Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yayxxxy.dll-- Winlogon


  • Please log in to reply
16 replies to this topic

#1 bigpoppaj

bigpoppaj

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 03 February 2008 - 05:49 AM

When I did a scan using Hi-Jackthis 2.0 it found a file yayxxxy.dll but when I upgraded to 2.0.2 it was gone. I'm pretty sure that it's the problem seeing as my computer problems started on the day it was created but I can't get rid of it. Spybot S&D shows it as launching on startup and it won't uncheck or delete, it just come back. I tried kill box, move on boot and deleting it manually in safe mode, both the .dll and the registry. Please help. Here's my log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:25 AM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [BM67fde461] Rundll32.exe "C:\WINDOWS\system32\licjfbka.dll",s
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

--
End of file - 972 bytes



Any help would be greatly appreciated, please and thank you.

BC AdBot (Login to Remove)

 


m

#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:08 PM

Posted 03 February 2008 - 02:32 PM

Hi and welcome,

That log does look a bit short. :wacko:

Why no antivirus? The internet is :thumbsup: without an antivirus.

How stable is the system besides the popups? Any crashing going on?
I ask this because I wanna get an antivirus installed but hesitate till system is known to be fair stable and we don't crash half way through the install.

Please don't delete stuff from the registry unless you know exactly what you are doing...
Some varients of vundo add themselves to one delicate registry key that if not fixed "perfectly" will result in inability to boot.

Lets see what is happening. Some vundo varients hide themselves from Hijackthis.

This app should gimme the info I need to figure out our course of action:

Download Deckard's System Scanner to your Desktop from one of these links:

http://www.techsupportforum.com/sectools/Deckard/dss.exe
http://deckard.geekstogo.com/dss.exe

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt here.
A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.
Please attach Extra.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

To attach a file to a new post, simply
Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:

C:\Deckard\System Scanner\Extra.txt

Click Upload.

What DSS will do:
--create a new System Restore point in Windows XP and Vista.
--clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
--check some important areas of your system and produce a report for your analyst to review.
--System Scanner automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Thanks :blink:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 bigpoppaj

bigpoppaj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 04 February 2008 - 01:44 AM

Allright I did as you said. It hasn't really been crashing, it seems to create more viruses though. Sometimes it crashes when my brother uses internet explorer, like the desktop and taskbar will go blank. Here's the log.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-04 01:32:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-04 06:32:54 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-04 01:37:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

O2 - BHO: (no name) - {68898186-5A8D-4286-94F8-8CCEBB3C5BA5} - C:\WINDOWS\system32\pmkhh.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\system32\yayxxxy.dll
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\fisvglof.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Enterprise Mailing Service (s3svc) - Send-Safe - C:\WINDOWS\system32\sse.exe


--
End of file - 2015 bytes

-- HijackThis Fixed Entries (C:\Documents and Settings\Owner\Desktop\ibprocman\backups\) --------------------------------------------------------------------------------

backup-20071114-052904-712 O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteqe.html
backup-20071114-052910-710 O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteqe.html
backup-20080108-035903-189 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info
backup-20080108-035903-302 O15 - Trusted Zone: *.onerateld.com
backup-20080108-035903-403 O2 - BHO: (no name) - {93DBA566-33FC-3958-DA5F-4AE678870BC2} - C:\WINDOWS\system32\wyfdxe.dll
backup-20080108-035903-419 O4 - HKCU\..\Run: [IntelliMouse Explorer V2.3] C:\WINDOWS\netpefr32.exe
backup-20080108-035903-547 O4 - HKCU\..\Run: [Wifxqcf] "C:\Program Files\?ystem32\?ti2evxx.exe"
backup-20080108-035903-554 O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\system32\SCURIT~1\wucrtupd.exe" -vt yazb
backup-20080108-035903-562 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080108-035903-597 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
backup-20080108-035903-624 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
backup-20080108-035903-686 O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
backup-20080108-035903-720 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080108-035903-782 O2 - BHO: (no name) - {D006192A-7D6F-4978-B5C9-CD6D5C2B088C} - C:\WINDOWS\system32\vturr.dll
backup-20080108-035903-885 O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
backup-20080108-035903-992 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080108-035903-995 O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteqe.html
backup-20080108-035952-177 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080108-035952-370 O2 - BHO: (no name) - {D006192A-7D6F-4978-B5C9-CD6D5C2B088C} - C:\WINDOWS\system32\vturr.dll
backup-20080108-040102-138 O2 - BHO: (no name) - {D006192A-7D6F-4978-B5C9-CD6D5C2B088C} - C:\WINDOWS\system32\vturr.dll
backup-20080110-133232-143 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
backup-20080110-133232-234 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080110-133232-323 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
backup-20080110-133232-460 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
backup-20080110-133232-799 O2 - BHO: {ff8852fb-48ca-a619-9f24-564c46301ef5} - {5fe10364-c465-42f9-916a-ac84bf2588ff} - C:\WINDOWS\system32\gpxsfamd.dll
backup-20080110-133232-840 O2 - BHO: (no name) - {34928A2F-5E1B-432F-A739-B992B1F68A86} - C:\WINDOWS\system32\vturr.dll
backup-20080110-133233-260 O23 - Service: DomainService - - C:\WINDOWS\system32\cqqfjtya.exe
backup-20080110-133233-772 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080110-133233-784 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080110-144611-106 O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
backup-20080110-144611-312 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080110-144611-417 O2 - BHO: (no name) - {F1B7B59E-542A-42CA-827F-9F1BA8C22537} - C:\WINDOWS\system32\vturr.dll
backup-20080110-144611-448 O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteqe.html
backup-20080110-144611-868 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080110-144611-929 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080110-154013-275 O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
backup-20080110-154013-495 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080110-154013-670 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080110-154013-827 O2 - BHO: (no name) - {6A75FAE4-4DEF-4C07-AE64-7CABC8FB77B5} - C:\WINDOWS\system32\vturr.dll
backup-20080110-154014-322 O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteqe.html
backup-20080110-154014-499 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080111-103455-130 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080111-103455-444 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080111-103455-521 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080111-103455-669 O2 - BHO: (no name) - {6A75FAE4-4DEF-4C07-AE64-7CABC8FB77B5} - C:\WINDOWS\system32\vturr.dll
backup-20080111-103455-927 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
backup-20080111-103455-953 O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteqe.html
backup-20080111-103525-388 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080111-103530-626 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080111-103530-957 O2 - BHO: (no name) - {6A75FAE4-4DEF-4C07-AE64-7CABC8FB77B5} - C:\WINDOWS\system32\vturr.dll
backup-20080111-104023-897 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080111-105627-133 O2 - BHO: (no name) - {7003A043-63D0-49C5-80C4-40FE6D61D186} - C:\WINDOWS\system32\vturr.dll
backup-20080111-105627-362 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080111-105627-412 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080111-105628-369 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080111-112223-215 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080111-112223-937 O2 - BHO: (no name) - {91D25B33-1044-4051-AF74-2FAEBDBDCD50} - C:\WINDOWS\system32\vturr.dll
backup-20080111-112251-212 O2 - BHO: (no name) - {91D25B33-1044-4051-AF74-2FAEBDBDCD50} - C:\WINDOWS\system32\vturr.dll
backup-20080111-112251-911 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080111-112437-256 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080111-112437-341 O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
backup-20080111-112437-343 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080111-112437-348 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
backup-20080111-112437-365 O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
backup-20080111-112437-418 O2 - BHO: (no name) - {91D25B33-1044-4051-AF74-2FAEBDBDCD50} - C:\WINDOWS\system32\vturr.dll
backup-20080111-112437-616 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080111-112437-832 O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
backup-20080111-112437-848 O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
backup-20080121-020636-133 O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
backup-20080121-020636-229 O4 - HKLM\..\Run: [64ced7fd] rundll32.exe "C:\WINDOWS\system32\tavkojfc.dll",b
backup-20080121-020636-332 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
backup-20080121-020636-333 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080121-020636-550 O2 - BHO: {d0c4e3fc-244f-1fb9-7994-fb37e07befab} - {bafeb70e-73bf-4997-9bf1-f442cf3e4c0d} - C:\WINDOWS\system32\yvetqahb.dll
backup-20080121-020636-624 O2 - BHO: (no name) - {B78E9AC9-F3BF-489D-B3DE-A6F9A0287C38} - C:\WINDOWS\system32\vturr.dll
backup-20080121-020636-866 O4 - HKLM\..\Run: [BM67fde461] Rundll32.exe "C:\WINDOWS\system32\epoblwtk.dll",s
backup-20080121-020637-356 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080121-020637-414 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080121-020637-563 O23 - Service: DomainService - - C:\WINDOWS\system32\fisvglof.exe
backup-20080121-020637-616 O20 - Winlogon Notify: hggdabx - C:\WINDOWS\
backup-20080121-020637-844 O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteqe.html
backup-20080121-020637-912 O20 - Winlogon Notify: picnpycl - picnpycl.dll (file missing)
backup-20080121-152502-387 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080121-152502-438 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080121-152502-511 O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteqe.html
backup-20080121-152502-688 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
backup-20080121-152502-841 O2 - BHO: (no name) - {75A5D95B-4259-46E3-806C-D662FA7B24BD} - C:\WINDOWS\system32\vturr.dll
backup-20080203-062144-246 O20 - Winlogon Notify: yayxxxy - C:\WINDOWS\SYSTEM32\yayxxxy.dll
backup-20080203-062144-320 O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\yayxxxy.dll
backup-20080203-062144-780 O2 - BHO: {c46e940d-9d57-c5f8-cce4-2728fe20774b} - {b47702ef-8272-4ecc-8f5c-75d9d049e64c} - C:\WINDOWS\system32\ondbrgpv.dll
backup-20080203-062144-851 O2 - BHO: (no name) - {FC371784-4FB2-4003-B81B-D3C36DA724AB} - C:\WINDOWS\system32\vturr.dll (file missing)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 IDriverT (InstallDriver Table Manager) - "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" (file missing)
S4 DomainService - c:\windows\system32\fisvglof.exe /service <Not Verified; ; DDC>
S4 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
S4 s3svc (Enterprise Mailing Service) - c:\windows\system32\sse.exe -r <Not Verified; Send-Safe; Send-Safe Enterprise Mailer>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\6F3F65E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\6F3F65E01800
Service: NIC1394


-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-03 06:37:57 11071 --ahs---- C:\WINDOWS\system32\hhkmp.ini2
2008-02-03 06:37:54 326144 --a------ C:\WINDOWS\system32\pmkhh.dll
2008-02-02 15:16:03 88128 --a------ C:\WINDOWS\system32\fhqbvsck.dll
2008-02-02 15:10:03 73280 --a------ C:\WINDOWS\system32\licjfbka.dll
2008-02-01 15:10:03 92736 --a------ C:\WINDOWS\system32\mjuplfhp.dll
2008-02-01 15:07:04 70208 --a------ C:\WINDOWS\system32\cuoaxdrx.dll
2008-01-31 15:14:36 90688 --a------ C:\WINDOWS\system32\ucmtstkc.dll
2008-01-31 15:11:36 72256 --a------ C:\WINDOWS\system32\myxwnodh.dll
2008-01-31 15:08:37 94784 --a------ C:\WINDOWS\system32\qpppjjkp.dll
2008-01-30 15:16:51 87616 --a------ C:\WINDOWS\system32\ebptbevq.dll
2008-01-30 15:10:51 92736 --a------ C:\WINDOWS\system32\rojiafhy.dll
2008-01-30 15:07:51 68672 --a------ C:\WINDOWS\system32\pcliaqqv.dll
2008-01-29 15:16:21 88640 --a------ C:\WINDOWS\system32\iqmtojxf.dll
2008-01-29 15:13:21 74304 --a------ C:\WINDOWS\system32\vcsgiuiy.exe <Not Verified; ; DDC>
2008-01-29 15:10:21 71232 --a------ C:\WINDOWS\system32\pmttfgma.dll
2008-01-29 15:07:21 78912 --a------ C:\WINDOWS\system32\waelsjjq.dll
2008-01-29 14:16:01 88640 --a------ C:\WINDOWS\system32\ovdayfry.dll
2008-01-29 14:13:00 78912 --a------ C:\WINDOWS\system32\nmtbychd.dll
2008-01-29 14:10:15 71232 --a------ C:\WINDOWS\system32\qujicoss.dll
2008-01-29 14:07:06 74304 --a------ C:\WINDOWS\system32\dbcscfta.exe <Not Verified; ; DDC>
2008-01-28 06:37:50 71232 --a------ C:\WINDOWS\system32\lhrcyckc.dll
2008-01-28 06:35:05 74304 --a------ C:\WINDOWS\system32\advvmavt.exe <Not Verified; ; DDC>
2008-01-28 06:34:56 79936 --a------ C:\WINDOWS\system32\irorsjue.dll
2008-01-28 06:31:53 71232 --a------ C:\WINDOWS\system32\cfsynkjy.dll
2008-01-28 06:31:51 74304 --a------ C:\WINDOWS\system32\ftogixha.exe <Not Verified; ; DDC>
2008-01-28 06:30:53 78912 --a------ C:\WINDOWS\system32\qkmpdatb.dll
2008-01-27 02:43:38 89152 --a------ C:\WINDOWS\system32\cinowmvx.dll
2008-01-27 02:40:38 74304 --a------ C:\WINDOWS\system32\aueuvicn.exe <Not Verified; ; DDC>
2008-01-27 02:37:42 68160 --a------ C:\WINDOWS\system32\assbvwab.dll
2008-01-27 02:34:42 78912 --a------ C:\WINDOWS\system32\gmkkgsng.dll
2008-01-27 02:10:41 78912 --a------ C:\WINDOWS\system32\kndcjlov.dll
2008-01-27 02:07:38 74304 --a------ C:\WINDOWS\system32\mduovjmk.exe <Not Verified; ; DDC>
2008-01-27 02:04:38 72768 --a------ C:\WINDOWS\system32\hytgxdqw.dll
2008-01-26 02:04:39 80448 --a------ C:\WINDOWS\system32\lcgryace.dll
2008-01-26 02:04:38 74304 --a------ C:\WINDOWS\system32\rrqbnmjp.exe <Not Verified; ; DDC>
2008-01-26 02:02:56 72768 --a------ C:\WINDOWS\system32\fkupcbjt.dll
2008-01-24 23:45:45 87616 --a------ C:\WINDOWS\system32\fmglouuf.dll
2008-01-24 23:42:45 74304 --a------ C:\WINDOWS\system32\mthwkgiq.exe <Not Verified; ; DDC>
2008-01-24 23:39:47 80448 --a------ C:\WINDOWS\system32\kpqpbsam.dll
2008-01-24 23:36:48 72768 --a------ C:\WINDOWS\system32\pdhbikix.dll
2008-01-24 21:24:25 0 d-------- C:\Program Files\Yume Team
2008-01-23 23:44:41 87616 --a------ C:\WINDOWS\system32\eubfxneq.dll
2008-01-23 23:41:40 80960 --a------ C:\WINDOWS\system32\fqmkmvfn.dll
2008-01-23 23:38:40 68672 --a------ C:\WINDOWS\system32\ppktgxdw.dll
2008-01-23 23:35:40 74304 --a------ C:\WINDOWS\system32\ogdcmcku.exe <Not Verified; ; DDC>
2008-01-22 23:42:46 89664 --a------ C:\WINDOWS\system32\asnaddcs.dll
2008-01-22 23:39:46 74304 --a------ C:\WINDOWS\system32\vjfhfmfy.exe <Not Verified; ; DDC>
2008-01-22 23:36:46 77376 --a------ C:\WINDOWS\system32\jdychlke.dll
2008-01-22 23:33:52 70720 --a------ C:\WINDOWS\system32\weumsonr.dll
2008-01-21 23:44:12 88640 --a------ C:\WINDOWS\system32\dwftvtyx.dll
2008-01-21 23:41:11 78912 --a------ C:\WINDOWS\system32\ayusnjdx.dll
2008-01-21 23:38:09 74304 --a------ C:\WINDOWS\system32\rdosibfx.exe <Not Verified; ; DDC>
2008-01-21 23:35:10 70208 --a------ C:\WINDOWS\system32\dgasrdpi.dll
2008-01-21 15:30:57 0 d-------- C:\Program Files\Trend Micro
2008-01-20 23:42:56 85568 --a------ C:\WINDOWS\system32\tavkojfc.dll
2008-01-20 23:39:56 71744 --a------ C:\WINDOWS\system32\epoblwtk.dll
2008-01-20 23:36:56 74304 --a------ C:\WINDOWS\system32\umilyamh.exe <Not Verified; ; DDC>
2008-01-19 23:36:37 69696 --a------ C:\WINDOWS\system32\mjvxxljb.dll
2008-01-19 23:33:39 74304 --a------ C:\WINDOWS\system32\hogiettr.exe <Not Verified; ; DDC>
2008-01-19 23:33:37 78400 --a------ C:\WINDOWS\system32\uoqxccia.dll
2008-01-18 23:38:43 74304 --a------ C:\WINDOWS\system32\csnhgrbj.exe <Not Verified; ; DDC>
2008-01-18 23:38:35 69696 --a------ C:\WINDOWS\system32\hjbermmp.dll
2008-01-18 23:35:34 81984 --a------ C:\WINDOWS\system32\oghhuhdp.dll
2008-01-17 23:45:00 86592 --a------ C:\WINDOWS\system32\evekhadv.dll
2008-01-17 23:38:59 70208 --a------ C:\WINDOWS\system32\tcfenduq.dll
2008-01-17 23:35:59 74304 --a------ C:\WINDOWS\system32\orqppuov.exe <Not Verified; ; DDC>
2008-01-17 23:32:59 77376 --a------ C:\WINDOWS\system32\bdlvoyuc.dll
2008-01-16 23:47:29 86592 --a------ C:\WINDOWS\system32\tuqquagl.dll
2008-01-16 23:41:29 70208 --a------ C:\WINDOWS\system32\ftjttifv.dll
2008-01-16 23:38:29 76864 --a------ C:\WINDOWS\system32\hmwuvurj.dll
2008-01-16 12:41:18 237568 --a------ C:\WINDOWS\system32\Unlha32.dll <Not Verified; ; UNLHA32.DLL for Win32>
2008-01-16 12:41:18 473600 --a------ C:\WINDOWS\system32\Harmony.dll
2008-01-16 10:53:41 0 d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-01-16 10:52:24 11776 --a------ C:\WINDOWS\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
2008-01-16 10:51:51 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-01-16 10:51:25 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-01-16 10:51:24 0 d-------- C:\Program Files\ArcSoft
2008-01-15 23:38:24 74304 --a------ C:\WINDOWS\system32\fbhfnvkk.exe <Not Verified; ; DDC>
2008-01-15 23:35:25 70208 --a------ C:\WINDOWS\system32\oqtnyfod.dll
2008-01-15 23:32:44 79936 --a------ C:\WINDOWS\system32\ashxxmdb.dll
2008-01-14 23:01:31 74304 --a------ C:\WINDOWS\system32\wdnwceij.exe <Not Verified; ; DDC>
2008-01-14 22:58:31 70208 --a------ C:\WINDOWS\system32\ocodkipw.dll
2008-01-14 22:55:55 79936 --a------ C:\WINDOWS\system32\wmhmiros.dll
2008-01-13 13:19:22 90176 --a------ C:\WINDOWS\system32\hjmcyhoc.dll
2008-01-13 13:13:21 70208 --a------ C:\WINDOWS\system32\lrvbgrek.dll
2008-01-13 13:10:21 79936 --a------ C:\WINDOWS\system32\ihfjnmyu.dll
2008-01-13 13:07:21 74304 --a------ C:\WINDOWS\system32\mvtaawco.exe <Not Verified; ; DDC>
2008-01-12 13:12:27 70208 --a------ C:\WINDOWS\system32\ewtocevh.dll
2008-01-12 13:09:27 74304 --a------ C:\WINDOWS\system32\oyqvlftc.exe <Not Verified; ; DDC>
2008-01-11 13:17:00 90176 --a------ C:\WINDOWS\system32\hsrofsnv.dll
2008-01-11 13:10:58 76864 --a------ C:\WINDOWS\system32\vqfoqaxk.dll
2008-01-11 13:07:58 74304 --a------ C:\WINDOWS\system32\fisvglof.exe <Not Verified; ; DDC>
2008-01-11 13:04:58 70208 --a------ C:\WINDOWS\system32\obyjjvpw.dll
2008-01-11 11:25:31 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Mozilla
2008-01-11 00:25:43 0 d-------- C:\WINDOWS\system32\AppData
2008-01-10 15:44:21 0 d-------- C:\Program Files\WinUtilities
2008-01-10 13:26:12 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\interMute
2008-01-10 13:26:12 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Identities
2008-01-10 13:26:11 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\WINDOWS
2008-01-10 13:26:11 0 d--h----- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Templates
2008-01-10 13:26:11 0 dr------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Start Menu
2008-01-10 13:26:11 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\SendTo
2008-01-10 13:26:11 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Recent
2008-01-10 13:26:11 0 d--h----- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\PrintHood
2008-01-10 13:26:11 2359296 --ah----- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\NTUSER.DAT
2008-01-10 13:26:11 0 d--h----- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\NetHood
2008-01-10 13:26:11 0 dr------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\My Documents
2008-01-10 13:26:11 0 d--h----- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Local Settings
2008-01-10 13:26:11 0 dr------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Favorites
2008-01-10 13:26:11 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Desktop
2008-01-10 13:26:11 0 d---s---- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Cookies
2008-01-10 13:26:11 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data
2008-01-10 13:26:11 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Symantec
2008-01-10 13:26:11 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Sun
2008-01-10 13:26:11 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Sonic
2008-01-10 13:26:11 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\SampleView
2008-01-10 13:26:11 0 d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Real
2008-01-10 13:26:11 0 d---s---- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Microsoft
2008-01-09 13:09:50 79936 --a------ C:\WINDOWS\system32\natrroif.dll
2008-01-09 01:04:09 79936 --a------ C:\WINDOWS\system32\rudcfxwn.dll
2008-01-08 01:03:49 326918 --ahs---- C:\WINDOWS\system32\rrutv.ini2
2008-01-08 01:02:14 41472 --a------ C:\WINDOWS\system32\pmnmnmn.dll
2008-01-08 00:58:47 39936 --a------ C:\WINDOWS\mrofinu572.exe
2008-01-08 00:58:41 2 --a------ C:\WINDOWS\system32\wnstsicom32.exe
2008-01-08 00:58:39 0 d-------- C:\Program Files\?ystem32
2008-01-08 00:58:39 0 d-------- C:\Program Files\Outerinfo
2008-01-08 00:58:33 0 d-------- C:\WINDOWS\system32\s?curity
2008-01-08 00:58:29 41472 -----n--- C:\WINDOWS\system32\yayxxxy.dll
2008-01-08 00:58:29 0 d-------- C:\WINDOWS\system32\ardCo01


-- Find3M Report ---------------------------------------------------------------

2008-02-02 02:30:24 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-25 15:00:00 0 d-------- C:\Program Files\Norton Security Scan
2008-01-24 21:24:51 0 d-------- C:\Program Files\rpg2003
2008-01-24 12:11:20 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-01-24 06:22:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-01-21 01:59:24 0 d-------- C:\Program Files\Full Tilt Poker
2008-01-17 16:36:11 10240 --a------ C:\WINDOWS\jtcres32.dll
2008-01-17 14:22:29 231424 --a------ C:\WINDOWS\mapisrv32.dll
2008-01-16 10:52:44 0 d-------- C:\Program Files\DivX
2008-01-16 10:51:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-16 10:51:51 0 d-------- C:\Program Files\Common Files
2008-01-14 04:49:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-10 15:38:09 0 d-------- C:\Program Files\Windows NT
2008-01-08 04:00:57 0 d-------- C:\Program Files\BHODemon 2
2008-01-08 00:58:39 0 d-------- C:\Program Files\?ystem32
2008-01-02 00:27:39 0 d-------- C:\Program Files\Virtools
2008-01-02 00:27:38 5538 --a------ C:\WINDOWS\mozver.dat
2007-12-30 12:32:43 26112 --a------ C:\WINDOWS\iashlpr32.dll
2007-12-30 12:32:39 241664 --a------ C:\WINDOWS\certproc32.exe
2007-12-27 19:30:33 36 --a------ C:\WINDOWS\system32\m4p.dat
2007-12-07 08:34:59 0 d-------- C:\Program Files\Nalsoft
2007-12-06 05:58:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-12-01 08:46:50 221696 --a------ C:\WINDOWS\systeldd32.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68898186-5A8D-4286-94F8-8CCEBB3C5BA5}]
02/03/2008 06:37 AM 326144 --a------ C:\WINDOWS\system32\pmkhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1759A31-E627-4758-9562-6899DF36C9C2}]
01/08/2008 12:58 AM 41472 --------- C:\WINDOWS\system32\yayxxxy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E1759A31-E627-4758-9562-6899DF36C9C2}"= C:\WINDOWS\system32\yayxxxy.dll [01/08/2008 12:58 AM 41472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxxxy]
yayxxxy.dll 01/08/2008 12:58 AM 41472 C:\WINDOWS\system32\yayxxxy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Legacy VGA Drivers V1.0"=C:\WINDOWS\certproc32.exe
"Intel Audio Studio V2.0"=C:\WINDOWS\fmideploy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM67fde461"=Rundll32.exe "C:\WINDOWS\system32\licjfbka.dll",s


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Intel Audio Studio V2.0]
C:\WINDOWS\fmideploy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IntelliMouse Explorer V2.3]
C:\WINDOWS\netpefr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0]
C:\WINDOWS\certproc32.exe



-- End of Deckard's System Scanner: finished at 2008-02-04 01:38:11 ------------



That's that, i'm sure you can make more sense of it than I can. Thank you.

Attached Files



#4 bigpoppaj

bigpoppaj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 04 February 2008 - 01:45 AM

Also, installing things shouldn't be that big of a problem, i've successfully done it recently. Sorry, forgot to mention that.

#5 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:08 PM

Posted 06 February 2008 - 05:21 AM

Hi,

sorry for delay. Didn't mean to keep you waiting.

That is one messy computer.
Lesee what this can do for us.

Please follow instructions at this page for the use of comboFix and post contents of C:\combofix.txt

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure to look it all through before use -- and please do install the Recovery Console.

If any problems running Combofix -- please report the errors/issues back here.

There will be more work to do.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#6 bigpoppaj

bigpoppaj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 07 February 2008 - 06:46 AM

Don't worry about the wait, it's no problem at all. No problems using combofix. I already had the recovery console installed. Here's my log.



ComboFix 08-02.05.3 - Owner 2008-02-07 6:23:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\yayxxxy.dll
C:\3456346345643.exe
C:\Documents and Settings\Admin\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
C:\Documents and Settings\Admin\Application Data\install.dat
C:\Documents and Settings\Admin\Application Data\WNSXS~1
C:\Documents and Settings\Admin\Application Data\YSTEM~1
C:\Documents and Settings\Admin\Application Data\YSTEM~1\YSTEM~1\ctxad-470.0000
C:\Documents and Settings\Admin\Application Data\YSTEM~1\YSTEM~1\ctxad-470.0001
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\{34CED~1
C:\Program Files\Common Files\{34CED~1\Activate.exe
C:\Program Files\Common Files\{34CED~1\MyToolBar.dll
C:\Program Files\Common Files\{34CED~1\Uninst.exe
C:\Program Files\Common Files\{64CED~1
C:\Program Files\Common Files\{64CED~1\system.dll
C:\Program Files\Common Files\{64CED~1\Update.exe
C:\Program Files\Common Files\{64CED~2
C:\Program Files\Common Files\{64CED~2\system.dll
C:\Program Files\Common Files\{64CED~2\Update.exe
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\sembly~1\bak\regsvr32.exe
C:\Program Files\Common Files\sembly~1\regsvr32.exe
C:\Program Files\Common Files\ymante~1
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\mbols~1
C:\Program Files\outerinfo
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1169173782.old
C:\Program Files\WinBudget\bin\matrix.dll
C:\Program Files\ystem3~1
C:\Program Files\ystem3~1\?ti2evxx.exe
C:\RECYCLER\desktop.ini
C:\sstray.exe
C:\syst.exe
C:\temp.htm
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\tskmgr.exe
C:\WINDOWS\a.exe
C:\WINDOWS\aakjl.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\IA
C:\WINDOWS\IA\asappsrv.dll
C:\WINDOWS\IA\command.exe
C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\inf\vcdb32.dll
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\pp.exe
C:\WINDOWS\system32\a13
C:\WINDOWS\system32\a13\rarndrll2.exe
C:\WINDOWS\system32\aandcnht.dll
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\advvmavt.exe
C:\WINDOWS\system32\agcnpnlq.ini
C:\WINDOWS\system32\ashxxmdb.dll
C:\WINDOWS\system32\asnaddcs.dll
C:\WINDOWS\system32\assbvwab.dll
C:\WINDOWS\system32\aueuvicn.exe
C:\WINDOWS\system32\ayusnjdx.dll
C:\WINDOWS\system32\bdlvoyuc.dll
C:\WINDOWS\system32\bdncnwpc.dll
C:\WINDOWS\system32\cfjokvat.ini
C:\WINDOWS\system32\cfsynkjy.dll
C:\WINDOWS\system32\cinowmvx.dll
C:\WINDOWS\system32\cktstmcu.ini
C:\WINDOWS\system32\cohycmjh.ini
C:\WINDOWS\system32\csnhgrbj.exe
C:\WINDOWS\system32\cuoaxdrx.dll
C:\WINDOWS\system32\cxpjnqbw.ini
C:\WINDOWS\system32\dbcscfta.exe
C:\WINDOWS\system32\dgasrdpi.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dwftvtyx.dll
C:\WINDOWS\system32\e2
C:\WINDOWS\system32\e2\caws83122.exe
C:\WINDOWS\system32\ebptbevq.dll
C:\WINDOWS\system32\epoblwtk.dll
C:\WINDOWS\system32\eubfxneq.dll
C:\WINDOWS\system32\evekhadv.dll
C:\WINDOWS\system32\ewtocevh.dll
C:\WINDOWS\system32\fbhfnvkk.exe
C:\WINDOWS\system32\fhqbvsck.dll
C:\WINDOWS\system32\fisvglof.exe
C:\WINDOWS\system32\fkupcbjt.dll
C:\WINDOWS\system32\fmglouuf.dll
C:\WINDOWS\system32\fqmkmvfn.dll
C:\WINDOWS\system32\ftjttifv.dll
C:\WINDOWS\system32\ftogixha.exe
C:\WINDOWS\system32\fuuolgmf.ini
C:\WINDOWS\system32\fxjotmqi.ini
C:\WINDOWS\system32\g1
C:\WINDOWS\system32\g1\db50ene.exe
C:\WINDOWS\system32\givgfgiu.ini
C:\WINDOWS\system32\gmkkgsng.dll
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hjbermmp.dll
C:\WINDOWS\system32\hjmcyhoc.dll
C:\WINDOWS\system32\hmwuvurj.dll
C:\WINDOWS\system32\hogiettr.exe
C:\WINDOWS\system32\hsrofsnv.dll
C:\WINDOWS\system32\hytgxdqw.dll
C:\WINDOWS\system32\i8
C:\WINDOWS\system32\i8\taldrvr11.exe
C:\WINDOWS\system32\ihfjnmyu.dll
C:\WINDOWS\system32\iqmtojxf.dll
C:\WINDOWS\system32\irorsjue.dll
C:\WINDOWS\system32\jdychlke.dll
C:\WINDOWS\system32\kcsvbqhf.ini
C:\WINDOWS\system32\kndcjlov.dll
C:\WINDOWS\system32\koknbiju.ini
C:\WINDOWS\system32\kpqpbsam.dll
C:\WINDOWS\system32\krjxhjqf.ini
C:\WINDOWS\system32\ksbxtkkx.ini
C:\WINDOWS\system32\lcgryace.dll
C:\WINDOWS\system32\lgauqqut.ini
C:\WINDOWS\system32\lhrcyckc.dll
C:\WINDOWS\system32\licjfbka.dll
C:\WINDOWS\system32\lrvbgrek.dll
C:\WINDOWS\system32\mduovjmk.exe
C:\WINDOWS\system32\mjuplfhp.dll
C:\WINDOWS\system32\mjvxxljb.dll
C:\WINDOWS\system32\mthwkgiq.exe
C:\WINDOWS\system32\mtjcmily.ini
C:\WINDOWS\system32\mvtaawco.exe
C:\WINDOWS\system32\myxwnodh.dll
C:\WINDOWS\system32\natrroif.dll
C:\WINDOWS\system32\nmtbychd.dll
C:\WINDOWS\system32\oapaslri.ini
C:\WINDOWS\system32\obyjjvpw.dll
C:\WINDOWS\system32\ocodkipw.dll
C:\WINDOWS\system32\ogdcmcku.exe
C:\WINDOWS\system32\oghhuhdp.dll
C:\WINDOWS\system32\oqtnyfod.dll
C:\WINDOWS\system32\orqppuov.exe
C:\WINDOWS\system32\ovdayfry.dll
C:\WINDOWS\system32\oyqvlftc.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pcliaqqv.dll
C:\WINDOWS\system32\pdhbikix.dll
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pmnmnmn.dll
C:\WINDOWS\system32\pmttfgma.dll
C:\WINDOWS\system32\ppktgxdw.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\pyijhnyr.dll
C:\WINDOWS\system32\qenxfbue.ini
C:\WINDOWS\system32\qkmpdatb.dll
C:\WINDOWS\system32\qosytnjr.ini
C:\WINDOWS\system32\qovcvfpr.dll
C:\WINDOWS\system32\qpppjjkp.dll
C:\WINDOWS\system32\qujicoss.dll
C:\WINDOWS\system32\qvebtpbe.ini
C:\WINDOWS\system32\rdhkeqqt.ini
C:\WINDOWS\system32\rdosibfx.exe
C:\WINDOWS\system32\rojiafhy.dll
C:\WINDOWS\system32\rrqbnmjp.exe
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\rudcfxwn.dll
C:\WINDOWS\system32\scddansa.ini
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\scurit~1\s?curity\
C:\WINDOWS\system32\scurit~1\wucrtupd.exe
C:\WINDOWS\system32\taixjwiy.ini
C:\WINDOWS\system32\tavkojfc.dll
C:\WINDOWS\system32\tcfenduq.dll
C:\WINDOWS\system32\thncdnaa.ini
C:\WINDOWS\system32\tuqquagl.dll
C:\WINDOWS\system32\ucmtstkc.dll
C:\WINDOWS\system32\uearreid.dll
C:\WINDOWS\system32\ujibnkok.dll
C:\WINDOWS\system32\ukvlvfyi.ini
C:\WINDOWS\system32\umilyamh.exe
C:\WINDOWS\system32\uoqxccia.dll
C:\WINDOWS\system32\vcsgiuiy.exe
C:\WINDOWS\system32\vdahkeve.ini
C:\WINDOWS\system32\vjfhfmfy.exe
C:\WINDOWS\system32\vnsforsh.ini
C:\WINDOWS\system32\vqfoqaxk.dll
C:\WINDOWS\system32\waelsjjq.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wdnwceij.exe
C:\WINDOWS\system32\weumsonr.dll
C:\WINDOWS\system32\wgckoels.dll
C:\WINDOWS\system32\wlhoemai.ini
C:\WINDOWS\system32\wmhmiros.dll
C:\WINDOWS\system32\wnstsicom32.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\x22
C:\WINDOWS\system32\x22\c124wvr.exe
C:\WINDOWS\system32\xjfxedct.dll
C:\WINDOWS\system32\xvmwonic.ini
C:\WINDOWS\system32\xytvtfwd.ini
C:\WINDOWS\system32\yayxxxy.dll
C:\WINDOWS\system32\ycavwavn.ini
C:\WINDOWS\system32\yiwjxiat.dll
C:\WINDOWS\system32\yrfyadvo.ini
C:\WINDOWS\tk58.exe
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://store.urge.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NPF
-------\DomainService
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-04 01:32 . 2008-02-04 01:32 <DIR> d-------- C:\Deckard
2008-01-24 21:24 . 2008-01-24 21:24 <DIR> d-------- C:\Program Files\Yume Team
2008-01-21 15:30 . 2008-01-21 15:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 14:58 . 2008-01-21 14:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-16 12:41 . 2000-03-07 00:00 473,600 --a------ C:\WINDOWS\system32\Harmony.dll
2008-01-16 12:41 . 2000-03-07 00:00 237,568 --a------ C:\WINDOWS\system32\Unlha32.dll
2008-01-16 10:53 . 2008-01-16 10:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-01-16 10:52 . 2005-02-22 22:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-16 10:51 . 2008-01-16 10:51 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-01-16 10:51 . 2008-01-16 10:51 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-16 10:51 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-11 13:05 . 2008-02-05 19:57 147 --a------ C:\WINDOWS\BM67fde461.xml
2008-01-11 13:05 . 2008-02-07 05:57 22 --a------ C:\WINDOWS\pskt.ini
2008-01-11 00:25 . 2008-01-11 00:25 <DIR> d-------- C:\WINDOWS\system32\AppData
2008-01-10 15:44 . 2008-01-10 15:44 <DIR> d-------- C:\Program Files\WinUtilities
2008-01-10 13:26 . 2004-01-26 08:10 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\WINDOWS
2008-01-10 13:26 . 2004-01-27 05:21 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Symantec
2008-01-10 13:26 . 2004-01-26 07:28 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Sonic
2008-01-10 13:26 . 2004-01-26 08:49 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\SampleView
2008-01-10 13:26 . 2004-01-27 05:26 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\interMute
2008-01-10 13:15 . 2008-01-11 11:53 2,111,323 --ahs---- C:\WINDOWS\system32\lmhfrquy.ini
2008-01-08 00:58 . 2008-01-08 00:58 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2008-01-08 00:58 . 2008-01-08 00:58 <DIR> d-------- C:\temp\cEeer12
2008-01-08 00:58 . 2008-01-02 16:33 39,936 -ra------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-07 21:26 . 2008-01-18 19:38 146 --a------ C:\WINDOWS\gtiplus.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 07:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-25 20:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-25 02:24 --------- d-----w C:\Program Files\rpg2003
2008-01-24 17:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-01-21 06:59 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-17 21:36 10,240 ----a-w C:\WINDOWS\jtcres32.dll
2008-01-17 19:22 231,424 ----a-w C:\WINDOWS\mapisrv32.dll
2008-01-16 15:52 --------- d-----w C:\Program Files\DivX
2008-01-16 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 09:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 09:00 --------- d-----w C:\Program Files\BHODemon 2
2008-01-02 05:27 --------- d-----w C:\Program Files\Virtools
2007-12-30 17:32 26,112 ----a-w C:\WINDOWS\iashlpr32.dll
2007-12-30 17:32 241,664 ----a-w C:\WINDOWS\certproc32.exe
2007-12-07 13:34 --------- d-----w C:\Program Files\Nalsoft
2007-12-01 13:46 221,696 ----a-w C:\WINDOWS\systeldd32.dll
2007-10-31 04:44 246 ----a-w C:\Program Files\Common Files\quha919
2007-10-30 07:40 70,144 ----a-w C:\Program Files\Common Files\quha134.dll
2007-10-30 04:45 70,144 ----a-w C:\Program Files\Common Files\quha489.dll
2007-10-30 04:38 70,144 ----a-w C:\Program Files\Common Files\quha504.dll
2007-10-30 04:08 70,144 ----a-w C:\Program Files\Common Files\quha706.dll
2007-10-30 03:58 70,144 ----a-w C:\Program Files\Common Files\quha553.dll
2007-10-30 03:47 70,144 ----a-w C:\Program Files\Common Files\quha695.dll
2007-10-30 03:38 70,144 ----a-w C:\Program Files\Common Files\quha160.dll
2007-10-30 02:17 70,144 ----a-w C:\Program Files\Common Files\quha.dll
2007-06-04 09:28 456,272 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-06-04 08:51 0 ---h--w C:\Program Files\AppUpdate.log
2007-01-30 00:42 0 ----a-w C:\Program Files\system spy server v1.0
2005-08-01 21:43 40 -c--a-w C:\Documents and Settings\Admin\language.dat
2005-03-06 19:09 1,795 -c-h--w C:\Documents and Settings\All Users\Application Data\mssaru.dat
2005-01-27 22:53 13,195 -c--a-w C:\Documents and Settings\Admin\zguicfgw.dat
2005-01-27 22:53 13,195 ----a-w C:\Documents and Settings\Administrator.XB2X7J77GN\zguicfgw.dat
2004-07-21 16:55 0 -c--a-w C:\Documents and Settings\Admin\sdd1dat.dat
2004-07-21 16:55 0 ----a-w C:\Documents and Settings\Administrator.XB2X7J77GN\sdd1dat.dat
2003-11-12 03:34 2,560 -c--a-w C:\Program Files\dellater.exe
2007-10-31 03:38 415,279 --sha-w C:\WINDOWS\system32\adeeg.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Legacy VGA Drivers V1.0"=C:\WINDOWS\certproc32.exe
"Intel Audio Studio V2.0"=C:\WINDOWS\fmideploy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM67fde461"=Rundll32.exe "C:\WINDOWS\system32\licjfbka.dll",s

S4 s3svc;Enterprise Mailing Service;C:\WINDOWS\system32\sse.exe [2007-04-15 11:29]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IntelliMouse Explorer V2.3]
C:\WINDOWS\netpefr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0]
C:\WINDOWS\certproc32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 06:36:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 6:40:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 11:40:39
.
2007-09-20 13:01:43 --- E O F ---



And Hi-Jack this just in case, because it said to include it


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:32 AM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

--
End of file - 899 bytes

#7 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:08 PM

Posted 08 February 2008 - 05:05 PM

Hi,

Sorry for delay. ISP issues here.
That is one fugly big mess. :|

You aware of "System Spy Server" being installed? Installed by you?
It is a keylogger:

http://vil.nai.com/vil/content/v_119029.htm

If not installed by you -- we'll remove it.
whatever the case -- You had pretty much every trojan/logger malware in the book so if you do any online banking, CC shopping and such -- please get to a clean box to change your passwords.
No sensitive transactions till you are clean.
Change also passwords to any other sensitive sites you belong to -- gaming, email, IM, etc.

In all honesty -- if this was my box -- I'd have formatted it.
I'm not positive we can fix everything..

Onward ...

Open notepad and copy the following text to it:

http://www.bleepingcomputer.com/forums/t/129184/yayxxxydll-winlogon/?p=734745

file::
C:\WINDOWS\system32\lmhfrquy.ini
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\iashlpr32.dll
C:\WINDOWS\certproc32.exe
C:\WINDOWS\systeldd32.dll
C:\WINDOWS\system32\adeeg.bak2

suspect::
C:\Program Files\Common Files\quha919
C:\Program Files\Common Files\quha134.dll
C:\Program Files\Common Files\quha489.dll
C:\Program Files\Common Files\quha504.dll
C:\Program Files\Common Files\quha706.dll
C:\Program Files\Common Files\quha553.dll
C:\Program Files\Common Files\quha695.dll
C:\Program Files\Common Files\quha160.dll
C:\Program Files\Common Files\quha.dll
C:\Documents and Settings\Admin\zguicfgw.dat
C:\Documents and Settings\All Users\Application Data\mssaru.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\BM67fde461.xml

folder::
C:\WINDOWS\system32\ardCo01
C:\temp\cEeer12

dirlook::
C:\WINDOWS\system32\AppData

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Legacy VGA Drivers V1.0"=-
"Intel Audio Studio V2.0"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM67fde461"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IntelliMouse Explorer V2.3]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0]

Save file as CFScript.txt to your desktop.

Close running programs.
Drag CFScript on top of Combofix and drop it.
Combofix will start...
follow its prompts.

When system reboots you will be asked to upload a cab file.
This is ComboFix uploading suspect files I asked for so please allow it to.
Let me know when you did this upload so I can track easier the files to look for.

Please post the new C:\Combofix.txt here in your next reply.

Next:

Run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Next:

It does not look like you have any antivirus installed ...
See if you can get one up and running.
Few good freebies to choose from:

Avast:
http://www.avast.com/eng/avast_4_home.html
Tutorial:
http://www.bleepingcomputer.com/tutorials/how-to-use-avast-antivirus/

AVG:
http://free.grisoft.com/doc/1

AntiVir:
http://www.free-av.com/antivirus/allinonen.html

Only install ONE to avoid conflicts.

Then post fresh hijackthis log please.

Let me know how machine is behaving. Any more popups?
Antivirus you installed continue to work correctly?
Programs working OK?

Let me know about that keylogger...(wether or not you installed it)

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#8 bigpoppaj

bigpoppaj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 09 February 2008 - 05:40 AM

No, I don't recall installing the keylogger. I've installed Avast, no problem. I used to have Norton, but it messed up somehow and I never got another one. Stupid mistake on my part. Pop-ups are gone, my internet's running faster, no crashing, the programs i've used have worked fine. I was planning on deleting some of the stuff off of my computer though, like pictures, files, music and programs I don't use, but will that mess up the cleansing and analyzing for you? I'm not going to do anything until you say it's allright, so don't worry. Here's everything that you asked for, The files from combofix were submitted at 19.58 on 02-08-08.





ComboFix 08-02.05.3 - Owner 2008-02-08 19:59:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.205 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\certproc32.exe
C:\WINDOWS\iashlpr32.dll
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\systeldd32.dll
C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\lmhfrquy.ini
.

((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-08 19:44 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe
2008-02-04 01:32 . 2008-02-04 01:32 <DIR> d-------- C:\Deckard
2008-01-24 21:24 . 2008-01-24 21:24 <DIR> d-------- C:\Program Files\Yume Team
2008-01-21 15:30 . 2008-01-21 15:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 14:58 . 2008-01-21 14:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-16 12:41 . 2000-03-07 00:00 473,600 --a------ C:\WINDOWS\system32\Harmony.dll
2008-01-16 12:41 . 2000-03-07 00:00 237,568 --a------ C:\WINDOWS\system32\Unlha32.dll
2008-01-16 10:53 . 2008-01-16 10:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-01-16 10:52 . 2005-02-22 22:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-16 10:51 . 2008-01-16 10:51 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-01-16 10:51 . 2008-01-16 10:51 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-16 10:51 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-11 13:05 . 2008-02-05 19:57 147 --a------ C:\WINDOWS\BM67fde461.xml
2008-01-11 13:05 . 2008-02-07 05:57 22 --a------ C:\WINDOWS\pskt.ini
2008-01-11 00:25 . 2008-01-11 00:25 <DIR> d-------- C:\WINDOWS\system32\AppData
2008-01-10 15:44 . 2008-01-10 15:44 <DIR> d-------- C:\Program Files\WinUtilities
2008-01-10 13:26 . 2004-01-26 08:10 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\WINDOWS
2008-01-10 13:26 . 2004-01-27 05:21 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Symantec
2008-01-10 13:26 . 2004-01-26 07:28 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\Sonic
2008-01-10 13:26 . 2004-01-26 08:49 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\SampleView
2008-01-10 13:26 . 2004-01-27 05:26 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-XB2X7J77GN.000\Application Data\interMute

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 00:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-25 20:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-25 02:24 --------- d-----w C:\Program Files\rpg2003
2008-01-24 17:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-01-21 06:59 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-17 21:36 10,240 ----a-w C:\WINDOWS\jtcres32.dll
2008-01-17 19:22 231,424 ----a-w C:\WINDOWS\mapisrv32.dll
2008-01-16 15:52 --------- d-----w C:\Program Files\DivX
2008-01-16 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 09:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 09:00 --------- d-----w C:\Program Files\BHODemon 2
2008-01-02 05:27 --------- d-----w C:\Program Files\Virtools
2007-10-31 04:44 246 ----a-w C:\Program Files\Common Files\quha919
2007-10-30 07:40 70,144 ----a-w C:\Program Files\Common Files\quha134.dll
2007-10-30 04:45 70,144 ----a-w C:\Program Files\Common Files\quha489.dll
2007-10-30 04:38 70,144 ----a-w C:\Program Files\Common Files\quha504.dll
2007-10-30 04:08 70,144 ----a-w C:\Program Files\Common Files\quha706.dll
2007-10-30 03:58 70,144 ----a-w C:\Program Files\Common Files\quha553.dll
2007-10-30 03:47 70,144 ----a-w C:\Program Files\Common Files\quha695.dll
2007-10-30 03:38 70,144 ----a-w C:\Program Files\Common Files\quha160.dll
2007-10-30 02:17 70,144 ----a-w C:\Program Files\Common Files\quha.dll
2007-06-04 09:28 456,272 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-06-04 08:51 0 ---h--w C:\Program Files\AppUpdate.log
2007-01-30 00:42 0 ----a-w C:\Program Files\system spy server v1.0
2005-08-01 21:43 40 -c--a-w C:\Documents and Settings\Admin\language.dat
2005-03-06 19:09 1,795 -c-h--w C:\Documents and Settings\All Users\Application Data\mssaru.dat
2005-01-27 22:53 13,195 -c--a-w C:\Documents and Settings\Admin\zguicfgw.dat
2005-01-27 22:53 13,195 ----a-w C:\Documents and Settings\Administrator.XB2X7J77GN\zguicfgw.dat
2004-07-21 16:55 0 -c--a-w C:\Documents and Settings\Admin\sdd1dat.dat
2004-07-21 16:55 0 ----a-w C:\Documents and Settings\Administrator.XB2X7J77GN\sdd1dat.dat
2003-11-12 03:34 2,560 -c--a-w C:\Program Files\dellater.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\AppData ----

2008-01-11 00:25 16 --a------ C:\WINDOWS\system32\AppData\WinUtiModules\WO.exe.inf


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

S4 s3svc;Enterprise Mailing Service;C:\WINDOWS\system32\sse.exe [2007-04-15 11:29]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 20:03:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 20:04:02
ComboFix-quarantined-files.txt 2008-02-09 01:03:48
ComboFix2.txt 2008-02-09 00:50:45
ComboFix3.txt 2008-02-07 11:40:42
.
2007-09-20 13:01:43 --- E O F ---







F-SECURE

Scanning Report
Friday, February 08, 2008 20:15:56 - 21:56:00

Computer name: YOUR-XB2X7J77GN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 99 malware found
Backdoor.Win32.Aebot.r (virus)

* C:\PROGRAM FILES\JAVA\JRE1.5.0_02\BIN\JUSCHED.EXE (Renamed & Submitted)

Backdoor.Win32.Small.or (virus)

* C:\WINDOWS\NTMASPI32.DLL

Email-Worm.Win32.Zhelatin.am (virus)

* C:\WINDOWS\ZU.EXE (Renamed & Submitted)

Email-Worm.Win32.Zhelatin.z (virus)

* C:\WINDOWS\AF.EXE (Renamed & Submitted)

Malware.ADRA (virus)

* C:\HP\BIN\TRIALHTML\OFFICE 2003 EDITION 60 DAY TRIAL.EXE (Submitted)

Packed.Win32.PolyCrypt.d (virus)

* C:\PROGRAM FILES\CURB MANAGER README\ONLINE LESS.EXE (Submitted)

Smalltroj.CDWP (virus)

* C:\WINDOWS\RUN2.EXE (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

Trojan-Clicker.Win32.Agent.jh (virus)

* C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\JUSCHED.EXE (Renamed & Submitted)
* C:\PROGRAM FILES\COMMON FILES\AOL\1125718341\EE\AOLHOSTMANAGER.EXE (Renamed & Submitted)

Trojan-Downloader.VBS.Small.f (virus)

* C:\C.VBS (Renamed & Submitted)

Trojan-Downloader.Win32.Agent.baf (virus)

* C:\WINDOWS\BL4CK.COM (Renamed & Submitted)

Trojan-Downloader.Win32.ConHook.an (virus)

* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070409-230845-217.DLL (Renamed & Submitted)

Trojan-Downloader.Win32.FraudLoad.a (virus)

* C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\WINVSNET.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Obfuscated.n (virus)

* C:\DECKARD\SYSTEM SCANNER\BACKUP\WINDOWS\DOWNLOADED PROGRAM FILES\GDNUS2218.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Small.elu (virus)

* C:\WINDOWS\KBDCAN32.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.VB.bqc (virus)

* C:\WINDOWS\SYSTEM32\MZ02R\MZ02R1065.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Vivia.l (virus)

* C:\DECKARD\SYSTEM SCANNER\BACKUP\WINDOWS\DOWNLOADED PROGRAM FILES\SCRELOAD-MAMMA.EXE (Renamed & Submitted)

Trojan-Proxy.Win32.Delf.cc (virus)

* C:\WINDOWS\MSIDENT32.EXE (Renamed & Submitted)

Trojan-Spy.Win32.BZub.hx (virus)

* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070206-011702-244.DLL (Renamed & Submitted)

Trojan.Win32.BHO.ab (virus)

* C:\PROGRAM FILES\COMMON FILES\QUHA.DLL
* C:\PROGRAM FILES\COMMON FILES\QUHA134.DLL
* C:\PROGRAM FILES\COMMON FILES\QUHA160.DLL
* C:\PROGRAM FILES\COMMON FILES\QUHA489.DLL
* C:\PROGRAM FILES\COMMON FILES\QUHA504.DLL
* C:\PROGRAM FILES\COMMON FILES\QUHA553.DLL
* C:\PROGRAM FILES\COMMON FILES\QUHA695.DLL
* C:\PROGRAM FILES\COMMON FILES\QUHA706.DLL

Trojan.Win32.BHO.g (virus)

* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070131-015733-184.DLL (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070206-011701-116.DLL (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070228-220119-822.DLL (Renamed & Submitted)
* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070409-230845-854.DLL (Renamed & Submitted)

Trojan.Win32.Obfuscated.ev (virus)

* C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\PBLIMNM.DLL (Renamed & Submitted)

Vundo.BB (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080108-035903-782.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080108-035952-370.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080108-040102-138.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080110-133232-840.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080110-144611-417.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080110-154013-827.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080111-103455-669.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080111-103530-957.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080111-105627-133.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080111-112223-937.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080111-112251-212.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080111-112437-418.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080121-020636-624.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080121-152502-841.DLL (Submitted)

Vundo.gen38 (virus)

* C:\WINDOWS\JMLNOQ.INI (Submitted)

Vundo.gen51 (virus)

* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080110-133232-799.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080121-020636-550.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\IBPROCMAN\BACKUPS\BACKUP-20080203-062144-780.DLL (Submitted)

W32/Agent.DUEY (virus)

* C:\PROGRAM FILES\NES\FCE ULTRA\FCEU.EXE (Submitted)

W32/Malware.BXHJ (virus)

* C:\HP\RECOVERY\WIZARD\SWR_WIZARD.EXE (Submitted)

W32/Sdbot.ALIC (virus)

* C:\WINDOWS\KBDEST32.DLL (Submitted)

W32/Smalltroj.BTZK (virus)

* C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\TNYQAJ6T\WEBY14X[1].EXE (Submitted)

W32/Smalltroj.CRVB (virus)

* C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE (Submitted)
* C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\BAK\REALSCHED.EXE (Submitted)

W32/Vundo.gen3 (virus)

* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070129-233314-599.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070129-233343-649.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070131-012636-152.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070131-015733-279.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\ADMIN\DESKTOP\BACKUPS\BACKUP-20070206-011701-741.DLL (Submitted)

Win32.Backdoor.Agent (spyware)

* System (Disinfected)

Win32.Trojan.Agent (spyware)

* System (Disinfected)

Zlob.ACD (virus)

* C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SPBI32JB.DEFAULT\CACHE(5)\ECAFD867D01 (Submitted)

Statistics
Scanned:

* Files: 60337
* System: 5462
* Not scanned: 12

Actions:

* Disinfected: 3
* Renamed: 20
* Deleted: 0
* None: 76
* Submitted: 53

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
* C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL
* C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
* C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
* C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
* C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
* C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6607D6DACADBCE5F15E059280EC8497_3F6695C5-2F28-4A1F-BBA8-A1796E704B05
* C:\DECKARD\SYSTEM SCANNER\BACKUP\WINDOWS\TEMP\HSPERFDATA_OWNER\1220

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2008-02-07
* F-Secure AVP: 7.0.171, 2008-02-08
* F-Secure Orion: 1.2.37, 2008-02-08
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Pegasus: 1.19.0, 2008-01-06

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
* Use Advanced heuristics






And Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:59 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\setupeng.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\_av_sfx.tm~a03428\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

--
End of file - 1159 bytes


I noticed F-Secure on there, is that normal? Thanks for all of your help, even just what we've done so far has worked wonders for my computer, and probably saved my brothers life, since he's the one that likes downloading random things online... :thumbsup:

Edited by bigpoppaj, 09 February 2008 - 06:08 PM.


#9 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:08 PM

Posted 10 February 2008 - 09:03 AM

Hi,

sorry for the wait .. & thanks for the files.

I noticed F-Secure on there, is that normal?

Yes it is normal. It was installed when you did the online scan.
You may uninstall it if you wish when we are done. (I may need you to do another run)

What version of Norton did you have? do you remember?

If there are programs and stuff you want to remove -- go ahead. It shouldn't interfere with what we are doing.
Don't delete the tools we used yet though. Will clean that up after.

Still some things in the log to remove.

Open a new notepad and copy the following text to it:

file::
C:\WINDOWS\jtcres32.dll
C:\WINDOWS\mapisrv32.dll
C:\Program Files\Common Files\quha919
C:\Program Files\Common Files\quha134.dll
C:\Program Files\Common Files\quha489.dll
C:\Program Files\Common Files\quha504.dll
C:\Program Files\Common Files\quha706.dll
C:\Program Files\Common Files\quha553.dll
C:\Program Files\Common Files\quha695.dll
C:\Program Files\Common Files\quha160.dll
C:\Program Files\Common Files\quha.dll
C:\WINDOWS\RUN2.EXE 
C:\WINDOWS\NTMASPI32.DLL
C:\WINDOWS\JMLNOQ.INI 
C:\WINDOWS\KBDEST32.DLL  

folder::
C:\PROGRAM FILES\CURB MANAGER README
C:\Program Files\system spy server v1.0

Save it as CFScript.txt to your desktop.
shut down running programs including security software and disconnect from internet.

Drag CFScript.txt on top of combofix just like you did last time.
let it do its thing.

Post the new C:\Combofix.txt when done please.
Let me know how machine is running after this round.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#10 bigpoppaj

bigpoppaj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 10 February 2008 - 09:43 PM

Here's the log. The version of norton was called norton antivirus 2004 professional, i'm not sure of any more details beyond that. But the computer is running good, it seems to be running faster every time I get on. I don't think it's ran as fast as this, ever. Also, I got my recycle bin back! I thought my brother deleted it a long time ago trying to empty it(he's slow) and I never found anything on restoring it. Thanks. :thumbsup:


ComboFix 08-02.05.3 - Owner 2008-02-10 21:31:15.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Common Files\quha.dll
C:\Program Files\Common Files\quha134.dll
C:\Program Files\Common Files\quha160.dll
C:\Program Files\Common Files\quha489.dll
C:\Program Files\Common Files\quha504.dll
C:\Program Files\Common Files\quha553.dll
C:\Program Files\Common Files\quha695.dll
C:\Program Files\Common Files\quha706.dll
C:\Program Files\Common Files\quha919
C:\WINDOWS\jmlnoq.ini
C:\WINDOWS\JMLNOQ.INI
C:\WINDOWS\jtcres32.dll
C:\WINDOWS\KBDEST32.DLL
C:\WINDOWS\kbdest32.dll
C:\WINDOWS\mapisrv32.dll
C:\WINDOWS\NTMASPI32.DLL
C:\WINDOWS\run2.exe
C:\WINDOWS\RUN2.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\quha919
C:\PROGRAM FILES\CURB MANAGER README
C:\PROGRAM FILES\CURB MANAGER README\Online Less.exe
C:\Program Files\system spy server v1.0\
C:\WINDOWS\jmlnoq.ini
C:\WINDOWS\jtcres32.dll
C:\WINDOWS\kbdest32.dll
C:\WINDOWS\mapisrv32.dll
C:\WINDOWS\run2.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-09 05:45 . 2008-02-09 05:45 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-09 05:45 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-09 05:45 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-09 05:45 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-09 05:45 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-09 05:45 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-09 05:45 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-09 05:45 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-09 05:45 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-08 19:58 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe
2008-02-04 01:32 . 2008-02-04 01:32 <DIR> d-------- C:\Deckard
2008-01-24 21:24 . 2008-01-24 21:24 <DIR> d-------- C:\Program Files\Yume Team
2008-01-21 15:30 . 2008-01-21 15:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 14:58 . 2008-01-21 14:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-16 12:41 . 2000-03-07 00:00 473,600 --a------ C:\WINDOWS\system32\Harmony.dll
2008-01-16 12:41 . 2000-03-07 00:00 237,568 --a------ C:\WINDOWS\system32\Unlha32.dll
2008-01-16 10:53 . 2008-01-16 10:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-01-16 10:52 . 2005-02-22 22:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-16 10:51 . 2008-01-16 10:51 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-01-16 10:51 . 2008-01-16 10:51 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-16 10:51 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-11 13:05 . 2008-02-05 19:57 147 --a------ C:\WINDOWS\BM67fde461.xml
2008-01-11 13:05 . 2008-02-07 05:57 22 --a------ C:\WINDOWS\pskt.ini
2008-01-11 00:25 . 2008-01-11 00:25 <DIR> d-------- C:\WINDOWS\system32\AppData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 00:11 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-09 00:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-25 20:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-25 02:24 --------- d-----w C:\Program Files\rpg2003
2008-01-24 17:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-01-16 15:52 --------- d-----w C:\Program Files\DivX
2008-01-16 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 09:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-10 20:44 --------- d-----w C:\Program Files\WinUtilities
2008-01-08 09:00 --------- d-----w C:\Program Files\BHODemon 2
2008-01-02 05:27 --------- d-----w C:\Program Files\Virtools
2007-06-04 09:28 456,272 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-06-04 08:51 0 ---h--w C:\Program Files\AppUpdate.log
2007-01-30 00:42 0 ----a-w C:\Program Files\system spy server v1.0
2005-08-01 21:43 40 -c--a-w C:\Documents and Settings\Admin\language.dat
2005-03-06 19:09 1,795 -c-h--w C:\Documents and Settings\All Users\Application Data\mssaru.dat
2005-01-27 22:53 13,195 -c--a-w C:\Documents and Settings\Admin\zguicfgw.dat
2005-01-27 22:53 13,195 ----a-w C:\Documents and Settings\Administrator.XB2X7J77GN\zguicfgw.dat
2004-07-21 16:55 0 -c--a-w C:\Documents and Settings\Admin\sdd1dat.dat
2004-07-21 16:55 0 ----a-w C:\Documents and Settings\Administrator.XB2X7J77GN\sdd1dat.dat
2003-11-12 03:34 2,560 -c--a-w C:\Program Files\dellater.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

S4 s3svc;Enterprise Mailing Service;C:\WINDOWS\system32\sse.exe [2007-04-15 11:29]

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 21:35:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 21:35:40
ComboFix-quarantined-files.txt 2008-02-11 02:35:27
ComboFix2.txt 2008-02-09 01:04:03
ComboFix3.txt 2008-02-09 00:50:45
ComboFix4.txt 2008-02-07 11:40:42
.
2007-09-20 13:01:43 --- E O F ---

#11 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:08 PM

Posted 11 February 2008 - 02:33 AM

Hey :blink:

Looking better all the time too.

Hmmmm...

Can you grab me an uninstall list from Hijackthis please:

open Hijackthis
click "config"
Click "misc tools"
click "open uninstall manager"
Click "save list..."
Save the list and post it here.

Check in add/remove programs to see if system spy server is listed.
If it is -- uninstall it & reboot when done.

Then delete:

C:\Program Files\system spy server v1.0 <-- folder

You mentioned earlier Norton not being removed right --
You had Norton 2004 --

download the removal tool for your OS from this page:

http://service1.symantec.com/SUPPORT/tsgen...&view=docid

Once saved, run it and follow the prompts.
No need to look for product keys and so on since you are not re-installing the product.

Let me know how things are after reboot.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#12 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:08 PM

Posted 11 February 2008 - 02:49 AM

I forgot to ask something ..

Can you have these 2 files scanned:

C:\WINDOWS\system32\Harmony.dll
C:\WINDOWS\system32\Unlha32.dll

At this site please:

http://www.virustotal.com/en/indexf.html

Let me know results if any.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#13 bigpoppaj

bigpoppaj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 11 February 2008 - 11:29 PM

Uninstalled Norton no problem. Didn't find anything installed under spy system server. I don't think it's installed. My ISP is upgrading my internet on wednesday, so it should be faster than ever! :thumbsup:


My uninstall list

7-Zip 4.48 beta
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
Adobe Shockwave Player
Age of Empires III
Agere Systems PCI Soft Modem
ArcSoft PhotoStudio 5.5
ArcSoft VideoImpression 2
avast! Antivirus
BHODemon 2.0.0.23
BitTorrent 5.0.7
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
Collab
DivX
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
FL Studio 6
Fruity Loops Studio Producer Edition XXL v6.04 Patcher
Full Tilt Poker
GiPo@MoveOnBoot 1.9.5
Guitar Hero Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
hp deskjet 5100
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Software Update
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.14.10
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Monopolie 0.9.7
Monopoly
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Card Reader
Nalsoft RuitLeaguer v10501
Network Play System (Patching)
Next Generation Visualisations
Norton Security Scan
Oregon Trail 3
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
PokerStars
Quicken 2004
RealOne Player
RecordNow!
Ringtone Ripper
RPG Maker 2000 1.05
RPG Maker 2003 v1.08
RTP 1.32 Add-On for RM2k
RTP for RM2K (Png, Wav, Midi, Fonts)
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SoulSeek Client 156c
SpamSubtract
Spybot - Search & Destroy 1.4
The Sims House Party
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
URGE
VIA/S3G Display Driver
VIA/S3G Display Driver
Viewpoint Media Player (Remove Only)
Virtools 3D Life Player
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinUtilities 5.3
WinZip 11.1



I'm keeping Avast running and trying to clear some more useless files, I defragmented it too. Both of the files you wanted me to scan came up with 0/32. I'm not sure if you still wanted the results but i'll save them in case you do.

#14 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:08 PM

Posted 13 February 2008 - 04:47 AM

Hi,

Open Hijackthis
click "config"
Click "misc tools"
Click "open uninstall manager"
Hilight this entry:
Nalsoft RuitLeaguer v10501

Then copy/paste back here what is in the "Uninstall command" at right.

Exit Hijackthis.

Next:

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

Click "I accept"

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save report button.
  • Call it Kaspersky.txt
  • Expand the arrow beside "file types" and save as .txt file.
    http://i266.photobucket.com/albums/ii277/s...Kas-Savetxt.gif
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

*Note2
If you have Internet Explorer 7 installed:
If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.
Page will reload and you should be able to carry on scan.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#15 bigpoppaj

bigpoppaj
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 14 February 2008 - 09:31 AM

Sorry about taking so long, i've been working a lot.


"C:\Program Files\Nalsoft\RuitLeaguer\uninstall.exe"

That's the uninstall command for the program.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 14, 2008 9:28:30 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 565364
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
K:\
L:\
M:\
N:\

Scan Statistics:
Total number of scanned objects: 168722
Number of viruses found: 64
Number of infected objects: 419
Number of suspicious objects: 0
Duration of the scan process: 01:51:25

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\WINVSNET.0XE Infected: Trojan-Downloader.Win32.FraudLoad.a skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\yazzsnet.exe/data0003 Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\yazzsnet.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\GDNUS2218.0XE Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\SCRELOAD-MAMMA.0XE Infected: Trojan-Downloader.Win32.Vivia.l skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\hsperfdata_Owner\1220 Object is locked skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win1FF2.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win2654.tmp Infected: Trojan-Proxy.Win32.Xorpix.ar skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win2A52.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win37D5.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win39A4.tmp Infected: Email-Worm.Win32.Zhelatin.ay skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win3A19.tmp Infected: Email-Worm.Win32.Zhelatin.i skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win3BA2.tmp Infected: Email-Worm.Win32.Zhelatin.i skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win49C7.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win51C4.tmp Infected: Email-Worm.Win32.Zhelatin.bx skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win556B.tmp Infected: Email-Worm.Win32.Zhelatin.i skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win5BA2.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win5E38.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win67B.tmp Infected: Trojan-Proxy.Win32.Xorpix.ar skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win7756.tmp Infected: Trojan.Win32.Pakes skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win98C1.tmp Infected: Email-Worm.Win32.Zhelatin.i skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\win9A04.tmp Infected: Email-Worm.Win32.Zhelatin.bc skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winA016.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winA11.tmp Infected: Email-Worm.Win32.Zhelatin.bc skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winB82F.tmp Infected: Email-Worm.Win32.Zhelatin.i skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winBCF4.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winBF9.tmp Infected: Email-Worm.Win32.Zhelatin.bx skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winC1B8.tmp Infected: Trojan-Proxy.Win32.Xorpix.m skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winC2A4.tmp Infected: Email-Worm.Win32.Zhelatin.d skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winCAF6.tmp Infected: Email-Worm.Win32.Zhelatin.i skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winCE2.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winE3D2.tmp Infected: Email-Worm.Win32.Zhelatin.w skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winE67.tmp Infected: Email-Worm.Win32.Zhelatin.bx skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\winEA7F.tmp Infected: Email-Worm.Win32.Zhelatin.i skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\spbi32jb.default\Cache(5)\CCCE4F73d01/data0002 Infected: Trojan.Win32.DNSChanger.hd skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\spbi32jb.default\Cache(5)\CCCE4F73d01 NSIS: infected - 1 skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\spbi32jb.default\Cache(5)\ECAFD867d01/data0007 Infected: Trojan-Downloader.Win32.Zlob.ahe skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\spbi32jb.default\Cache(5)\ECAFD867d01 NSIS: infected - 1 skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\spbi32jb.default\Cache(5)\ECAFD867d01 UPX: infected - 1 skipped
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\spbi32jb.default\Cache(5)\ECAFD867d01 PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\Admin\Desktop\backups\backup-20070129-233314-599.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\Documents and Settings\Admin\Desktop\backups\backup-20070129-233343-649.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\Documents and Settings\Admin\Desktop\backups\backup-20070131-012636-152.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\Documents and Settings\Admin\Desktop\backups\BACKUP-20070131-015733-184.0LL Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Admin\Desktop\backups\backup-20070131-015733-279.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\Documents and Settings\Admin\Desktop\backups\BACKUP-20070206-011701-116.0LL Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Admin\Desktop\backups\backup-20070206-011701-741.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\Documents and Settings\Admin\Desktop\backups\BACKUP-20070206-011702-244.0LL Infected: Trojan-Spy.Win32.BZub.hx skipped
C:\Documents and Settings\Admin\Desktop\backups\BACKUP-20070228-220119-822.0LL Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Admin\Desktop\backups\BACKUP-20070409-230845-217.0LL Infected: Trojan-Downloader.Win32.ConHook.an skipped
C:\Documents and Settings\Admin\Desktop\backups\backup-20070409-230845-590.dll Infected: not-a-virus:AdWare.Win32.BHO.ar skipped
C:\Documents and Settings\Admin\Desktop\backups\BACKUP-20070409-230845-854.0LL Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\PBLIMNM.0LL Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6607d6dacadbce5f15e059280ec8497_3f6695c5-2f28-4a1f-bba8-a1796e704b05 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea563f5ed0b8ea72081a19b9b561dd25_fda75b57-2637-48fa-84a5-f4b7f21eb747 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-62087fe9.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-62087fe9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080108-035903-403.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080108-035903-782.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080108-035952-370.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080108-040102-138.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080110-133232-234.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080110-133232-799.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080110-133232-840.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080110-144611-417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080110-144611-868.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080110-154013-495.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080110-154013-827.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-103455-521.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-103455-669.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-103530-626.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-103530-957.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-105627-133.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-105627-362.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-112223-215.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-112223-937.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-112251-212.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-112251-911.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-112437-418.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080111-112437-616.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080121-020636-333.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080121-020636-550.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080121-020636-624.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080121-152502-387.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080121-152502-841.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080203-062144-320.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Owner\Desktop\ibprocman\backups\backup-20080203-062144-780.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip/quha.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip/quha134.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip/quha160.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip/quha489.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip/quha504.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip/quha553.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip/quha695.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip/quha706.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\Owner\Desktop\[4]-Submit_2008-02-08@19.58.zip ZIP: infected - 8 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\7zi068kb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_548.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\AOL\1125718341\ee\AOLHOSTMANAGER.0XE Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Program Files\ewido\security suite\Quarantine\quaraFile109.ess/packed Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\Program Files\ewido\security suite\Quarantine\quaraFile109.ess GZIP: infected - 1 skipped
C:\Program Files\Java\jre1.5.0_02\bin\JUSCHED.0XE Infected: Backdoor.Win32.Aebot.r skipped
C:\Program Files\Java\jre1.5.0_10\bin\JUSCHED.0XE Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\QooBox\Quarantine\C\3456346345643.exe.vir Infected: Trojan-Downloader.Win32.Tibs.kh skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\SEMBLY~1\bak\regsvr32.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ek skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\SEMBLY~1\regsvr32.exe.vir Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{34CED~1\MyToolBar.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{64CED~1\system.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{64CED~1\Update.exe.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{64CED~2\system.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{64CED~2\Update.exe.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\CURB MANAGER README\Online Less.exe.vir Infected: Packed.Win32.PolyCrypt.d skipped
C:\QooBox\Quarantine\C\Program Files\ISM2\cringupd.exe.vir/stream/data0001 Infected: not-a-virus:AdWare.Win32.Agent.te skipped
C:\QooBox\Quarantine\C\Program Files\ISM2\cringupd.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.te skipped
C:\QooBox\Quarantine\C\Program Files\ISM2\cringupd.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\crap.1169173782.old.vir/data0000.bin Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\crap.1169173782.old.vir EmbeddedEXE: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\QooBox\Quarantine\C\Program Files\YSTEM3~1\аti2evxx.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\QooBox\Quarantine\C\sstray.exe.vir/stream/data0003 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\sstray.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\sstray.exe.vir/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\sstray.exe.vir/stream/data0007 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\sstray.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\sstray.exe.vir NSIS: infected - 5 skipped
C:\QooBox\Quarantine\C\syst.exe.vir Infected: Trojan-Downloader.Win32.Tibs.kh skipped
C:\QooBox\Quarantine\C\tskmgr.exe.vir/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\QooBox\Quarantine\C\tskmgr.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\a.exe.vir Infected: Trojan-Downloader.Win32.Agent.baf skipped
C:\QooBox\Quarantine\C\WINDOWS\IA\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\QooBox\Quarantine\C\WINDOWS\IA\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\QooBox\Quarantine\C\WINDOWS\inf\vcdb32.dll.vir Infected: Virus.Win32.Agent.x skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.tmp.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\QooBox\Quarantine\C\WINDOWS\pp.exe.vir Infected: Email-Worm.Win32.Zhelatin.as skipped
C:\QooBox\Quarantine\C\WINDOWS\run2.exe.vir/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\QooBox\Quarantine\C\WINDOWS\run2.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\a13\rarndrll2.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aandcnht.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\advvmavt.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ardCo01\ardCo011065.exe.vir Infected: Trojan-Downloader.Win32.VB.ccs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ashxxmdb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\asnaddcs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\assbvwab.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aueuvicn.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ayusnjdx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bdlvoyuc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bdncnwpc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cfsynkjy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cinowmvx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\csnhgrbj.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cuoaxdrx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dbcscfta.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dgasrdpi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dwftvtyx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\e2\caws83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\e2\caws83122.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ebptbevq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\epoblwtk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\eubfxneq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\evekhadv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ewtocevh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fbhfnvkk.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fhqbvsck.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fisvglof.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fkupcbjt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fmglouuf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fqmkmvfn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ftjttifv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ftogixha.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\g1\db50ene.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gmkkgsng.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hjbermmp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hjmcyhoc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hmwuvurj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hogiettr.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hsrofsnv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hytgxdqw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ihfjnmyu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iqmtojxf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\irorsjue.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jdychlke.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kndcjlov.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kpqpbsam.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lcgryace.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lhrcyckc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\licjfbka.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lrvbgrek.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mduovjmk.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mjuplfhp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mjvxxljb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mthwkgiq.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mvtaawco.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\myxwnodh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\natrroif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nmtbychd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\obyjjvpw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ocodkipw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ogdcmcku.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oghhuhdp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oqtnyfod.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\orqppuov.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ovdayfry.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oyqvlftc.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pcliaqqv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pdhbikix.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmnmn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmttfgma.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ppktgxdw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pyijhnyr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qkmpdatb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qovcvfpr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qpppjjkp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qujicoss.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rdosibfx.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rojiafhy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rrqbnmjp.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rudcfxwn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\SCURIT~1\wucrtupd.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ez skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tavkojfc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcfenduq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tuqquagl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ucmtstkc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uearreid.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ujibnkok.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\umilyamh.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uoqxccia.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vcsgiuiy.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vjfhfmfy.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vqfoqaxk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\waelsjjq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wdnwceij.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\weumsonr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wgckoels.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmhmiros.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\x22\c124wvr.exe.vir Infected: Trojan-Downloader.Win32.Small.gks skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xjfxedct.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yiwjxiat.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\catchme2008-02-07_ 63630.48.zip/pmkhh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-07_ 63630.48.zip/yayxxxy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-07_ 63630.48.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP11\A0002434.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP11\A0002439.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP11\A0002439.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP14\change.log Object is locked skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP4\A0001018.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001068.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001069.exe Infected: Trojan-Downloader.Win32.PurityScan.ek skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001070.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Agent.te skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001070.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.te skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001070.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001072.old/data0000.bin Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001072.old EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001073.dll Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001074.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001075.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001076.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001077.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001080.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001080.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001080.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001080.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001080.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001080.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001081.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001081.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001083.dll Infected: Virus.Win32.Agent.x skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001084.exe Infected: Email-Worm.Win32.Zhelatin.as skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001085.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001086.exe Infected: Trojan-Downloader.Win32.Tibs.kh skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001090.exe Infected: Trojan-Downloader.Win32.Agent.baf skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001091.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001094.exe Infected: Trojan-Downloader.Win32.Tibs.kh skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001095.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001096.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001097.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001098.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001099.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001100.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001101.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001102.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001103.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001104.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001105.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001106.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001107.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001108.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001109.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001110.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001111.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001112.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001113.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001114.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001116.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001118.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001119.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001120.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001121.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001122.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001123.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001124.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001125.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001126.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001127.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001128.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001129.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001130.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001131.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001132.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001133.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001134.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001135.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001136.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001137.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001138.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001139.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001140.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001141.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001142.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001143.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001144.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001145.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001146.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001147.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001148.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001149.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001150.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001151.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001152.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001153.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001155.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001156.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001157.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001158.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001159.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001160.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001161.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001162.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001163.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001164.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001165.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001166.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001167.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001168.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001169.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001170.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001171.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001172.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001173.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001174.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001175.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001176.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001179.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001180.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001181.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001182.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001183.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001184.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001185.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001186.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001187.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001188.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001189.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001190.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001226.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001228.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001229.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001230.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001231.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001232.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001232.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001233.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001235.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001236.exe Infected: Trojan-Downloader.Win32.Small.gks skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001241.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP5\A0001242.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP7\A0001308.exe Infected: Trojan-Downloader.Win32.VB.ccs skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002302.dll Infected: Backdoor.Win32.Small.or skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002303.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002304.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002305.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002306.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002307.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002308.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002309.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002310.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002311.vbs Infected: Trojan-Downloader.VBS.Small.f skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002312.exe Infected: Email-Worm.Win32.Zhelatin.z skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002313.com Infected: Trojan-Downloader.Win32.Agent.baf skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002314.exe Infected: Trojan-Downloader.Win32.Small.elu skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002315.exe Infected: Trojan-Proxy.Win32.Delf.cc skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002316.exe Infected: Email-Worm.Win32.Zhelatin.am skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002317.exe Infected: Trojan-Downloader.Win32.VB.bqc skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002318.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002319.exe Infected: Backdoor.Win32.Aebot.r skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002320.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002321.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002322.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002323.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002324.dll Infected: Trojan-Spy.Win32.BZub.hx skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002325.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002326.dll Infected: Trojan-Downloader.Win32.ConHook.an skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002327.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002328.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002329.exe Infected: Trojan-Downloader.Win32.Vivia.l skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP8\A0002330.exe Infected: Trojan-Downloader.Win32.FraudLoad.a skipped
C:\temp\CSv16P150.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.aa skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\AF.0XE Infected: Email-Worm.Win32.Zhelatin.z skipped
C:\WINDOWS\BL4CK.0OM Infected: Trojan-Downloader.Win32.Agent.baf skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\KBDCAN32.0XE Infected: Trojan-Downloader.Win32.Small.elu skipped
C:\WINDOWS\MSIDENT32.0XE Infected: Trojan-Proxy.Win32.Delf.cc skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{EFB69CB6-AD7A-4C22-8300-161DABEE003B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system\hpsysdrv.exe1175906894 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\WINDOWS\system\hpsysdrv.exe1176013226 Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\WINDOWS\system\UpdInstall.exe Infected: not-a-virus:AdWare.Win32.Look2Me.as skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\Mz02r\MZ02R1065.0XE Infected: Trojan-Downloader.Win32.VB.bqc skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\woinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\WINDOWS\woinstall.exe WiseSFX: infected - 1 skipped
C:\WINDOWS\ZU.0XE Infected: Email-Worm.Win32.Zhelatin.am skipped

Scan process completed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users