Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots Of Popups


  • Please log in to reply
20 replies to this topic

#1 jyoshu

jyoshu

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 12 January 2008 - 10:59 AM

hi
i have suddenly started getting popups on my computer and my system has become slow too.
i don't know with what the system is infected...i have tried doing all the steps mentioned but none work.
i cleaned the temporary files and temp files.
i downloaded adaware and spybot but both failed to run on the system.
i scanned the system with mcafee and it did not detect any virus.
i scanned with housecall antivirus thrice but every time the window disappears all by itself.
i ran the mcafee stinger but it said it was an outdated version and didnot detect anything.
my computer doesnot shut down or logoff
everytime i pulloff the plug and start it i have a msg saying some files required for system stability have been replaced by unrecognised versions and that it needs xp cd 2...which i donot have.
i am at wits end beause my exam is soon and i have all the material in the system and my only way of communication with my family abroad is through the net :thumbsup:

somebody please help me what to do....the ads i get are powered by websell or something...thats what i keep getting on the popups
this is the logfile......any help please...





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:16 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Web Buying\v1.8.6\webbuying.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray .exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\F?nts\r?ndll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask .exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\PROGRA~1\mcafee.com\agent\mcagent .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\WINDOWS\avp .exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr .exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld .exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Web Buying\v1.8.6\webbuying .exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\vasantha\Desktop\spybotsd15.exe
C:\DOCUME~1\vasantha\LOCALS~1\Temp\is-2H4K2.tmp\is-Q1LH8.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnnm.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~4.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\vasantha\APPLIC~1\YMBOLS~1\userinit.exe" -vt yazb
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Hchy] "C:\Program Files\F?nts\r?ndll32.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\zysojazav.html

--
End of file - 11010 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 12 January 2008 - 05:03 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jyoshu
My name is Richie and i'll be helping you to fix your problems.

If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix by sUBs and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Download RenV.exe to your desktop,double click to run it:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
When its finished it will produce a Log.
Please post the contents of that Log into your next reply.

Now go to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 jyoshu

jyoshu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 12 January 2008 - 06:34 PM

Thankyou so much for your time Richie.
the hijackthis is on the desktop and i dont know if i renamed the right file as abc.bat .i am posting the log files here
thanks again





ComboFix 08-01-09.2 - vasantha 2008-01-12 16:47:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.458 [GMT -6:00]
Running from: C:\Documents and Settings\vasantha\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\vasantha\APPLIC~1\YMBOLS~1\userinit.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\vasantha\Application Data\YMBOLS~1
C:\Documents and Settings\vasantha\Application Data\YMBOLS~1\?ymbols\
C:\Documents and Settings\vasantha\Application Data\YMBOLS~1\userinit .exe
C:\Documents and Settings\vasantha\Application Data\YMBOLS~1\userinit.exe
C:\Documents and Settings\vasantha\Start Menu\Programs\Outerinfo
C:\Documents and Settings\vasantha\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\vasantha\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\fnts~1
C:\Program Files\fnts~1\r?ndll32.exe
C:\Program Files\folder.js\
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ini.ini\
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\MSN\ryxybuf4444.dll
C:\Program Files\MSN\ryxybuf83122.dll
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Online Services\vikitegow605.dll
C:\Program Files\Online Services\vikitegow732.dll
C:\Program Files\Online Services\vikitegow786.dll
C:\Program Files\Online Services\zysojazav.html
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.6\wbuninst.exe
C:\Program Files\Web Buying\v1.8.6\webbuying .exe
C:\Program Files\web buying\v1.8.6\webbuying.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\83122.exe
C:\WINDOWS\avp .exe
C:\WINDOWS\avp .exe
C:\WINDOWS\avp.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\audslsd.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\khfedef.dll
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.exe
C:\WINDOWS\system32\qommjhe.dll
C:\WINDOWS\system32\RCX67.tmp
C:\WINDOWS\system32\RCX68.tmp
C:\WINDOWS\system32\rqomlif.dll
C:\WINDOWS\system32\wnsapisu32.exe
C:\WINDOWS\system32\zxtynkob.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

<pre>
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe ---> issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe ---> QooBox
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe ---> DVDLauncher.exe
C:\Program Files\DellSupport\DSAgnt .exe ---> DSAgnt.exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe ---> Dot1XCfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> GoogleToolbarNotifier.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe ---> IntelMEM.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe ---> jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr .exe ---> lxbvbmgr.exe
C:\Program Files\McAfee.com\Agent\mcagent .exe ---> QooBox
C:\Program Files\McAfee.com\Agent\McUpdate .exe ---> QooBox
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE ---> QooBox
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE ---> QooBox
C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE ---> QooBox
C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE ---> QooBox
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe ---> QooBox
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe ---> QooBox
C:\Program Files\McAfee.com\VSO\mcvsshld .exe ---> QooBox
C:\Program Files\MSN Messenger\msnmsgr .exe ---> QooBox
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe ---> mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe ---> mm_tray.exe
C:\Program Files\QuickTime\qttask		.exe ---> qttask.exe
C:\Program Files\QuickTime\qttask	   .exe ---> qttask.exe
C:\Program Files\QuickTime\qttask	  .exe ---> qttask.exe
C:\Program Files\QuickTime\qttask	 .exe ---> qttask.exe
C:\Program Files\QuickTime\qttask	.exe ---> qttask.exe
C:\Program Files\QuickTime\qttask   .exe ---> qttask.exe
C:\Program Files\QuickTime\qttask  .exe ---> qttask.exe
C:\Program Files\QuickTime\qttask .exe ---> qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay .exe ---> RealPlay.exe
C:\Program Files\Web Buying\v1.8.6\webbuying .exe ---> QooBox
C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe ---> YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE ---> QooBox
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE ---> YAHOOM~1.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe ---> SearchProtection.exe
C:\WINDOWS\ehome\ehtray .exe ---> ehtray.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\igfxpers .exe ---> igfxpers.exe
C:\WINDOWS\system32\igfxtray .exe ---> igfxtray.exe
C:\WINDOWS\system32\dla\tfswctrl .exe ---> tfswctrl.exe
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 17:07 . 2008-01-12 17:07 <DIR> d-------- C:\Temp\tn3
2008-01-12 16:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 13:36 . 2008-01-12 13:36 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-12 12:41 . 2008-01-12 12:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-12 12:41 . 2008-01-12 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 12:38 . 2008-01-12 12:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 09:44 . 2008-01-12 09:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 17:12 . 2008-01-11 16:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-11 16:29 . 2008-01-12 11:50 <DIR> d-------- C:\Documents and Settings\vasantha\.housecall6.6
2008-01-11 14:31 . 2008-01-12 13:52 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-11 13:24 . 2008-01-12 13:52 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-11 13:24 . 2008-01-11 22:46 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-11 12:02 . 2008-01-11 12:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-01-11 11:39 . 2008-01-12 17:07 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-11 11:36 . 2008-01-12 11:05 <DIR> d-------- C:\WINDOWS\system32\vt8
2008-01-11 11:36 . 2008-01-11 15:43 <DIR> d-------- C:\WINDOWS\system32\mp2
2008-01-11 11:36 . 2008-01-11 11:45 <DIR> d-------- C:\WINDOWS\system32\ez4
2008-01-11 11:36 . 2008-01-12 11:05 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-01-11 11:36 . 2008-01-11 11:36 <DIR> d-------- C:\WINDOWS\system32\che9
2008-01-11 11:36 . 2008-01-11 15:49 <DIR> d--hs---- C:\WINDOWS\cG9vamE
2008-01-11 11:36 . 2008-01-11 11:36 <DIR> d-------- C:\Temp\Ryuan1
2008-01-11 11:36 . 2008-01-12 17:07 <DIR> d-------- C:\Temp
2008-01-11 11:36 . 2008-01-11 11:36 86,016 --a------ C:\WINDOWS\system32\drivers\ini910uu.sys
2008-01-11 11:36 . 2008-01-12 11:07 39,936 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-11 11:36 . 2008-01-12 17:07 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\WINDOWS\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\Program Files\Common Files\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-12-17 22:25 . 2007-12-17 22:25 <DIR> d-------- C:\Program Files\MSECache
2007-12-17 20:42 . 2007-12-17 20:42 <DIR> d-------- C:\Documents and Settings\vasantha\Application Data\My Sam's Club Digital Photo Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 23:07 --------- d-----w C:\Program Files\QuickTime
2008-01-12 23:07 --------- d-----w C:\Program Files\Lexmark 2200 Series
2008-01-12 23:07 --------- d-----w C:\Program Files\DellSupport
2008-01-12 23:00 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 19:59 59 ----a-w C:\Program Files\ini.ini
2008-01-11 17:19 --------- d-----w C:\Documents and Settings\suresh\Application Data\Skype
2008-01-08 14:40 --------- d-----w C:\Documents and Settings\vasantha\Application Data\McAfee.com Personal Firewall
2007-12-24 06:10 --------- d-----w C:\Documents and Settings\vasantha\Application Data\Skype
2007-12-21 15:25 --------- d-----w C:\Documents and Settings\suresh\Application Data\AdobeUM
2007-12-09 18:58 --------- d-----w C:\Documents and Settings\pooja\Application Data\EuroTalk
2007-12-09 18:30 --------- d-----w C:\Documents and Settings\vasantha\Application Data\Music Coach
2007-12-02 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-19 20:37 --------- d--h--r C:\Documents and Settings\suresh\Application Data\yahoo!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2007-06-14 09:22 2,231 ----a-w C:\Program Files\folder.js
2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2006-07-14 21:21 0 ----a-w C:\Documents and Settings\pooja\Application Data\wklnhst.dat
2006-06-08 07:02 2,048 ----a-w C:\Program Files\func.exe
2005-07-29 22:24 472 --sha-r C:\WINDOWS\cG9vamE\w36SuAH.vbs
2007-04-23 01:17 56 --sh--r C:\WINDOWS\system32\670B277E4F.sys
2007-04-23 01:17 1,786 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w			77,824 2008-01-12 04:46:36  C:\WINDOWS\system32\hkcmd .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 13:52 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-12 13:52 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"Uaol"="C:\DOCUME~1\vasantha\APPLIC~1\YMBOLS~1\userinit.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-12 13:52 61440]
"Hchy"="C:\Program Files\F?nts\r?ndll32.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-12 13:52 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-12 13:52 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2008-01-12 13:52 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\STSYSTRA.EXE]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-12 13:52 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2008-01-12 13:52 53248]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2008-01-12 13:52 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2008-01-12 13:52 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-12 13:52 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-01-12 13:52 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-01-12 13:52 81920]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2008-01-12 13:52 57344]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-12 13:52 224248]
"avp"="C:\WINDOWS\avp .exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-09-20 17:18:58]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 10:59:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R1 ini910uu;ini910uu;C:\WINDOWS\system32\drivers\ini910uu.sys [2008-01-11 11:36]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2005-11-09 22:28]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 14:12]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 18:36:41 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (POOJA-RISHI-pooja).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-12 23:10:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DCLTMJ81-Administrator).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-01-12 23:09:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-pooja).job"
- C:\PROGRA~1\mcafee.com\agent\MCUPDA~4 .EX
- C:\PROGRA~1\mcafee.com\agent
"2008-01-12 23:02:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-Shrieeya).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-12 23:08:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-suresh).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent.sureshPMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
"2008-01-12 23:10:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-vasantha).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate .ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 17:08:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 17:11:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 23:11:07
.
2008-01-09 22:17:40 --- E O F ---






Ran on Sat 01/12/2008 - 17:18:10.46

----a-w			77,824 2008-01-12 04:46:36  C:\WINDOWS\system32\hkcmd .exe

 Entries:				1  (1)
 Directories:			0  Files:			 1
 Bytes:			 77,824  Blocks:		  152






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:33 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\vasantha\APPLIC~1\YMBOLS~1\userinit.exe" -vt yazb
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Hchy] "C:\Program Files\F?nts\r?ndll32.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

--
End of file - 9939 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 12 January 2008 - 07:17 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
Folder::
C:\WINDOWS\system32\vt8
C:\WINDOWS\system32\mp2
C:\WINDOWS\system32\ez4
C:\WINDOWS\system32\edcA01
C:\WINDOWS\system32\che9
C:\WINDOWS\cG9vamE
C:\Temp\Ryuan1
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uaol"=-
"Hchy"=-

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


I now need you to do the following if you will:
First enable the viewing of hidden files and folders,reverse the process once you've done below:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\drivers\ini910uu.sys
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\drivers\ini910uu.sys
Then click on 'Send File'.
Post the results into your next reply.


Download RenV.exe to your desktop,double click to run it:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
When its finished it will produce a Log.
Please post the contents of that Log into your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image

#5 jyoshu

jyoshu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 13 January 2008 - 12:43 AM

here they are....


ComboFix 08-01-09.2 - vasantha 2008-01-12 21:51:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.563 [GMT -6:00]
Running from: C:\Documents and Settings\vasantha\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\vasantha\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\folder.js\
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ini.ini\
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Temp\Ryuan1
C:\Temp\Ryuan1\tepU.log
C:\temp\tn3
C:\WINDOWS\cG9vamE
C:\WINDOWS\cG9vamE\w36SuAH.vbs
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\che9
C:\WINDOWS\system32\che9\farstadcom2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\edcA01
C:\WINDOWS\system32\ez4
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mp2
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.exe
C:\WINDOWS\system32\vt8
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 23:14 . 2008-01-12 23:14 <DIR> d-------- C:\Temp\tn3
2008-01-12 16:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 13:36 . 2008-01-12 13:36 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-12 12:41 . 2008-01-12 12:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-12 12:41 . 2008-01-12 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 12:38 . 2008-01-12 12:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 09:44 . 2008-01-12 09:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 17:12 . 2008-01-11 16:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-11 16:29 . 2008-01-12 11:50 <DIR> d-------- C:\Documents and Settings\vasantha\.housecall6.6
2008-01-11 13:24 . 2008-01-11 22:46 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-11 12:02 . 2008-01-11 12:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-01-11 11:39 . 2008-01-12 21:56 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-11 11:36 . 2008-01-12 23:14 <DIR> d-------- C:\Temp
2008-01-11 11:36 . 2008-01-11 11:36 86,016 --a------ C:\WINDOWS\system32\drivers\ini910uu.sys
2008-01-11 11:36 . 2008-01-12 21:58 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\WINDOWS\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\Program Files\Common Files\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-12-17 22:25 . 2007-12-17 22:25 <DIR> d-------- C:\Program Files\MSECache
2007-12-17 20:42 . 2007-12-17 20:42 <DIR> d-------- C:\Documents and Settings\vasantha\Application Data\My Sam's Club Digital Photo Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 03:56 --------- d-----w C:\Program Files\Lexmark 2200 Series
2008-01-13 03:56 --------- d-----w C:\Program Files\DellSupport
2008-01-12 23:07 --------- d-----w C:\Program Files\QuickTime
2008-01-12 23:00 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 19:59 59 ----a-w C:\Program Files\ini.ini
2008-01-11 17:19 --------- d-----w C:\Documents and Settings\suresh\Application Data\Skype
2008-01-08 14:40 --------- d-----w C:\Documents and Settings\vasantha\Application Data\McAfee.com Personal Firewall
2007-12-24 06:10 --------- d-----w C:\Documents and Settings\vasantha\Application Data\Skype
2007-12-21 15:25 --------- d-----w C:\Documents and Settings\suresh\Application Data\AdobeUM
2007-12-09 18:58 --------- d-----w C:\Documents and Settings\pooja\Application Data\EuroTalk
2007-12-09 18:30 --------- d-----w C:\Documents and Settings\vasantha\Application Data\Music Coach
2007-12-02 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-19 20:37 --------- d--h--r C:\Documents and Settings\suresh\Application Data\yahoo!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2007-06-14 09:22 2,231 ----a-w C:\Program Files\folder.js
2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2006-07-14 21:21 0 ----a-w C:\Documents and Settings\pooja\Application Data\wklnhst.dat
2006-06-08 07:02 2,048 ----a-w C:\Program Files\func.exe
2007-04-23 01:17 56 --sh--r C:\WINDOWS\system32\670B277E4F.sys
2007-04-23 01:17 1,786 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w			77,824 2008-01-12 04:46:36  C:\WINDOWS\system32\hkcmd .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-01-12_17.10.47.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 22:43:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 03:49:36 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-12 22:43:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 03:49:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-12 22:43:52 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 03:49:36 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-12 22:43:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 03:49:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-12 22:43:52 3,371,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 03:49:36 3,371,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-12 22:43:52 32,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 03:49:36 32,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-12 15:44:30 20,228 ----a-w C:\WINDOWS\Prefetch\abc.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\STSYSTRA.EXE]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [ ]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"avp"="C:\WINDOWS\avp .exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-09-20 17:18:58]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 10:59:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R1 ini910uu;ini910uu;C:\WINDOWS\system32\drivers\ini910uu.sys [2008-01-11 11:36]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2005-11-09 22:28]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 14:12]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 18:36:41 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (POOJA-RISHI-pooja).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-13 05:15:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DCLTMJ81-Administrator).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-01-13 05:14:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-pooja).job"
- C:\PROGRA~1\mcafee.com\agent\MCUPDA~4 .EX
- C:\PROGRA~1\mcafee.com\agent
"2008-01-13 05:17:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-Shrieeya).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-13 05:13:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-suresh).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent.sureshPMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
"2008-01-13 05:15:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-vasantha).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate .ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 23:14:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 23:17:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 05:17:32
ComboFix2.txt 2008-01-12 23:11:10
.
2008-01-09 22:17:40 --- E O F ---




The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file



Ran on Sat 01/12/2008 - 23:39:31.87

----a-w			77,824 2008-01-12 04:46:36  C:\WINDOWS\system32\hkcmd .exe

 Entries:				1  (1)
 Directories:			0  Files:			 1
 Bytes:			 77,824  Blocks:		  152




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:54 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

--
End of file - 8942 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 January 2008 - 07:16 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following text inside the quote box below:

Drivers to unload:
C:\WINDOWS\system32\drivers\ini910uu.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

Files to delete:
C:\WINDOWS\system32\drivers\ini910uu.sys
C:\WINDOWS\system32\drivers\core.cache.dsk

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.


Download RenV.exe to your desktop,double click to run it:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
When its finished it will produce a Log.
Please post the contents of that Log into your next reply.
Posted Image
Posted Image

#7 jyoshu

jyoshu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 13 January 2008 - 09:40 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\seffgyru

*******************

Script file located at: \??\C:\Documents and Settings\tpwfbgas.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key \Registry\Machine\System\CurrentControlSet\Services\C:\WINDOWS\system32\drivers\ini910uu.sys not found!
Unload of driver C:\WINDOWS\system32\drivers\ini910uu.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\ini910uu.sys
Status: 0xc0000034



Registry key \Registry\Machine\System\CurrentControlSet\Services\C:\WINDOWS\system32\drivers\core.cache.dsk not found!
Unload of driver C:\WINDOWS\system32\drivers\core.cache.dsk failed!

Could not process line:
C:\WINDOWS\system32\drivers\core.cache.dsk
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\ini910uu.sys deleted successfully.
File C:\WINDOWS\system32\drivers\core.cache.dsk deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Ran on Sun 01/13/2008 -  8:38:29.73

----a-w			77,824 2008-01-12 04:46:36  C:\WINDOWS\system32\hkcmd .exe

 Entries:				1  (1)
 Directories:			0  Files:			 1
 Bytes:			 77,824  Blocks:		  152


#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 January 2008 - 10:08 AM

Posted Image
Refering to the picture above, drag Log.txt into RenV.exe
When finished, it shall produce a new log for you.
Post that log in your next reply.

Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.

If the above link doesn't work,try this:
http://www.kaspersky.com/kos/english/kavwebscan.html
Posted Image
Posted Image

#9 jyoshu

jyoshu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 13 January 2008 - 11:50 AM

Ran on Sun 01/13/2008 - 10:48:54.31

----a-w		 4,670,704 2008-01-13 16:46:44  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
----a-w		 5,030,400 2008-01-13 16:46:34  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w			15,360 2008-01-13 16:46:46  C:\WINDOWS\system32\ctfmon .exe

 Entries:				3  (3)
 Directories:			0  Files:			 3
 Bytes:		  9,716,464  Blocks:	   18,978




KASPERSKY ONLINE SCANNER REPORT
Sunday, January 13, 2008 10:41:53 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/01/2008
Kaspersky Anti-Virus database records: 476496


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 68393
Number of viruses found 13
Number of infected objects 628
Number of suspicious objects 0
Duration of the scan process 01:06:29

Infected Object Name Virus Name Last Action
C:\avenger\backup.zip/avenger/ini910uu.sys Infected: Rootkit.Win32.Agent.to skipped

C:\avenger\backup.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64f9a1414e1a86a9e96ecfb6af6dbd04_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd174791a66139c8ad5defb45e058092_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\pmnnm.exe.bac_a30968 Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\RCX6A.tmp.bac_a30968 Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\tk58[1].exe.bac_a30968 Infected: Trojan.Win32.BHO.ab skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\TMP25.tmp.bac_a30968 Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\vikitegow605.dll.bac_a30968 Infected: Trojan.Win32.BHO.ab skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\vikitegow82.dll.bac_a30968 Infected: Trojan.Win32.BHO.ab skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\yazzsnet.exe.bac_a30968/data0003 Infected: Trojan-Downloader.Win32.PurityScan.fg skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\yazzsnet.exe.bac_a30968 NSIS: infected - 1 skipped

C:\Documents and Settings\vasantha\.housecall6.6\Quarantine\yazzsnet.exe.bac_a30968 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\vasantha\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\vasantha\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\vasantha\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\vasantha\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\vasantha\Local Settings\Temp\Perflib_Perfdata_f54.dat Object is locked skipped

C:\Documents and Settings\vasantha\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\vasantha\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\vasantha\ntuser.dat.LOG Object is locked skipped

C:\Program Files\func.exe Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Program Files\Juniper Networks\Common Files\NCService.log Object is locked skipped

C:\Program Files\McAfee.com\Agent\McUpdate.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Program Files\MSN Messenger\msnmsgr.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Program Files\Yahoo!\Messenger\logs\billing_vasantha.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\client_vasantha.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\logs\network_vasantha.log Object is locked skipped

C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Documents and Settings\vasantha\Application Data\YMBOLS~1\userinit .exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\QooBox\Quarantine\C\DOCUME~1\vasantha\APPLIC~1\YMBOLS~1\userinit.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\issch.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fg skipped

C:\QooBox\Quarantine\C\Program Files\CyberLink\PowerDVD\DVDLauncher.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\DellSupport\DSAgnt.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Dot1XCfg\Dot1XCfg.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Intel\Modem Event Monitor\IntelMEM.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.2_03\bin\jusched.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Lexmark 2200 Series\lxbvbmgr.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\mcagent.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\McUpdate .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Personal Firewall\MpfTray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\VSO\mcmnhdlr.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\VSO\mcvsshld.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Online Services\vikitegow605.dll.vir Infected: Trojan.Win32.BHO.ab skipped

C:\QooBox\Quarantine\C\Program Files\Online Services\vikitegow732.dll.vir Infected: Trojan.Win32.BHO.ab skipped

C:\QooBox\Quarantine\C\Program Files\Online Services\vikitegow786.dll.vir Infected: Trojan.Win32.BHO.ab skipped

C:\QooBox\Quarantine\C\Program Files\Online Services\zysojazav.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Real\RealPlayer\RealPlay.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir Infected: Trojan.Win32.Agent.dwb skipped

C:\QooBox\Quarantine\C\Program Files\Web Buying\v1.8.6\webbuying.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Yahoo!\Messenger\YahooMessenger .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Yahoo!\Search Protection\SearchProtection.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\83122.exe.vir/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\QooBox\Quarantine\C\WINDOWS\83122.exe.vir/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\QooBox\Quarantine\C\WINDOWS\83122.exe.vir NSIS: infected - 2 skipped

C:\QooBox\Quarantine\C\WINDOWS\avp .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\avp .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped

C:\QooBox\Quarantine\C\WINDOWS\ehome\ehtray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.tmp.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\dla\tfswctrl.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\igfxpers.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\igfxtray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnm.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\RCX67.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\RCX68.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP751\A0053118.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP751\A0054074.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP751\A0054098.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054108.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054116.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054118.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054119.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054120.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054123.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054124.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054125.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054126.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054127.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054128.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054129.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054130.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054131.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054132.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054133.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054134.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054135.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054136.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054137.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054138.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054139.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054140.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054141.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054144.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054145.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054146.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054147.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054148.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054150.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0054162.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055117.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055118.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055120.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055121.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055122.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055123.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055124.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055125.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055126.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055127.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055128.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055129.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055130.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055131.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055132.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055133.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055135.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055136.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055137.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055138.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055139.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055140.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055141.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055142.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055143.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055144.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055145.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055169.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055187.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP752\A0055188.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0055189.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0055198.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0055202.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0055203.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0055204.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0055205.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0055206.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0055208.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056113.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056119.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056121.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056122.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056124.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056125.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056126.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056127.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056128.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056129.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056130.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056131.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056132.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056133.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056134.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056135.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056136.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056138.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056139.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056140.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056141.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056142.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056143.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056144.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056145.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056146.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056147.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056148.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056160.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0056175.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057119.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057120.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057122.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057123.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057124.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057125.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057126.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057127.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057128.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057129.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057130.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057131.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057132.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057134.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057135.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057139.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057142.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057143.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057146.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057147.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057152.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057153.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057158.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057159.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057160.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057172.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057189.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057190.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057191.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057196.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057198.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057203.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057205.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057206.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057207.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057208.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057210.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057211.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057212.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057214.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057216.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057217.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057218.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057220.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057221.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057222.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057223.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057224.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057227.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057228.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057235.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057245.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057253.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057259.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0057261.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058187.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058189.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058190.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058192.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058193.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058194.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058195.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058196.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058197.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058198.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058199.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058200.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058203.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058205.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058206.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058207.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058208.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058209.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058210.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058211.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058212.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058213.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058214.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058215.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058216.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058217.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058234.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058244.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058255.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058257.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0058258.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059184.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059184.exe/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059184.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059194.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059200.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059206.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059207.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059208.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059210.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059211.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059212.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059215.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059216.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059217.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059218.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059220.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059221.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059222.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059223.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059224.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059225.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059226.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059227.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059228.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059229.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059234.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059240.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059247.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059248.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059255.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP753\A0059256.exe Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059298.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059302.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059303.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059304.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059305.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059306.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059307.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059308.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059309.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059310.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059311.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059312.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059314.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059315.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059316.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059317.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059319.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059321.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059322.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059323.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059324.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0059326.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060194.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060195.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060197.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060198.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060199.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060200.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060203.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060205.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060206.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060207.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060208.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060209.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060210.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060211.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060212.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060213.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060214.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060215.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060216.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060217.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060218.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060219.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060220.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060221.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060222.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060239.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060249.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060260.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP754\A0060261.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060298.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060299.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060300.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060302.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060303.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060304.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060305.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060306.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060307.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060308.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060309.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060310.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060311.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060313.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060314.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060315.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060316.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060319.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060320.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060321.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060322.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060323.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060324.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060325.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060326.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060327.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060328.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060329.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060330.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060336.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060340.exe Infected: Trojan-Downloader.Win32.VB.caw skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060343.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060344.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060345.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060346.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060347.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060348.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060349.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060350.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060351.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060352.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060353.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060354.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060355.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060356.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060357.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060358.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060359.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0060360.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061184.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061185.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061191.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061192.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061194.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061195.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061196.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061197.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061198.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061199.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061200.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061203.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061205.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061206.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061208.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061209.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061210.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061211.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061212.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061213.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061217.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061218.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061221.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061222.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061223.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061251.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061257.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP755\A0061260.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0061268.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0061282.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0061285.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0061285.exe/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0061285.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062183.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062185.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062186.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062186.exe/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062186.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062187.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062188.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062189.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062190.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062191.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062192.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062193.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062194.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062195.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062196.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062197.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062198.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062199.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062200.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062201.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062202.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062203.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062204.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062205.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062206.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062207.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062208.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062209.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062210.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062211.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062212.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062213.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062214.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062215.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062216.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062217.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062218.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062219.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062220.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062221.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062222.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062223.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062224.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062225.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062226.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062227.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062228.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062229.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062230.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062231.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062232.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062238.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062239.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062241.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062242.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062243.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062244.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062245.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062246.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062247.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062248.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062249.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062250.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062251.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062252.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062253.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062254.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062255.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062256.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062257.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062258.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062260.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062261.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062262.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062263.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062285.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062291.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062301.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062307.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP756\A0062311.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062318.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062319.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062321.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062323.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062324.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062325.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062326.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062327.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062328.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062329.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062330.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062331.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062332.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062333.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062334.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062335.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062336.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062339.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062340.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062341.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062342.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062343.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062344.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062345.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062346.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP757\A0062347.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062349.exe Infected: Trojan-Downloader.Win32.PurityScan.fg skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062352.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062353.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062355.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062356.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062356.exe/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062356.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062358.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062359.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062360.dll Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062364.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062365.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062372.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062373.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062374.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062382.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062383.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062384.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062385.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062386.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062387.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062388.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062389.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062390.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062391.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062392.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062393.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062394.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062395.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062396.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062397.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062398.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062399.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062400.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062401.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062402.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062403.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062404.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062405.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062406.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062407.exe Infected: Trojan.Win32.Agent.dwb skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062412.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062413.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062417.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062418.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062419.exe Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062432.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062433.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP758\A0062439.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062534.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062535.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062536.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062538.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062539.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062540.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062541.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062542.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062544.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062545.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062546.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062549.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062550.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062551.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062552.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062553.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP760\A0062554.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062556.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062558.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062559.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062560.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062561.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062562.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062563.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062564.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062565.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062566.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062567.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062568.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062569.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062570.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062571.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062572.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062573.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP761\A0062650.sys Infected: Rootkit.Win32.Agent.to skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP762\A0062664.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP762\A0062666.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP762\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0335362A-8CDF-4BC0-8666-7EA14C44C1E8}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\hkcmd.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\WINDOWS\system32\pmnnm.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 January 2008 - 12:12 PM

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Restart your pc.

Delete everything inside this folder:
C:\Documents and Settings\vasantha\.housecall6.6\Quarantine

Click on Start/Run,type cleanmgr into the 'Open:' space,then press Ok.
Let it scan your system for files to remove.
Make sure these 3 are checked and nothing else,then press Ok.
* Temporary Files
* Temporary Internet Files
* Recycle Bin


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\Program Files\func.exe
C:\Program Files\McAfee.com\Agent\McUpdate.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\pmnnm.exe
Folder::
C:\avenger
C:\QooBox

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#11 jyoshu

jyoshu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 13 January 2008 - 01:51 PM

i ran the combofix and hijackthis before deleting the temp files....so i ran them again....i hope its ok





ComboFix 08-01-09.2 - vasantha 2008-01-13 12:58:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.644 [GMT -6:00]
Running from: C:\Documents and Settings\vasantha\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\vasantha\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\Program Files\func.exe
C:\Program Files\McAfee.com\Agent\McUpdate.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\pmnnm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\folder.js\
C:\Program Files\ini.ini\
C:\QooBox
C:\QooBox\BackEnv\appdata.folder.dat
C:\QooBox\BackEnv\cache.folder.dat
C:\QooBox\BackEnv\desktop.folder.dat
C:\QooBox\BackEnv\favorites.folder.dat
C:\QooBox\BackEnv\local appdata.folder.dat
C:\QooBox\BackEnv\local settings.folder.dat
C:\QooBox\BackEnv\my pictures.folder.dat
C:\QooBox\BackEnv\personal.folder.dat
C:\QooBox\BackEnv\profiles.folder.dat
C:\QooBox\BackEnv\programs.folder.dat
C:\QooBox\BackEnv\setpath.bat
C:\QooBox\BackEnv\setpath.dat
C:\QooBox\BackEnv\start menu.folder.dat
C:\QooBox\BackEnv\startup.folder.dat
C:\QooBox\BackEnv\templates.folder.dat
C:\QooBox\cfscript_used_2008-01-13@12.58.txt
C:\QooBox\ComboFix-quarantined-files.txt
C:\QooBox\ComboFix2.txt
C:\QooBox\snapshot@2008-01-13_12.47.13.59.dat
C:\QooBox\snapshot@2008-01-13_12.47.13.59_B.dat
C:\WINDOWS\system32\hkcmd.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 09:24 . 2008-01-13 09:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-13 09:24 . 2008-01-13 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-12 16:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 13:36 . 2008-01-12 13:36 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-12 12:41 . 2008-01-12 12:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-12 12:41 . 2008-01-12 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 12:38 . 2008-01-12 12:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 09:44 . 2008-01-12 09:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 17:12 . 2008-01-11 16:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-11 16:29 . 2008-01-12 11:50 <DIR> d-------- C:\Documents and Settings\vasantha\.housecall6.6
2008-01-11 12:02 . 2008-01-11 12:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-01-11 11:39 . 2008-01-12 21:56 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-11 11:36 . 2008-01-13 12:41 <DIR> d-------- C:\Temp
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\WINDOWS\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 <DIR> d-------- C:\Program Files\Common Files\Skyscape
2007-12-27 14:46 . 2007-12-27 14:46 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-12-17 22:25 . 2007-12-17 22:25 <DIR> d-------- C:\Program Files\MSECache
2007-12-17 20:42 . 2007-12-17 20:42 <DIR> d-------- C:\Documents and Settings\vasantha\Application Data\My Sam's Club Digital Photo Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 18:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-13 03:56 --------- d-----w C:\Program Files\Lexmark 2200 Series
2008-01-13 03:56 --------- d-----w C:\Program Files\DellSupport
2008-01-12 23:07 --------- d-----w C:\Program Files\QuickTime
2008-01-12 19:59 59 ----a-w C:\Program Files\ini.ini
2008-01-12 15:44 20,228 ----a-w C:\WINDOWS\Prefetch\abc.bat
2008-01-11 17:19 --------- d-----w C:\Documents and Settings\suresh\Application Data\Skype
2008-01-08 14:40 --------- d-----w C:\Documents and Settings\vasantha\Application Data\McAfee.com Personal Firewall
2007-12-24 06:10 --------- d-----w C:\Documents and Settings\vasantha\Application Data\Skype
2007-12-21 15:25 --------- d-----w C:\Documents and Settings\suresh\Application Data\AdobeUM
2007-12-09 18:58 --------- d-----w C:\Documents and Settings\pooja\Application Data\EuroTalk
2007-12-09 18:30 --------- d-----w C:\Documents and Settings\vasantha\Application Data\Music Coach
2007-12-02 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-19 20:37 --------- d--h--r C:\Documents and Settings\suresh\Application Data\yahoo!
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 227,328 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2007-06-14 09:22 2,231 ----a-w C:\Program Files\folder.js
2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2006-07-14 21:21 0 ----a-w C:\Documents and Settings\pooja\Application Data\wklnhst.dat
2007-04-23 01:17 56 --sh--r C:\WINDOWS\system32\670B277E4F.sys
2007-04-23 01:17 1,786 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-01-13 11:17 4670704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\STSYSTRA.EXE]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [ ]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"avp"="C:\WINDOWS\avp .exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-09-20 17:18:58]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 10:59:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2005-11-09 22:28]
S1 ini910uu;ini910uu;C:\WINDOWS\system32\drivers\ini910uu.sys []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 14:12]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 18:36:41 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (POOJA-RISHI-pooja).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-13 19:00:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DCLTMJ81-Administrator).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-01-13 18:59:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-pooja).job"
- C:\PROGRA~1\mcafee.com\agent\MCUPDA~4 .EX
- C:\PROGRA~1\mcafee.com\agent
"2008-01-13 18:57:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-Shrieeya).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-13 18:58:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-suresh).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent.sureshPMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
"2008-01-13 19:00:00 C:\WINDOWS\Tasks\McAfee.com Update Check (POOJA-RISHI-vasantha).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate .ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 13:00:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 13:00:28
.
2008-01-09 22:17:40 --- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:12 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

--
End of file - 9198 bytes

Edited by jyoshu, 13 January 2008 - 02:03 PM.


#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 January 2008 - 04:27 PM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab

Exit Hijackthis.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#13 jyoshu

jyoshu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 13 January 2008 - 07:25 PM

the system seems to be working alright now...but i ws not able to use yahoo webcam in the morning...didn't checkback though....
anything else to do?
thanks



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/13/2008 at 06:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3379
Trace Rules Database Version: 1373

Scan type : Complete Scan
Total Scan Time : 00:34:16

Memory items scanned : 389
Memory threats detected : 0
Registry items scanned : 6369
Registry threats detected : 0
File items scanned : 37786
File threats detected : 5

Unclassified.Unknown Origin
C:\PROGRAM FILES\TTC.DLL

Trojan.Vundo/Variant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP3\A0000015.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP3\A0000021.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP3\A0000028.DLL



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:43 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

--
End of file - 9199 bytes

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 14 January 2008 - 07:01 AM

Your log is clean,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore again.

Posted Image

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm
Posted Image
Posted Image

#15 jyoshu

jyoshu
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 14 January 2008 - 10:05 AM

thankyou so much richie....but i am not able to open internet explorer...it goes to http://files/Internet%20Explorer/IEXPLORE.EXE
every time i close internet explorer also i get an error msg...any help with that?

Edited by jyoshu, 14 January 2008 - 10:06 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users