF94A17-CDE2-4F11-BC17-B57A30F9B5BF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:03 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\application\HiJackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 2758 bytes


Thanks :]

#7 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:47 PM

Posted 27 November 2007 - 11:09 AM

Hello,

1. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


2. Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be prompted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along whit a new HijackThis log. Also let me know how i your computer its running.

Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#8 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 November 2007 - 11:41 PM

Whoa, that scan took a long time, but here's the log :D



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 27, 2007 8:38:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/11/2007
Kaspersky Anti-Virus database records: 467179
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 107670
Number of viruses found: 66
Number of infected objects: 357
Number of suspicious objects: 0
Duration of the scan process: 04:24:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\history.dat Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\key3.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\6fsc6sgu.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jason\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Ghook.dll Infected: Trojan-PSW.Win32.OnLineGames.le skipped
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\application\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\application\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\application\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\application\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Microsoft Shared\MSInfo\NewInfo.bmp Infected: Trojan-PSW.Win32.Delf.qc skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2E760288.tmp Infected: Virus.Win32.Parite.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36076E41.tmp Infected: Virus.Win32.Parite.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\360B183E.tmp Infected: Virus.Win32.Parite.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\360E423A.tmp Infected: Virus.Win32.Parite.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36116C36.tmp Infected: Virus.Win32.Parite.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36141633.sys Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36141633.tmp Infected: Virus.Win32.Parite.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39800A70.DLL Infected: Trojan-PSW.Win32.OnLineGames.qh skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A063E87.tmp Infected: Virus.Win32.Parite.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A2911B5.dll Infected: Trojan-PSW.Win32.Nilage.afk skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A575D83.DAT Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A575D83.SYS Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\743E6088.tmp Infected: Virus.Win32.Parite.a skipped
C:\Program Files\Yahoo!\Antivirus\togjonpn.dll Infected: Trojan-PSW.Win32.Agent.jy skipped
C:\Program Files\Yahoo!\YOP\jdeomxnt.dll Infected: Trojan-PSW.Win32.Agent.jy skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070529012242.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070531041521.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070612144530.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070615013046.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070619052232.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070621045741.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070624042925.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070624150839.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070624181106.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070702143433.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070704135210.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070706010315.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070708160857.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070714214436.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070718011648.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070802002134.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070803010751.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070803052453.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070804153318.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070805051557.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070805184138.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070814211118.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20070826141813.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20071124014317.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq100.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\Cml.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbCoreSrv.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbGuard.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbHostIE.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbHostOE.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbHostOL.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbInstIE.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbOEAddOn.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbSrv.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbToolbar.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbWallpaper.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SbWeatherOnTray.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SpamBlockerUtility.exe/data0018/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SpamBlockerUtility.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SpamBlockerUtility.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SpamBlockerUtility.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\bin\4.8.4.0\SpamBlockerUtility.exe NSIS: infected - 4 skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\SBTV\SBTV.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\SBTV\SBTVHelper.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\SBTV\uninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp\SBTV\uninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq250.tmp Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012140.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012152.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012155.exe/data0018/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012155.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012155.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012155.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012155.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012159.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012161.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP47\A0012171.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP52\A0014384.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP52\A0014393.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP52\A0014413.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP52\A0014416.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP52\A0014417.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014467.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014475.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014480.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014485.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014495.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014509.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014514.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014521.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014523.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP53\A0014527.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP57\A0014549.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP57\A0014558.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP57\A0014560.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP57\A0014564.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP57\A0014615.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP58\A0014648.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP58\A0014649.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP58\A0014652.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP58\A0014654.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP58\A0014656.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP71\A0019429.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP71\A0019430.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP71\A0019431.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP72\A0019463.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021111.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021112.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021115.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021116.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021119.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021120.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021121.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021122.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021132.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021133.Sys Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021140.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021141.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021144.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021145.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021146.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021147.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021148.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021150.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021157.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021158.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021159.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021161.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021162.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021163.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021164.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021165.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021166.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021169.New Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021170.ime Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP89\A0021171.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021172.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021173.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021174.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021175.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021176.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021180.dll Infected: Trojan-Spy.Win32.Delf.pb skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021182.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021184.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021196.exe Infected: Trojan-Clicker.Win32.Small.hr skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021198.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021199.Sys Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021204.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021205.dll Infected: Trojan-PSW.Win32.WOW.qp skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021206.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021207.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021210.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021211.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021212.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021213.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021214.dll Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021216.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021217.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021219.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021222.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021223.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021224.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021225.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021226.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021227.New Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021228.ime Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021241.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021242.Sys Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021247.EXE Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021248.DLL Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021249.DLL Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021252.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021253.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021254.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021255.dll Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021256.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021257.dll Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021261.EXE Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021262.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021263.exe Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021265.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021266.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021267.dll Infected: Trojan-PSW.Win32.OnLineGames.rc skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021268.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021269.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021270.dll Infected: Trojan-PSW.Win32.OnLineGames.qw skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021271.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021272.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021273.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021274.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021275.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021276.New Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021277.ime Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\A0021278.exe Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\snapshot\MFEX-1.DAT Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\snapshot\MFEX-2.DAT Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\snapshot\MFEX-3.DAT Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP90\snapshot\MFEX-4.DAT Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021287.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021288.exe Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021289.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021290.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021296.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021297.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021298.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021299.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021311.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021314.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021759.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0021760.dll Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022289.EXE Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022290.DLL Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022291.DLL Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022292.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022295.dll Infected: Trojan-PSW.Win32.OnLineGames.qw skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022296.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022297.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022298.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022299.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022300.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022302.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022303.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022304.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022305.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022306.dll Infected: Trojan-PSW.Win32.OnLineGames.es skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022307.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022308.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022309.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022311.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022317.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022318.dll Infected: Trojan-PSW.Win32.OnLineGames.rc skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022319.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022320.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022321.dll Infected: Trojan-PSW.Win32.OnLineGames.qw skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022323.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022324.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022325.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022326.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022327.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022330.New Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022331.ime Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\A0022332.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\snapshot\MFEX-1.DAT Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\snapshot\MFEX-2.DAT Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\snapshot\MFEX-3.DAT Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\snapshot\MFEX-4.DAT Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP91\snapshot\MFEX-5.DAT Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0022353.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0022359.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0022360.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0022411.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0022417.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0022435.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0022436.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0023492.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0023509.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0023510.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0023511.Sys Infected: Trojan-Spy.Win32.Delf.pg skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0023968.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0023999.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024000.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024002.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024003.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024004.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024005.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024006.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024007.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024008.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024009.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024015.dll Infected: Trojan-PSW.Win32.OnLineGames.uf skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024016.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024017.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024018.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024019.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024020.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024021.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024022.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024023.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024024.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024025.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024026.exe Infected: Trojan.Win32.Agent.ahf skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024037.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024042.exe Infected: Virus.Win32.Parite.a skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024043.exe Infected: Trojan-PSW.Win32.OnLineGames.tl skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024044.exe Infected: Trojan-PSW.Win32.OnLineGames.fq skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024045.exe Infected: Worm.Win32.Viking.lm skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024974.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024975.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024976.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024977.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024978.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024979.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024981.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024982.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024983.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024984.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0024989.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025006.EXE Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025012.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025013.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025014.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025015.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025016.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025018.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025020.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025021.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025022.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025030.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025033.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025034.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025035.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025036.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025037.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025039.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025040.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025041.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025042.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025059.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP92\A0025062.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0025076.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0025077.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0025078.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0025080.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0025081.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0025082.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0025083.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0025084.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026076.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026079.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026080.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026081.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026082.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026083.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026084.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026092.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026093.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026094.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026095.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026097.dll Infected: Trojan-PSW.Win32.OnLineGames.qw skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026098.exe Infected: Trojan.Win32.Agent.ahf skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026115.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026125.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026126.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026127.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026128.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026130.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026133.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026134.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026135.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026137.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026153.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026156.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026157.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026158.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026159.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026160.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP93\A0026161.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026188.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026189.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026191.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026199.dll/data.rar/hxii.exe Infected: Trojan-Spy.Win32.Delf.pb skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026199.dll/data.rar/qj.exe Infected: Trojan-Spy.Win32.Iespy.au skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026199.dll/data.rar/wow.exe Infected: Trojan-Spy.Win32.Iespy.au skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026199.dll/data.rar/zt.exe Infected: Trojan-PSW.Win32.OnLineGames.qh skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026199.dll/data.rar/mhxy.exe Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026199.dll/data.rar/rxjh.exe Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026199.dll/data.rar Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026199.dll RarSFX: infected - 7 skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026205.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026206.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026207.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026211.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026213.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026214.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026215.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP94\A0026216.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026228.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026229.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026231.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026237.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026240.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026241.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026242.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026243.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP95\A0026244.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0026281.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0026282.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0026284.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0027237.sys Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0027238.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0027239.exe Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0027244.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0027245.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0027246.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0027247.dll Object is locked skipped
C:\System Volume Information\_restore{07970299-C328-491C-ACD5-9CE147125C4A}\RP96\A0027248.dll Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP103\A0027479.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP103\A0027480.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP103\A0027500.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP103\A0027501.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP104\A0027522.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP104\A0027523.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027533.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027534.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027535.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027536.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027708.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027709.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027715.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027716.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0027721.dll Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0028719.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0028720.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0028721.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0028722.exe Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0028723.exe Infected: Trojan-Downloader.Win32.Zlob.emk skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP105\A0028729.dll Infected: Trojan-Downloader.Win32.Zlob.emk skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028907.exe Infected: Trojan-PSW.Win32.OnLineGames.uc skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028909.exe Infected: Trojan-PSW.Win32.Agent.lg skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028910.dll Infected: Trojan-PSW.Win32.OnLineGames.uc skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028911.dll Infected: Packed.Win32.NSAnti.r skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028912.exe Infected: Trojan-PSW.Win32.OnLineGames.fq skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028914.exe Infected: Trojan-PSW.Win32.OnLineGames.qw skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028920.exe Infected: Trojan-PSW.Win32.OnLineGames.qh skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028921.exe Infected: Trojan-PSW.Win32.OnLineGames.rw skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028932.exe Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028933.exe Infected: Trojan-Spy.Win32.Delf.pb skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028936.exe Infected: Trojan-PSW.Win32.OnLineGames.nn skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028937.exe Infected: Trojan-PSW.Win32.OnLineGames.pl skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028938.exe Infected: Trojan-PSW.Win32.OnLineGames.tz skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028942.exe Infected: Trojan-PSW.Win32.OnLineGames.vl skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028944.exe Infected: Trojan.Win32.Agent.ana skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028945.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028946.exe Infected: Trojan-Dropper.Win32.Agent.bdw skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028948.exe Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028950.exe Infected: Trojan.Win32.Agent.ana skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028951.exe Infected: Trojan-PSW.Win32.OnLineGames.vl skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028953.exe Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028954.exe Infected: Trojan-PSW.Win32.WOW.qp skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028966.exe Infected: Trojan.Win32.Agent.ana skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028967.vbs Infected: Trojan.VBS.Runner.w skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028968.dll Infected: Trojan-PSW.Win32.OnLineGames.ov skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028971.exe Infected: Trojan-Dropper.Win32.Agent.awb skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028976.exe Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\A0028977.exe Infected: Trojan.Win32.Agent.ana skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\change.log Object is locked skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP53\A0019539.DLL Infected: Backdoor.Win32.Agent.bht skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP53\A0019544.exe Infected: Backdoor.Win32.Agent.bno skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP53\A0019553.DLL Infected: Backdoor.Win32.Agent.bht skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP53\A0019555.exe Infected: Backdoor.Win32.Agent.bno skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP53\A0019561.DLL Infected: Backdoor.Win32.Agent.bht skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP53\A0019563.exe Infected: Backdoor.Win32.Agent.bno skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP54\A0019572.DLL Infected: Backdoor.Win32.Agent.bht skipped
C:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP54\A0019574.exe Infected: Backdoor.Win32.Agent.bno skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP22\A0001873.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP22\A0001881.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005540.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005561.exe Infected: Backdoor.Win32.VB.kb skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005565.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005566.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005567.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005574.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005577.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005578.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005579.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005583.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005584.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005585.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005589.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005592.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005597.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005598.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005599.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005600.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005601.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005602.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005603.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005605.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005606.exe Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005607.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005608.exe Infected: Trojan.Win32.Agent.ana skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005609.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005610.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005612.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005613.exe Infected: Trojan-Dropper.Win32.Agent.awb skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005614.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005615.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005616.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005617.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005624.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005625.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005626.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005628.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005633.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005634.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005637.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005638.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005639.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005641.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005644.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005647.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005649.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005649.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005649.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005649.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005650.exe Infected: Trojan-Downloader.Win32.Small.gqw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005653.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005654.exe Infected: Trojan.Win32.Agent.tl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005660.exe Infected: not-a-virus:AdWare.Win32.Agent.bs skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005661.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005662.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005664.exe Infected: not-a-virus:AdWare.Win32.Dm.y skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005665.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005666.ocx Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005667.dll Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005668.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0005669.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006635.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006636.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006637.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006642.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006643.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006644.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006646.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006647.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006648.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006650.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006652.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006652.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006652.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006652.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006653.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006654.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006656.exe Infected: Trojan-Downloader.Win32.Small.gqw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006658.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006659.exe Infected: not-a-virus:AdWare.Win32.Agent.bs skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006660.dll Infected: not-a-virus:AdWare.Win32.WSearch.r skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006662.exe Infected: not-a-virus:AdWare.Win32.Dm.y skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006663.com Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006665.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006666.ocx Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006667.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006668.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006669.dll Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006670.exe Infected: Trojan-PSW.Win32.WOW.qp skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006671.dll Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006672.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006673.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006674.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006675.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006676.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006677.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006678.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006679.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006680.exe Infected: Trojan-Dropper.Win32.Agent.awb skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006681.exe Infected: Trojan.Win32.Agent.tl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006682.exe Infected: Trojan.Win32.Agent.tl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006683.exe Infected: Trojan.Win32.Agent.tl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006684.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006685.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006686.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006695.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006697.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006702.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006706.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006707.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006708.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006709.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006710.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006711.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006713.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006715.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006719.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006720.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006723.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006724.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006725.exe/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006725.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP24\A0006726.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006728.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006732.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006735.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006735.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006735.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006735.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006736.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006737.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006739.exe Infected: Trojan-Downloader.Win32.Small.gqw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006740.exe Infected: not-a-virus:AdWare.Win32.Agent.bs skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006741.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006742.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006743.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006744.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006745.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006751.dll Infected: not-a-virus:AdWare.Win32.WSearch.r skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006752.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006753.exe Infected: not-a-virus:AdWare.Win32.Dm.y skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006757.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006758.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006760.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006761.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006762.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006763.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006768.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006769.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006770.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006774.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006775.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006777.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006778.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006779.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006781.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006782.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006783.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006785.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006785.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006785.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006785.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006787.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006788.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006790.exe Infected: not-a-virus:AdWare.Win32.Dm.y skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006791.sys Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006792.exe Infected: Trojan-Downloader.Win32.Small.gqw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006794.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006795.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0006797.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007769.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007770.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007771.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007772.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007773.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007774.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007776.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007780.sys Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007781.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007785.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007786.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007787.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007788.exe Infected: Trojan-Downloader.Win32.Adload.bz skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007789.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007791.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007792.exe/data0018/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007792.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007792.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007792.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007792.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007793.exe Infected: Trojan-Downloader.Win32.Delf.bgp skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007794.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007795.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007801.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007801.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007801.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007801.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007802.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007803.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007805.exe Infected: Trojan-Downloader.Win32.Small.gqw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007809.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007810.ocx Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007812.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007813.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007814.exe Infected: Trojan-PSW.Win32.OnLineGames.sg skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007815.exe Infected: Trojan-Downloader.Win32.INService.fz skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007817.exe Infected: not-a-virus:AdWare.Win32.Dm.y skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007818.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0007820.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0008769.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0008770.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0008775.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0008776.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0008777.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0008778.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0008779.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0008782.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0009768.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0009769.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0009770.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0009771.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0009775.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0009776.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0010768.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0010769.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0010770.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0010774.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0010775.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0010776.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0011768.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0011769.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0011770.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0011771.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0011775.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0011776.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0012768.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0012769.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0012770.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0012774.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0012775.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0012776.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013768.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013769.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013770.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013774.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013775.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013776.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013779.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013780.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0013781.exe Infected: Trojan-Downloader.Win32.Delf.bgp skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014768.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014770.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014771.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014775.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014776.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014777.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014778.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014779.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014781.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014781.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014781.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014781.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014782.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0014784.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015769.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015770.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015771.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015775.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015776.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015777.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015779.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015780.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015781.exe Infected: Trojan-Downloader.Win32.Delf.bgp skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015785.sys Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015789.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015790.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015792.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015792.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015792.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015792.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015793.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015794.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015795.exe Infected: Trojan-Downloader.Win32.Small.gqw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015796.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015798.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0015799.exe Infected: Trojan-PSW.Win32.OnLineGames.vl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016771.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016773.sys Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016774.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016775.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016779.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016780.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016781.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016782.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016783.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016784.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016786.exe Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016787.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016788.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016789.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016790.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016796.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016796.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016796.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016796.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016798.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ah skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016799.dll Infected: not-a-virus:AdWare.Win32.Agent.dd skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016802.exe Infected: not-a-virus:AdWare.Win32.Dm.y skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016803.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016804.exe Infected: Trojan-Downloader.Win32.Small.gqw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016805.exe Infected: Trojan-PSW.Win32.OnLineGames.sg skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016807.exe Infected: Trojan-PSW.Win32.Delf.qx skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016808.exe Infected: Packed.Win32.NSAnti.r skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016809.exe Infected: Packed.Win32.NSAnti.r skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016810.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016811.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016812.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016813.ocx Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016814.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016815.exe Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016816.dll Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016817.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016818.dll Infected: Trojan.Win32.Agent.abf skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016819.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016820.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016821.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016822.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016823.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016824.exe Infected: Trojan-Dropper.Win32.Agent.awb skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016825.exe Infected: Trojan.Win32.Agent.tl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016826.exe Infected: Trojan.Win32.Agent.tl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016827.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016829.exe Infected: Trojan-Downloader.Win32.INService.fz skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016831.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016832.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016833.exe Infected: Trojan-PSW.Win32.OnLineGames.vl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016834.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016835.exe Infected: Trojan-PSW.Win32.OnLineGames.vl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016836.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016842.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016845.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016846.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016847.exe Infected: Trojan-Downloader.Win32.Small.czl skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016848.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016849.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016850.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0016851.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0017766.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0017767.ocx Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0017770.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0017771.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0017772.DLL Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0017773.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0017777.DLL Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP25\A0017779.dll Infected: Backdoor.Win32.Agent.ahj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP4\A0000381.exe Infected: not-a-virus:RiskTool.Win32.Reboot.e skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000596.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000597.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000598.sys Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000599.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000600.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000601.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000602.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000606.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000607.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000608.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000609.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000610.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000611.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000612.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000613.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000614.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000615.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000616.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000617.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000618.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000619.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000620.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000621.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000622.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000623.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000629.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000630.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000701.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000704.EXE Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000705.New Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000706.sys Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000741.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000742.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000743.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000744.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000787.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000789.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000792.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000793.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000794.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000795.exe Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000796.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000797.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000798.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000799.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000800.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0000801.dll Object is locked skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001121.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001124.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001125.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001126.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001127.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001129.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001131.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001135.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{49A5201B-71D0-48D9-9219-FF8051ECABDE}\RP6\A0001136.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\175FF110.DLL Infected: Backdoor.Win32.Agent.bht skipped
C:\WINDOWS\system32\175FF110.exe Infected: Backdoor.Win32.Agent.bno skipped
C:\WINDOWS\system32\C78392F4.DLL Infected: Trojan-Downloader.Win32.Small.ejw skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\change.log Object is locked skipped
E:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\change.log Object is locked skipped
F:\System Volume Information\_restore{47B6FFE2-1617-41BB-A99E-9AE753B14CC5}\RP108\change.log Object is locked skipped
F:\movie\setup.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.elv skipped
F:\movie\setup.exe NSIS: infected - 1 skipped

Scan process completed.





Here is a new Hijackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:24 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\application\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 3328 bytes



The computer has been running smoothly for a few days now, no signs of any more adware or rogues. I can see no visible signs of infestion or slowing down of performance speed, and all in all it seems to be functioning quite similar to how it used to be. Thanks.

#9 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:47 PM

Posted 28 November 2007 - 06:30 AM

Hi,

Download ComboFix from Here or Here to your Desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\Common Files\Microsoft Shared\MSInfo\NewInfo.bmp
C:\Program Files\Yahoo!\Antivirus\togjonpn.dll
C:\Program Files\Yahoo!\YOP\jdeomxnt.dll
C:\WINDOWS\system32\175FF110.DLL
C:\WINDOWS\system32\175FF110.exe
C:\WINDOWS\system32\C78392F4.DLL
F:\movie\setup.exe

  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post that log, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#10 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 29 November 2007 - 08:32 PM

ComboFix 07-11-19.4C - Jason 2007-11-29 16:36:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.648 [GMT -8:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Common Files\Microsoft Shared\MSInfo\NewInfo.bmp
C:\Program Files\Yahoo!\Antivirus\togjonpn.dll
C:\Program Files\Yahoo!\YOP\jdeomxnt.dll
C:\WINDOWS\system32\175FF110.DLL
C:\WINDOWS\system32\175FF110.exe
C:\WINDOWS\system32\C78392F4.DLL
F:\movie\setup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Aiyi\Application Data\SpamBlocker
C:\Documents and Settings\Aiyi\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Aiyi\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Aiyi\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Aiyi\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Aiyi\Desktop\Free PC Wallpapers.lnk
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\macromedia\Flash Player\#SharedObjects\SGWRHLDD\www.inter-focus.cn
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\macromedia\Flash Player\#SharedObjects\SGWRHLDD\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\Documents and Settings\Jerry\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Jerry\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Jerry\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Jerry\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.txt
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.cdf
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.txt
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.res
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Tracy\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Tracy\Desktop\Free PC Wallpapers.lnk
C:\Program Files\(t)~1
C:\Program Files\(t)~1\tbu06774\basis.xml
C:\Program Files\(t)~1\tbu06774\favicon.ico
C:\Program Files\(t)~1\tbu06774\icons.bmp
C:\Program Files\(t)~1\tbu06774\UUPlayer.crc
C:\Program Files\(t)~1\tbu06774\version.txt
C:\Program Files\Common Files\microsoft shared\msinfo\NewInfo.bmp
C:\Program Files\Yahoo!\Antivirus\togjonpn.dll
C:\Program Files\Yahoo!\YOP\jdeomxnt.dll
C:\Redemption.ECF
C:\WINDOWS\system32\175FF110.DLL
C:\WINDOWS\system32\175FF110.exe
C:\WINDOWS\system32\C78392F4.DLL
F:\movie\setup.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-27 14:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-27 14:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-11-27 13:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-11-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 21:04 <DIR> d-------- C:\Program Files\NJStar Communicator
2007-11-24 21:04 <DIR> d-------- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\NJStar
2007-11-23 12:27 1,754 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-23 12:26 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-23 12:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-23 12:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-23 12:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-23 12:26 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-23 12:17 <DIR> d-------- C:\Program Files\Roguescanfix
2007-11-22 18:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-22 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-11-22 18:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-22 18:16 <DIR> d-------- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\.housecall6.6
2007-11-22 18:16 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-21 18:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-11-06 13:35 <DIR> d-------- C:\Program Files\Veoh Networks
2007-10-26 16:39 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\DivX
2007-10-26 14:32 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\.purple
2007-10-26 14:31 <DIR> d-------- C:\Program Files\Pidgin
2007-10-26 14:31 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-10-21 07:01 <DIR> d-------- C:\WINDOWS\Sun
2007-10-19 21:15 <DIR> d-------- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Apple Computer
2007-10-19 21:14 <DIR> d-------- C:\Program Files\iTunes
2007-10-19 21:14 <DIR> d-------- C:\Program Files\iPod
2007-10-19 21:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-10-19 21:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-19 21:09 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-10-19 21:09 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-19 21:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-15 11:09 <DIR> d-------- C:\Documents and Settings\Jason\temp
2007-10-15 11:08 <DIR> d--h----- C:\Documents and Settings\Jason\QMCache00
2007-10-15 11:08 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Move Networks
2007-10-13 20:52 <DIR> d-------- C:\Program Files\Sun
2007-10-13 20:51 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-10-11 18:27 <DIR> d-------- C:\Program Files\Eclipse
2007-10-09 13:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 21:50 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-26 05:44 --------- d-----w C:\Program Files\NJStar Chinese WP
2007-11-21 03:15 --------- d-----w C:\Documents and Settings\Jason\Application Data\.purple
2007-11-06 21:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-20 05:13 --------- d-----w C:\Program Files\QuickTime
2007-10-14 04:51 --------- d-----w C:\Program Files\Java
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-06 05:21 30,352 ----a-w C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\GDIPFONTCACHEV1.DAT
2007-07-09 01:23 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2007-03-06 15:37 53,512 ----a-w C:\Documents and Settings\Jerry\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 13:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 04:39 C:\WINDOWS\SOUNDMAN.EXE]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-05-28 17:12]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-05-28 17:12]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 06:39]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-10-22 20:15:09]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2004-05-28 20:18:19]

S4 14AF7EF4;14AF7EF4;C:\WINDOWS\system32\89ECF254.EXE -d
S4 AFAD4E08;AFAD4E08;C:\WINDOWS\system32\D40925C8.EXE -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-20 05:10:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 16:56:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 16:59:52 - machine was rebooted
.
--- E O F ---









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:22 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\application\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 3419 bytes



:]

#11 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:47 PM

Posted 30 November 2007 - 06:08 AM

Hello,

1. Please click this link--> http://www.virustotal.com/flash/index_en.html

When the virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\89ECF254.EXE

and also this file:

C:\WINDOWS\system32\D40925C8.EXE

Please post back the results of the scan in your next post.


2. Please go to the following url: http://www.bleepingcomputer.com/submit-malware.php?channel=1
  • "Link to topic where this file was requested:" - please insert the link to this topic in the text box
  • "Browse to the file you want to submit:" - please click on browse and navigate to " C:\WINDOWS\system32\D40925C8.EXE "
  • "Leave any comments, further information about this file, or contact information:" - please mention in the text box that Lusitano requested you to submit the file & insert the results from virustotal obtained in step #1
  • Click Submit
  • Repeat for this file:
    C:\WINDOWS\system32\89ECF254.EXE
Thanks. This will give us a chance to look at the file.


3.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:

Driver::
14AF7EF4
AFAD4E08

  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#12 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 03 December 2007 - 01:43 AM

For some reason I seemed not to be able to locate the two files you mentioned. I searched through my System32 folder but they werent there.


But I did do the scans like you said, and here are the logs from the Scanner and Highjack this


ComboFix 07-11-19.4C - Jason 2007-12-02 22:23:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.481 [GMT -8:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-02 22:24 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\gtk-2.0
2007-12-01 15:42 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-01 15:42 <DIR> d-------- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Intuit
2007-12-01 15:41 <DIR> d-------- C:\Program Files\TurboTax
2007-12-01 15:41 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-12-01 15:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit
2007-11-29 20:23 <DIR> d-------- C:\Documents and Settings\JERRY~2~JV-\LOCALS~1
2007-11-27 14:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-27 14:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-11-27 13:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-11-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 21:04 <DIR> d-------- C:\Program Files\NJStar Communicator
2007-11-24 21:04 <DIR> d-------- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\NJStar
2007-11-23 12:26 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-23 12:17 <DIR> d-------- C:\Program Files\Roguescanfix
2007-11-22 18:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-22 18:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-11-22 18:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-22 18:16 <DIR> d-------- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\.housecall6.6
2007-11-22 18:16 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-21 18:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-11-06 13:35 <DIR> d-------- C:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 06:33 --------- d-----w C:\Documents and Settings\Jason\Application Data\.purple
2007-12-03 06:02 --------- d-----w C:\Program Files\Eclipse
2007-12-03 04:21 --------- d-----w C:\Program Files\NJStar Chinese WP
2007-12-01 23:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 04:43 --------- d-----w C:\Program Files\QuickTime
2007-11-27 21:50 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-21 23:22 --------- d-----w C:\Documents and Settings\Jason\Application Data\DivX
2007-10-26 22:32 --------- d-----w C:\Program Files\Pidgin
2007-10-26 22:31 --------- d-----w C:\Program Files\Common Files\GTK
2007-10-20 05:15 --------- d-----w C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Apple Computer
2007-10-20 05:14 --------- d-----w C:\Program Files\iTunes
2007-10-20 05:14 --------- d-----w C:\Program Files\iPod
2007-10-20 05:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-10-20 05:10 --------- d-----w C:\Program Files\Apple Software Update
2007-10-20 05:09 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-20 05:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-15 19:08 --------- d-----w C:\Documents and Settings\Jason\Application Data\Move Networks
2007-10-14 04:52 --------- d-----w C:\Program Files\Sun
2007-10-14 04:51 --------- d-----w C:\Program Files\Java
2007-09-06 07:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-08-06 05:21 30,352 ----a-w C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\GDIPFONTCACHEV1.DAT
2007-07-09 01:23 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2007-03-06 15:37 53,512 ----a-w C:\Documents and Settings\Jerry\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-11-29_16.58.04.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 18:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-10-31 22:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
+ 2005-09-08 01:27:44 1,716,297 ------w C:\WINDOWS\system32\InetClnt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 13:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 04:39 C:\WINDOWS\SOUNDMAN.EXE]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-05-28 17:12]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-05-28 17:12]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 06:39]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-10-22 20:15:09]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2004-05-28 20:18:19]


.
Contents of the 'Scheduled Tasks' folder
"2007-10-20 05:10:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 22:36:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 22:39:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-29 16:59
.
--- E O F ---













#13 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:47 PM

Posted 04 December 2007 - 06:56 AM

Hello,

1. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


2. Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be prompted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along whit a new HijackThis log. Also let me know how i your computer its running.

Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users