Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infections: Krap, Monder, Trojan-Dropper and More


  • This topic is locked This topic is locked
34 replies to this topic

#1 JDW1991

JDW1991

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 22 July 2009 - 07:46 PM

Hi, I used Kaspersky Online Scanner 7, and it tells me (not to my surprise) that I have many malware infections (sorry if the list is unnecessary):

-Backdoor.Win32.Rbot.acfg
-Hoax.Win32.Renos.gh
-not-a-virus:Adware.Win32.180Solutions.as
-not-a-virus:Adware.Win32.2Search.f
-not-a-virus:Adware.Win32.2Search.p
-not-a-virus:Adware.Win32.BannerMod.a
-not-a-virus:Adware.Win32.HotBar.bw
-not-a-virus:Adware.Win32.NaviPromo.t
-not-a-virus:Adware.Win32.NewDotNet
-not-a-virus:Adware.Win32.PurityScan.ae
-not-a-virus:Adware.Win32.PurityScan.ak
-not-a-virus:Adware.Win32.Relevant.a
-not-a-virus:Adware.Win32.Virtumonde.mju
-not-a-virus:FraudTool.Win32.WorldSecurityOnline.d
-not-a-virus:WebToolbar.Win32.WhenU.f
-Packed.Win32.Krap.p
-Trojan-Downloader.HTML.Iframe.aal
-Trojan-Downloader.JS.FraudLoad.a
-Trojan-Downloader.JS.Iframe.bhz
-Trojan-Downloader.JS.LuckySploit.e
-Trojan-Downloader.Win32.FraudLoad.edj
-Trojan-Downloader.Win32.FraudLoad.wfmb
-Trojan-Downloader.Win32.Murlo.baf
-Trojan-Downloader.Win32.PurityScan.co
-Trojan-Downloader.Win32.PurityScan.cp
-Trojan-Dropper.Win32.Agent.atmg
-Trojan-Dropper.Win32.Delf.ajo
-Trojan-Spy.Win32.Agent.alws
-Trojan-Spy.Win32.Agent.alxc
-Trojan-Spy.Win32.Agent.amah
-Trojan-Spy.Win32.Agent.amgi
-Trojan-Spy.Win32.Agent.amum
-Trojan-Spy.Win32.Agent.anlx
-Trojan-Spy.Win32.Agent.aobx
-Trojan-Spy.Win32.Agent.aoej
-Trojan-Spy.Win32.Agent.aohk
-Trojan-Spy.Win32.Agent.apee
-Trojan.Win32.Agent.zae
-Trojan.Win32.Monder.blpd
-Trojan.Win32.Monder.bpri
-Trojan.Win32.Monder.bygu
-Trojan.Win32.Monder.byyb
-Trojan.Win32.Monder.byyw
-Trojan.Win32.Monder.bzii
-Trojan.Win32.Monder.caiv
-Trojan.Win32.Monder.caoh
-Trojan.Win32.Monder.cewa
-Trojan.Win32.Monder.cfgk
-Trojan.Win32.Monder.ckhn
-Trojan.Win32.Monder.clwi
-Trojan.Win32.Monder.clwy
-Trojan.Win32.Monder.clxj
-Trojan.Win32.Monder.clyw
-Trojan.Win32.Monder.cmbk
-Trojan.Win32.Monder.cmwt
-Trojan.Win32.Monder.cocf
-Trojan.Win32.Monder.dk
-Trojan.Win32.Monder.gen
-Trojan.Win32.Obfuscated.en
-Trojan.Win32.Obfuscated.gen
-Trojan.Win32.Small.bzi
-Trojan.Win32.Stuh.lia

Most of the infected files are infected with Packed.Win32.Krap.p, and most of the infected files are eight-letter *.dll files in the C:\WINDOWS\system32\ folder. For example, "dejufedu.dll", "dekoyemo.dll", and "delidubu.dll" (they don't all begin with "d"). Packed.Win32.Krap.p infects only these files; none of these eight letter files are visible in explorer, whether or not hidden files are visible. Approximately, there are between 100 and 200 of these; fewer in number are the files infected with other malware items.

The registry contains a few entries (not sure if that's the right word :thumbup2: ), such as "jomimuzugi" and "CPM279034d9" (both of type "REG_SZ") in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that are associated with the eight-letter *.dlls mentioned above, and that are resistant to editing or deletion - if these entries are edited, they automatically return to their previous state. I'm no expert on computers, but it looks like the entries are telling the *.dlls to run.

The symptoms include infrequent advertisement pop-ups (there used to be more than there are now), and - though I'm not sure how or even if this is caused by malware - the D:\ drive constantly appears to be very low on free space, even though I've checked the properties of the subfolders of Documents and Settings, and other subfolders of the drive, and their size does not seem to account for that which is allegedly used within it. Furthermore, the amount of free space is not fixed at all times; it varies by a few megabytes most of the time, and a few dozen or more megabytes some of the time. Generally, the computer experiences occasional slowness, though this could in many situations be attributed to its age. There don't appear to be any threatening processes running that are visible in task manager, however, some innocent process files may have been infected by rogues. I don't even know if that's possible really, but as I say, I'm no expert, and that's why I'm here.

Thank you in advance for your help, and thanks for reading the long message :).

Here is the DDS information:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Joe at 1:26:58.20 on 23/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.142 [GMT 1:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\Joe.049688420010\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Packard Bell
uSearch Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {324f9ffe-c6af-4326-8530-023ef2050094} - c:\windows\system32\jkkKApNF.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {77ab5974-55a3-4737-9fd5-b93c64307f79} - c:\windows\system32\nelesoye.dll
BHO: {77d3a5b4-cfd1-4046-8909-7cd99a68311f} - c:\windows\system32\ssqOIBsS.dll
BHO: {8dcdf50f-db8c-45a2-bab2-1dd7cc6a5e4e} - c:\windows\system32\vakumene.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {c900b400-cdfe-11d3-976a-00e02913a9e0} - No File
BHO: {e5727799-54ae-47ab-bcf2-2b5347f0e945} - c:\windows\system32\raganapo.dll
BHO: ?????????????U?????????????????????????n?????????????????????????n?????????????? - No File
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: {84938242-5C5B-4A55-B6B9-A1507543B418} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [sysldtray] c:\windows\ld09.exe
mRun: [jomimuzugi] Rundll32.exe "?????????????i?????????????????????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????n??????????????:?+????????n????????????c:\windows\system32\wolugeri.dll",s
mRun: [CPM279034d9] Rundll32.exe "c:\windows\system32\robejaku.dll",a
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: ssqOIBsS - ssqOIBsS.dll
AppInit_DLLs: stem32\dokakuru.dll c:\windows\system32\febawoyi.dll c:\windows\system32\wolugeri.dll c:\windows\system32\robejaku.dll,?????????????i?????????????????????????n?????????????????????????n????????????????+????????n?????????????????????????n??????????????:?+????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????U?????????????????????????n?????????????????????????n??????????????
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\robejaku.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\robejaku.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {77d3a5b4-cfd1-4046-8909-7cd99a68311f} - c:\windows\system32\ssqOIBsS.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\jkkKApNF
LSA: Notification Packages = S\system32\wopowupa.dll c:\windows\system32\wolugeri.dll ?????????????i?????????????????????????n?????????????????????????n????????????????+????????n?????????????????????????n??????????????:?+????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????U?????????????????????????n?????????????????????????n??????????????

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2007-10-27 11886]
R1 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2004-7-23 336008]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-27 198248]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2004-8-27 235168]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-27 181864]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2004-10-28 177264]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2004-7-23 50312]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080423.025\NAVENG.Sys [2005-4-29 82256]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080423.025\NavEx15.Sys [2005-4-29 895408]
S2 ApacheMS4WWebServer;Apache MS4W Web Server;"d:\documents and settings\joe.049688420010\my documents\joe's folder\applications\ms4w_2.2.6\ms4w\apache\bin\httpd.exe" -k runservice --> d:\documents and settings\joe.049688420010\my documents\joe's folder\applications\ms4w_2.2.6\ms4w\apache\bin\httpd.exe [?]
S2 gupdate1c999b76c529a6c;Google Update Service (gupdate1c999b76c529a6c);c:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-27 79464]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-4-30 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-4-30 3768]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2004-7-23 198368]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-6-12 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-6-12 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-6-12 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-6-12 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-6-12 86368]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-07-21 15:26 2,713 ---sh--- c:\windows\system32\mulirowo.dll
2009-07-21 05:16 2,713 ---sh--- c:\windows\system32\hafatipo.dll
2009-07-21 05:15 2,713 ---sh--- c:\windows\system32\gukowema.dll
2009-07-20 10:30 2,713 ---sh--- c:\windows\system32\bimawoyo.dll
2009-07-20 10:30 2,713 ---sh--- c:\windows\system32\kunuzavi.dll
2009-07-19 11:46 2,713 ---sh--- c:\windows\system32\puzominu.dll
2009-07-19 11:45 2,713 ---sh--- c:\windows\system32\vetajume.dll
2009-07-18 19:33 2,713 ---sh--- c:\windows\system32\fefiyiri.dll
2009-07-18 19:31 2,713 ---sh--- c:\windows\system32\soziredo.dll
2009-07-11 15:30 2,713 ---sh--- c:\windows\system32\jinuwayi.dll
2009-07-11 15:28 2,713 ---sh--- c:\windows\system32\nogorike.dll
2009-07-11 15:28 2,713 ---sh--- c:\windows\system32\fokitape.dll
2009-07-09 08:02 2,713 ---sh--- c:\windows\system32\zodetego.dll
2009-07-09 08:00 2,713 ---sh--- c:\windows\system32\bosurezo.dll
2009-07-09 08:00 2,713 ---sh--- c:\windows\system32\pegeseyi.dll
2009-07-02 06:49 2,713 ---sh--- c:\windows\system32\velivomo.dll
2009-07-02 06:48 2,713 ---sh--- c:\windows\system32\buvoyaki.dll
2009-06-30 19:09 2,713 ---sh--- c:\windows\system32\nulutuni.dll
2009-06-30 06:37 2,713 ---sh--- c:\windows\system32\nefapifa.dll
2009-06-29 05:22 2,713 ---sh--- c:\windows\system32\dewezuwa.dll
2009-06-29 05:22 2,713 ---sh--- c:\windows\system32\dayoyadu.dll
2009-06-28 09:52 2,713 ---sh--- c:\windows\system32\sizesare.dll
2009-06-28 09:50 2,713 ---sh--- c:\windows\system32\kegezadu.dll
2009-06-27 08:24 2,713 ---sh--- c:\windows\system32\gipunowe.dll
2009-06-27 08:22 2,713 ---sh--- c:\windows\system32\yosimanu.dll
2009-06-25 05:58 2,713 ---sh--- c:\windows\system32\wimesabi.dll
2009-06-25 05:57 2,713 ---sh--- c:\windows\system32\dataheme.dll
2009-06-23 15:19 2,713 ---sh--- c:\windows\system32\ferazolu.dll
2009-06-23 15:18 2,713 ---sh--- c:\windows\system32\junefare.dll

==================== Find3M ====================

2009-07-20 18:52 135,168 a------- C:\zip.exe
2009-07-20 18:52 19,286 a------- C:\cleanup.exe
2009-07-20 18:52 574 a------- C:\cleanup.bat
2009-07-09 08:00 504,120 a--sh--- c:\windows\system32\saheloju.exe
2009-06-22 17:39 164 a------- C:\nm8912.bat
2009-06-22 17:38 15,360 a--sh--- c:\windows\system32\lopivasa.exe
2009-06-22 05:41 2,713 ---sh--- c:\windows\system32\kakekuze.dll
2009-06-22 05:39 2,713 ---sh--- c:\windows\system32\bidubiti.dll
2009-06-22 05:38 15,360 ----h--- c:\windows\ld09.exe
2009-06-22 05:38 15,360 a--sh--- c:\windows\system32\kewevuro.exe
2009-06-21 10:36 2,713 ---sh--- c:\windows\system32\yaruvofo.dll
2009-06-21 10:36 2,713 ---sh--- c:\windows\system32\sakamide.dll
2009-06-21 10:34 15,360 a--sh--- c:\windows\system32\puleziwu.exe
2009-06-20 18:02 2,713 ---sh--- c:\windows\system32\vufipuye.dll
2009-06-20 17:59 15,360 a--sh--- c:\windows\system32\hisatape.exe
2009-06-20 05:59 15,360 a--sh--- c:\windows\system32\herutoho.exe
2009-06-19 17:58 15,360 a--sh--- c:\windows\system32\hijiwuba.exe
2009-06-19 05:58 15,360 a--sh--- c:\windows\system32\fabireze.exe
2009-06-18 17:58 15,360 a--sh--- c:\windows\system32\keyipole.exe
2009-06-18 06:00 2,713 ---sh--- c:\windows\system32\tubivabo.dll
2009-06-18 05:58 2,713 ---sh--- c:\windows\system32\defariha.dll
2009-06-18 05:58 15,360 a--sh--- c:\windows\system32\devoresi.exe
2009-06-17 17:23 2,713 ---sh--- c:\windows\system32\sakabuji.dll
2009-06-17 17:20 15,360 a--sh--- c:\windows\system32\sisazibo.exe
2009-06-17 05:22 2,713 ---sh--- c:\windows\system32\riwakabe.dll
2009-06-17 05:22 2,713 ---sh--- c:\windows\system32\siruboma.dll
2009-06-16 05:23 2,713 ---sh--- c:\windows\system32\jobobuwi.exe
2009-06-16 05:23 2,713 ---sh--- c:\windows\system32\bedihidu.dll
2009-06-16 05:21 159 a------- C:\d45.bat
2009-06-16 05:21 15,360 a--sh--- c:\windows\system32\defariha.exe
2009-06-15 11:51 2,713 ---sh--- c:\windows\system32\sinodisi.dll
2009-06-15 11:49 2,713 ---sh--- c:\windows\system32\nakonaze.dll
2009-06-15 11:49 15,360 a--sh--- c:\windows\system32\degipeme.exe
2009-06-14 22:44 2,713 ---sh--- c:\windows\system32\medemovo.dll
2009-06-14 22:42 15,360 a--sh--- c:\windows\system32\yemibumi.exe
2009-06-14 10:42 15,360 a--sh--- c:\windows\system32\nemudodi.exe
2009-06-13 20:41 2,713 ---sh--- c:\windows\system32\nifarake.dll
2009-06-13 20:41 2,713 ---sh--- c:\windows\system32\lazahuji.dll
2009-06-13 20:40 538,430 a--sh--- c:\windows\system32\sofofuhi.exe
2009-06-13 20:40 15,360 a--sh--- c:\windows\system32\tumigike.exe
2009-06-13 08:35 2,713 ---sh--- c:\windows\system32\fumupofo.dll
2009-06-13 08:33 2,713 ---sh--- c:\windows\system32\sadeyoli.dll
2009-06-13 08:32 538,430 a--sh--- c:\windows\system32\lebapide.exe
2009-06-12 15:21 2,713 ---sh--- c:\windows\system32\devoresi.dll
2009-06-11 19:50 2,713 ---sh--- c:\windows\system32\butabefu.dll
2009-06-11 19:48 2,713 ---sh--- c:\windows\system32\wiwuzoza.dll
2009-06-11 19:47 2,713 ---sh--- c:\windows\system32\hizapego.dll
2009-06-08 22:52 2,713 ---sh--- c:\windows\system32\buhegavu.dll
2009-06-08 10:58 2,713 ---sh--- c:\windows\system32\sofodowi.dll
2009-06-07 21:55 2,713 ---sh--- c:\windows\system32\dejidono.dll
2009-06-07 09:57 2,713 ---sh--- c:\windows\system32\hoyobuva.dll
2009-06-05 13:13 2,713 ---sh--- c:\windows\system32\nivedusa.dll
2009-06-05 13:11 2,713 ---sh--- c:\windows\system32\degipeme.dll
2009-06-04 22:30 2,713 ---sh--- c:\windows\system32\guratayo.dll
2009-06-03 20:44 2,713 ---sh--- c:\windows\system32\jaduzumi.dll
2009-06-03 08:43 2,713 ---sh--- c:\windows\system32\tuneyevi.dll
2009-06-02 20:45 2,713 ---sh--- c:\windows\system32\hutikovu.dll
2009-06-02 20:45 2,713 ---sh--- c:\windows\system32\hewurogo.dll
2009-05-31 18:14 2,713 ---sh--- c:\windows\system32\mayonibe.dll
2009-05-31 18:13 2,713 ---sh--- c:\windows\system32\serevudo.dll
2009-05-30 10:32 88,064 a--sh--- c:\windows\system32\robejaku.dll
2009-05-30 10:32 80,896 a--sh--- c:\windows\system32\ludoyuja.dll
2009-05-28 10:16 87,040 a--sh--- c:\windows\system32\gajiname.dll
2009-05-27 08:28 49,664 a--sh--- c:\windows\system32\memovovo.dll
2009-05-27 08:27 106,496 a--sh--- c:\windows\system32\bulimane.dll
2009-05-26 11:37 106,496 a--sh--- c:\windows\system32\laraguji.dll
2009-05-25 20:37 106,496 a--sh--- c:\windows\system32\hazafupe.dll
2009-05-25 08:39 106,496 a--sh--- c:\windows\system32\lehebofi.dll
2009-05-24 10:09 106,496 a--sh--- c:\windows\system32\kobitaka.dll
2009-05-24 10:09 100,864 a--sh--- c:\windows\system32\vodesome.dll
2009-05-23 21:02 106,496 a--sh--- c:\windows\system32\safodaru.dll
2009-05-23 09:04 106,496 a--sh--- c:\windows\system32\bufezeza.dll
2009-05-22 06:05 106,496 a--sh--- c:\windows\system32\vetuyija.dll
2009-05-21 11:02 106,496 a--sh--- c:\windows\system32\ruyebana.dll
2009-05-20 18:11 106,496 a--sh--- c:\windows\system32\gedogeye.dll
2009-05-20 06:13 106,496 a--sh--- c:\windows\system32\remowoka.dll
2009-05-19 12:33 106,496 a--sh--- c:\windows\system32\sowemame.dll
2009-05-18 21:33 106,496 a--sh--- c:\windows\system32\rogahefa.dll
2009-05-18 09:37 106,496 a--sh--- c:\windows\system32\tutatezu.dll
2009-05-17 21:14 106,496 a--sh--- c:\windows\system32\maboveli.dll
2009-05-17 09:16 106,496 a--sh--- c:\windows\system32\kofemube.dll
2009-05-15 18:04 106,496 a--sh--- c:\windows\system32\bafuvisi.dll
2009-05-15 06:06 106,496 a--sh--- c:\windows\system32\gazeyuha.dll
2009-05-14 12:09 106,496 a--sh--- c:\windows\system32\wamejawe.dll
2009-05-13 18:20 106,496 a--sh--- c:\windows\system32\gipefewa.dll
2009-05-13 06:20 106,496 a--sh--- c:\windows\system32\gomujude.dll
2009-05-12 18:19 106,496 a--sh--- c:\windows\system32\midogiru.dll
2009-05-12 06:21 106,496 a--sh--- c:\windows\system32\bobebeji.dll
2009-05-11 15:56 106,496 a--sh--- c:\windows\system32\sosafuji.dll
2009-05-10 22:46 106,496 a--sh--- c:\windows\system32\falefigi.dll
2009-05-10 10:49 106,496 a--sh--- c:\windows\system32\jefizaya.dll
2009-05-09 22:44 106,496 a--sh--- c:\windows\system32\febawoyi.dll.vir
2009-05-09 22:44 102,400 a--sh--- c:\windows\system32\nelesoye.dll
2009-05-09 10:46 106,496 a--sh--- c:\windows\system32\wobupobu.dll
2009-05-08 06:48 106,496 a--sh--- c:\windows\system32\fopihofu.dll
2009-05-07 06:31 71,680 a--sh--- c:\windows\system32\pewafahu.dll
2009-05-07 06:31 106,496 a--sh--- c:\windows\system32\sayiwido.dll
2009-05-06 08:12 106,496 a--sh--- c:\windows\system32\nosadepu.dll
2009-05-05 05:36 99,840 a--sh--- c:\windows\system32\hisakite.dll
2009-05-05 05:36:09 A--SH--- 106,496 c:\windows\system32\tewetopi.dll
2009-04-03 06:46 0 a--sh--- c:\windows\system32\barijatu.dll
2009-03-14 09:33 142,848 a--sh--- c:\windows\system32\bdfdkf.dll
2009-03-04 19:30 101,376 a--sh--- c:\windows\system32\bekubonu.dll
2009-03-10 12:14 101,888 a--sh--- c:\windows\system32\bewijeze.dll
2009-03-14 09:33 107,008 a--sh--- c:\windows\system32\bibegipe.dll
2009-02-13 18:20 106,496 a--sh--- c:\windows\system32\bikurifo.dll
2009-04-10 18:29 109,056 a--sh--- c:\windows\system32\biravoja.dll
2009-02-10 12:41 74,534 a--sh--- c:\windows\system32\bogerijo.dll
2009-01-15 22:44 100,352 a--sh--- c:\windows\system32\bokosefu.dll
2009-01-14 22:44 109,568 a--sh--- c:\windows\system32\buhedina.dll
2009-01-14 10:25 99,517 a--sh--- c:\windows\system32\bulawasi.dll
2009-03-22 15:07 140,800 a--sh--- c:\windows\system32\bulopazo.dll
2009-03-24 06:34 141,312 a--sh--- c:\windows\system32\cuuvfu.dll
2009-04-14 22:44 71,168 a--sh--- c:\windows\system32\dafanole.dll
2009-03-20 05:59 0 a--sh--- c:\windows\system32\damopore.dll
2009-04-22 06:03 107,520 a--sh--- c:\windows\system32\dapatudi.dll
2009-02-05 17:34 106,496 a--sh--- c:\windows\system32\debabawe.dll
1601-01-01 01:12 140,800 a--sh--- c:\windows\system32\defohesi.dll
1601-01-01 01:12 105,984 a--sh--- c:\windows\system32\dejegima.dll
2009-03-17 16:20 101,376 a--sh--- c:\windows\system32\dejufedu.dll
2009-03-11 00:13 106,496 a--sh--- c:\windows\system32\dekoyemu.dll
2009-03-20 14:03 105,984 a--sh--- c:\windows\system32\delidubu.dll
2009-02-13 14:11 110,270 a--sh--- c:\windows\system32\doguzeri.dll
2009-01-30 06:36 105,984 a--sh--- c:\windows\system32\dojapode.dll
2009-04-14 22:44 109,568 a--sh--- c:\windows\system32\dokakuru.dll.vir
2009-01-19 21:45 109,056 a--sh--- c:\windows\system32\dosoyahe.dll
2009-01-08 22:39 103,140 a--sh--- c:\windows\system32\dovamewo.dll
1601-01-01 01:12 80,896 a--sh--- c:\windows\system32\dupefomu.dll
2009-03-27 14:59 104,960 a--sh--- c:\windows\system32\duyagawe.dll
2009-03-19 08:29 142,336 a--sh--- c:\windows\system32\esdnax.dll
2009-04-11 22:55 62,976 a--sh--- c:\windows\system32\falefigi.exe
2009-04-14 10:44 65,024 a--sh--- c:\windows\system32\fanenoto.exe
2009-03-01 12:02 143,077 a--sh--- c:\windows\system32\fedozuta.dll
2009-03-22 15:09 181 ---sh--- c:\windows\system32\fegufula.dll
2009-03-16 13:29 142,848 a--sh--- c:\windows\system32\fihiwiku.dll
2009-03-10 12:14 106,496 a--sh--- c:\windows\system32\fiyobubi.dll.vir
2008-05-16 07:34 780,494 a--sh--- c:\windows\system32\FNpAKkkj.ini2
2009-04-02 18:46 0 a--sh--- c:\windows\system32\fogiguzu.dll
2009-04-13 07:22 62,976 a--sh--- c:\windows\system32\fogiguzu.exe
2009-02-23 06:24 109,691 a--sh--- c:\windows\system32\fohiyizo.dll
2009-03-02 06:11 0 a--sh--- c:\windows\system32\fosepoyo.dll
2009-03-19 08:29 142,336 a--sh--- c:\windows\system32\fosowefe.dll
1601-01-01 01:12 108,032 a--sh--- c:\windows\system32\fujehone.dll
2009-01-28 17:52 97,792 a--sh--- c:\windows\system32\fuledipu.dll
2009-01-27 12:50 95,899 a--sh--- c:\windows\system32\fuyisajo.dll
1601-01-01 01:12 104,448 a--sh--- c:\windows\system32\gabuwuwo.dll
2009-01-27 17:19 59,904 a--sh--- c:\windows\system32\gavurane.exe
2009-01-21 17:55 64,000 a--sh--- c:\windows\system32\gavuzeyi.exe
2009-03-24 06:34 141,312 a--sh--- c:\windows\system32\gazanudu.dll
2009-02-20 18:11 106,496 a--sh--- c:\windows\system32\gejekoyu.dll
2009-04-06 05:49 105,472 a--sh--- c:\windows\system32\gekuhiri.dll
2009-03-06 20:41 102,400 a--sh--- c:\windows\system32\gemomume.dll
2009-01-29 18:30 105,472 a--sh--- c:\windows\system32\gesiwoha.dll
1601-01-01 01:12 74,412 a--sh--- c:\windows\system32\getaviwi.dll
2009-03-25 07:46 102,912 a--sh--- c:\windows\system32\getovojo.dll
2009-02-24 07:09 107,719 a--sh--- c:\windows\system32\gidogudi.dll
2009-03-14 10:42 0 a--sh--- c:\windows\system32\gikosiha.dll
2009-02-14 11:54 109,695 a--sh--- c:\windows\system32\giletisa.dll
2009-01-02 18:13 104,960 a--sh--- c:\windows\system32\giribemi.dll
2008-09-25 16:51 97,792 a--sh--- c:\windows\system32\gitiraru.dll
2009-04-04 10:13 105,984 a--sh--- c:\windows\system32\gitisowe.dll
2009-04-19 21:51 109,056 ---sh--- c:\windows\system32\gobekado.dll
2009-01-23 18:09 108,032 a--sh--- c:\windows\system32\gomukamu.dll
2009-01-14 22:44 71,168 a--sh--- c:\windows\system32\gubebusi.dll
2009-04-03 06:46 0 a--sh--- c:\windows\system32\gufulise.dll
2009-01-27 17:19 97,792 a--sh--- c:\windows\system32\gugiyake.dll
2009-03-30 12:15 99,840 a--sh--- c:\windows\system32\gujayiwo.dll
2009-02-04 10:37 106,496 a--sh--- c:\windows\system32\gukejibu.dll
2008-09-14 00:24 92,160 a--sh--- c:\windows\system32\gumovudo.dll
1601-01-01 01:12 88,064 a--sh--- c:\windows\system32\habemoya.dll
2009-01-26 15:24 70,973 a--sh--- c:\windows\system32\hafasego.dll
2009-04-06 17:10 0 a--sh--- c:\windows\system32\hajifagu.dll
2009-01-03 06:14 100,352 a--sh--- c:\windows\system32\haniyuga.dll
1601-01-01 01:12 0 a--sh--- c:\windows\system32\hapojute.dll
2009-01-03 18:14 99,328 a--sh--- c:\windows\system32\hawajifi.dll
2009-01-10 11:22 66,782 a--sh--- c:\windows\system32\hegiguve.dll
2009-04-05 11:02 100,352 a--sh--- c:\windows\system32\hekazezi.dll
2008-12-11 13:13 62,042 a--sh--- c:\windows\system32\herugife.dll
2009-03-03 07:09 144,003 a--sh--- c:\windows\system32\heupgj.dll
2009-02-07 13:23 108,375 a--sh--- c:\windows\system32\hevesopa.dll
1601-01-01 01:12 106,496 a--sh--- c:\windows\system32\heyehupi.dll
2009-01-07 17:52 104,448 a--sh--- c:\windows\system32\hibunevo.dll
2009-01-28 15:09 65,342 a--sh--- c:\windows\system32\hiniripa.dll
2009-02-14 11:54 95,575 a--sh--- c:\windows\system32\hivunote.dll
2009-02-27 15:11 109,331 a--sh--- c:\windows\system32\hiwumeku.dll
2009-01-14 22:44 71,168 a--sh--- c:\windows\system32\hobavana.dll
2009-03-02 13:33 108,312 a--sh--- c:\windows\system32\hobokuzu.dll
1601-01-01 01:12 105,984 a--sh--- c:\windows\system32\hohejupo.dll
2009-03-04 22:27 0 a--sh--- c:\windows\system32\holiwaga.dll
2009-01-27 12:50 107,638 a--sh--- c:\windows\system32\honomige.dll
2009-01-10 18:29 109,056 a--sh--- c:\windows\system32\honumopi.dll
2009-03-09 10:50 0 a--sh--- c:\windows\system32\hovufuka.dll
2009-03-20 05:59 0 a--sh--- c:\windows\system32\hulahake.dll
2009-03-06 20:41 106,496 a--sh--- c:\windows\system32\husamiza.dll
2009-02-10 12:41 102,026 a--sh--- c:\windows\system32\jahiyaso.dll
2009-02-23 21:02 106,496 a--sh--- c:\windows\system32\jahomayo.dll
2009-04-03 18:46 0 a--sh--- c:\windows\system32\janifedu.dll
2009-02-11 11:45 108,379 a--sh--- c:\windows\system32\jatipife.dll
2009-02-26 16:19 142,943 a--sh--- c:\windows\system32\jayosuto.dll
2008-12-11 13:13 90,259 a--sh--- c:\windows\system32\jenupiso.dll
1601-01-01 01:12 105,472 a--sh--- c:\windows\system32\jesuvaya.dll
1601-01-01 01:12 0 a--sh--- c:\windows\system32\jewipaje.dll
1601-01-01 01:12 74,534 a--sh--- c:\windows\system32\jifakade.dll
1601-01-01 01:12 79,872 a--sh--- c:\windows\system32\jigefuwi.dll
2009-03-08 11:29 100,317 a--sh--- c:\windows\system32\jijuwajo.dll
2009-01-21 17:55 109,056 a--sh--- c:\windows\system32\jimekaju.dll
1601-01-01 01:12 99,840 a--sh--- c:\windows\system32\jipilere.dll
2009-02-03 22:36 99,840 a--sh--- c:\windows\system32\jirohowu.dll
2009-01-22 09:49 86,313 a--sh--- c:\windows\system32\jiyayuda.dll
2009-02-03 07:20 63,212 a--sh--- c:\windows\system32\jogopamo.dll
2009-02-07 18:29 101,888 a--sh--- c:\windows\system32\joliyusi.dll
2009-02-18 12:31 95,395 a--sh--- c:\windows\system32\jotumumu.dll
2009-03-19 08:29 107,520 a--sh--- c:\windows\system32\jowujino.dll
1601-01-01 01:12 106,496 a--sh--- c:\windows\system32\jufonefi.dll
2009-02-27 15:11 143,015 a--sh--- c:\windows\system32\junehoda.dll
1601-01-01 01:12 140,800 a--sh--- c:\windows\system32\jurevewa.dll
2009-03-15 21:36 105,984 a--sh--- c:\windows\system32\jureviji.dll
2009-04-12 11:40 109,568 a--sh--- c:\windows\system32\kafawagi.dll
2009-03-29 09:43 105,472 a--sh--- c:\windows\system32\kanelewu.dll
2009-01-03 18:14 104,960 a--sh--- c:\windows\system32\kapihiwo.dll
2009-03-18 06:52 103,424 a--sh--- c:\windows\system32\kegovahe.dll
2009-02-20 15:29 95,465 a--sh--- c:\windows\system32\kejefuru.dll
2009-02-08 18:47 101,376 a--sh--- c:\windows\system32\kelinepe.dll
2009-02-13 14:11 74,412 a--sh--- c:\windows\system32\kerojade.dll
2009-03-22 15:07 101,888 a--sh--- c:\windows\system32\keyiguvu.dll
2009-01-02 06:12 106,496 a--sh--- c:\windows\system32\kiduruka.dll
2009-03-01 18:15 0 a--sh--- c:\windows\system32\kirasahi.dll
2009-04-19 09:44 99,328 a--sh--- c:\windows\system32\kirenalo.dll
2009-04-22 06:03 62,976 a--sh--- c:\windows\system32\kirenalo.exe
2009-03-17 17:20 0 a--sh--- c:\windows\system32\kivumolo.dll
2009-03-15 09:36 141,312 a--sh--- c:\windows\system32\kiyituhe.dll
2009-03-22 15:07 140,800 a--sh--- c:\windows\system32\klvqgc.dll
2009-01-01 19:37 96,854 a--sh--- c:\windows\system32\kohajawu.dll
2009-01-01 18:11 106,496 a--sh--- c:\windows\system32\koladofo.dll
2009-02-28 22:14 88,064 a--sh--- c:\windows\system32\konazuki.dll
2009-03-29 21:43 2,713 ---sh--- c:\windows\system32\kopurege.dll
1601-01-01 01:12 98,816 a--sh--- c:\windows\system32\korumore.dll
2009-03-06 08:43 107,520 a--sh--- c:\windows\system32\kowajovu.dll
2009-03-18 06:52 106,496 a--sh--- c:\windows\system32\kozezupo.dll
2009-01-15 10:44 108,544 a--sh--- c:\windows\system32\kubuyula.dll
2009-01-06 17:49 100,352 a--sh--- c:\windows\system32\kugeyugu.dll
2009-01-26 11:18 60,416 a--sh--- c:\windows\system32\kumeweva.exe
2009-02-27 15:11 143,015 a--sh--- c:\windows\system32\kuvbyc.dll
2009-03-11 16:18 106,496 a--sh--- c:\windows\system32\kuvimulo.dll
2009-03-30 12:15 107,008 a--sh--- c:\windows\system32\kuzeyogi.dll
2009-03-24 17:33 0 a--sh--- c:\windows\system32\kuzokutu.dll
2009-03-04 10:32 0 a--sh--- c:\windows\system32\lahekede.dll
2009-04-06 17:10 0 a--sh--- c:\windows\system32\lahofipe.dll
2009-04-09 10:13 71,168 a--sh--- c:\windows\system32\larihisu.dll
2009-03-12 08:57 106,496 a--sh--- c:\windows\system32\lasobemo.dll
2009-04-01 07:07 0 a--sh--- c:\windows\system32\ledanozo.dll
1601-01-01 01:12 133,632 a--sh--- c:\windows\system32\lefegosi.dll
2009-01-19 10:10 86,220 a--sh--- c:\windows\system32\lejorude.dll
2009-02-03 22:36 106,496 a--sh--- c:\windows\system32\leliwomu.dll
1601-01-01 01:12 142,848 a--sh--- c:\windows\system32\lelukuhi.dll
2009-04-06 17:50 105,984 a--sh--- c:\windows\system32\lemovefo.dll
2009-01-01 06:12 100,864 a--sh--- c:\windows\system32\lesuzeka.dll
2009-02-09 14:46 107,774 a--sh--- c:\windows\system32\lezaromo.dll
2009-03-10 18:01 0 a--sh--- c:\windows\system32\lezawino.dll
2009-03-04 07:11 109,814 a--sh--- c:\windows\system32\litikusi.dll
2009-02-10 22:46 102,400 a--sh--- c:\windows\system32\litunude.dll
2009-01-13 19:24 64,000 a--sh--- c:\windows\system32\lobeyari.exe
2009-02-23 21:02 100,864 a--sh--- c:\windows\system32\loyegeho.dll
2009-03-19 05:58 0 a--sh--- c:\windows\system32\loyuvejo.dll
2009-03-07 11:29 107,008 a--sh--- c:\windows\system32\loyuwisa.dll
2009-02-28 11:51 144,028 a--sh--- c:\windows\system32\lqlgks.dll
2009-01-16 10:44 101,376 a--sh--- c:\windows\system32\lufesoko.dll
2009-01-07 17:52 99,840 a--sh--- c:\windows\system32\lugapeda.dll
2009-02-09 22:44 102,400 a--sh--- c:\windows\system32\lugarine.dll
2009-03-16 13:29 106,496 a--sh--- c:\windows\system32\lujorosu.dll
2009-04-21 05:56 63,488 a--sh--- c:\windows\system32\lujorosu.exe
2009-03-09 10:50 0 a--sh--- c:\windows\system32\lukopijo.dll
2009-02-27 20:27 87,040 a--sh--- c:\windows\system32\lutajugi.dll
2009-02-18 21:33 100,864 a--sh--- c:\windows\system32\luveseja.dll
1601-01-01 01:12 139,776 a--sh--- c:\windows\system32\luvoneme.dll
2009-03-29 21:43 105,472 a--sh--- c:\windows\system32\luyusowa.dll
2009-03-01 06:10 0 a--sh--- c:\windows\system32\majudusu.dll
1601-01-01 01:12 105,984 a--sh--- c:\windows\system32\mamotapi.dll
2009-03-25 07:46 107,520 a--sh--- c:\windows\system32\mejiyuwo.dll
2009-01-26 11:18 105,472 a--sh--- c:\windows\system32\metitalu.dll
2009-03-24 06:34 105,472 a--sh--- c:\windows\system32\mibevilo.dll
1601-01-01 01:12 143,360 a--sh--- c:\windows\system32\midevebi.dll
2009-02-25 20:37 100,864 a--sh--- c:\windows\system32\mikasova.dll
2009-03-10 18:01 0 a--sh--- c:\windows\system32\minuzudi.dll
2009-03-08 22:50 0 a--sh--- c:\windows\system32\mufezuwi.dll
2009-01-23 18:09 99,840 a--sh--- c:\windows\system32\mumonuwi.dll
2009-03-16 17:19 0 a--sh--- c:\windows\system32\muzupera.dll
2009-03-18 18:54 107,520 a--sh--- c:\windows\system32\nageyefu.dll
1601-01-01 01:12 101,376 a--sh--- c:\windows\system32\nahuhiju.dll
1601-01-01 01:12 104,448 a--sh--- c:\windows\system32\nanuleya.dll
2009-04-05 11:02 106,496 a--sh--- c:\windows\system32\neletato.dll
2009-02-08 10:00 2,713 ---sh--- c:\windows\system32\nezovefo.dll
1601-01-01 01:12 100,352 a--sh--- c:\windows\system32\nezusena.dll
2009-03-01 12:02 108,269 a--sh--- c:\windows\system32\nikalute.dll
1601-01-01 01:12 102,400 a--sh--- c:\windows\system32\nisisaji.dll
1601-01-01 01:12 140,800 a--sh--- c:\windows\system32\nojutoko.dll
2009-01-26 11:18 100,352 a--sh--- c:\windows\system32\nokanoza.dll
2009-02-07 18:29 106,496 a--sh--- c:\windows\system32\nowaguki.dll
2009-02-06 16:24 97,598 a--sh--- c:\windows\system32\nowepeto.dll
2009-03-04 10:32 0 a--sh--- c:\windows\system32\nudeleze.dll
2009-04-06 17:10 0 a--sh--- c:\windows\system32\numatuma.dll
2009-02-18 21:33 106,496 a--sh--- c:\windows\system32\nupejote.dll
2009-03-01 12:02 143,077 a--sh--- c:\windows\system32\othxym.dll
2009-03-18 06:52 142,336 a--sh--- c:\windows\system32\ozvgsb.dll
2009-02-10 12:41 109,181 a--sh--- c:\windows\system32\pajohebu.dll
2009-02-28 11:51 109,211 a--sh--- c:\windows\system32\pakiguwu.dll
2009-01-17 10:24 85,213 a--sh--- c:\windows\system32\panosuba.dll
2009-04-17 12:53 110,592 a--sh--- c:\windows\system32\papubovu.dll
2009-04-10 18:29 64,512 a--sh--- c:\windows\system32\pebuhewe.exe
2009-02-27 20:27 80,384 a--sh--- c:\windows\system32\pegigage.dll
2009-03-08 11:29 108,032 a--sh--- c:\windows\system32\pekugedi.dll
2009-02-26 16:19 142,943 a--sh--- c:\windows\system32\pgusim.dll
2009-03-13 17:19 2,713 ---sh--- c:\windows\system32\pimihiva.dll
2009-03-23 06:53 2,713 ---sh--- c:\windows\system32\piyuzuju.dll
2009-01-24 21:07 99,840 a--sh--- c:\windows\system32\pizakuma.dll
2009-01-02 18:13 100,352 a--sh--- c:\windows\system32\podezowu.dll
1601-01-01 01:12 74,412 a--sh--- c:\windows\system32\pogewaso.dll
2009-02-13 18:20 100,352 a--sh--- c:\windows\system32\pudosuji.dll
2009-01-21 17:55 101,376 a--sh--- c:\windows\system32\putirise.dll
2009-03-07 21:54 0 a--sh--- c:\windows\system32\puwenesu.dll
2009-03-03 07:09 108,675 a--sh--- c:\windows\system32\puyekari.dll
2009-04-13 07:22 108,544 a--sh--- c:\windows\system32\rafaweti.dll
2009-03-18 17:58 0 a--sh--- c:\windows\system32\rafolate.dll
2009-03-25 17:56 0 a--sh--- c:\windows\system32\rahuziti.dll
2009-01-16 10:44 108,544 a--sh--- c:\windows\system32\ramuzovi.dll
1601-01-01 01:12 103,424 a--sh--- c:\windows\system32\ratifuya.dll
2009-03-25 17:56 0 a--sh--- c:\windows\system32\ravezula.dll
1601-01-01 01:12 107,520 a--sh--- c:\windows\system32\ravufuge.dll
2009-01-22 18:01 62,976 a--sh--- c:\windows\system32\rehosaki.exe
2009-03-29 09:43 100,352 a--sh--- c:\windows\system32\rejufopa.dll
2009-03-11 00:13 102,400 a--sh--- c:\windows\system32\renazuvi.dll
2009-01-17 10:24 62,102 a--sh--- c:\windows\system32\repozuyi.dll
2008-12-04 16:51 2,713 ---sh--- c:\windows\system32\revulazo.dll
2009-01-27 17:19 106,496 a--sh--- c:\windows\system32\rezakaju.dll
2009-01-07 05:55 105,472 a--sh--- c:\windows\system32\rigivika.dll
2009-04-19 09:44 109,056 a--sh--- c:\windows\system32\rigiwoti.dll
2009-03-17 16:20 108,032 a--sh--- c:\windows\system32\rinokulo.dll
2009-02-22 18:05 100,864 a--sh--- c:\windows\system32\riremaja.dll
1601-01-01 01:12 107,520 a--sh--- c:\windows\system32\risowupa.dll
2009-03-05 13:37 102,400 a--sh--- c:\windows\system32\rituvuza.dll
2009-02-20 18:11 100,864 a--sh--- c:\windows\system32\roliwiza.dll
1601-01-01 01:12 107,520 a--sh--- c:\windows\system32\ropenoya.dll
2009-03-31 06:12 105,472 a--sh--- c:\windows\system32\rudadiza.dll
2009-02-05 17:34 100,352 a--sh--- c:\windows\system32\rudagitu.dll
2009-04-11 10:54 108,544 a--sh--- c:\windows\system32\rufupiba.dll
2009-03-20 14:03 140,288 a--sh--- c:\windows\system32\ruhefife.dll
1601-01-01 01:12 107,520 a--sh--- c:\windows\system32\rulosuka.dll
2009-03-18 06:52 142,336 a--sh--- c:\windows\system32\rurisugo.dll
2009-04-03 18:46 0 a--sh--- c:\windows\system32\sajekeye.dll
2009-01-30 06:36 60,416 a--sh--- c:\windows\system32\sajekeye.exe
2009-01-23 18:09 62,976 a--sh--- c:\windows\system32\sasagasu.exe
2009-04-16 10:49 101,376 a--sh--- c:\windows\system32\satevowa.dll
2009-02-05 12:08 2,713 ---sh--- c:\windows\system32\satulosu.dll
2009-01-03 06:14 104,960 a--sh--- c:\windows\system32\sazukojo.dll
2008-12-30 19:16 97,008 a--sh--- c:\windows\system32\sehajiwi.dll
2009-01-24 21:06 61,952 a--sh--- c:\windows\system32\sehajiwi.exe
2009-03-16 17:19 0 a--sh--- c:\windows\system32\sejezeni.dll
2009-03-05 13:37 107,520 a--sh--- c:\windows\system32\sekanawo.dll
1601-01-01 01:12 106,496 a--sh--- c:\windows\system32\sekisahi.dll
2009-02-01 17:46 101,888 a--sh--- c:\windows\system32\senifetu.dll
2009-01-10 18:29 64,512 a--sh--- c:\windows\system32\setunude.exe
2009-01-01 18:11 100,864 a--sh--- c:\windows\system32\sevakidu.dll
1601-01-01 01:12 105,472 a--sh--- c:\windows\system32\sewoladu.dll
1601-01-01 01:12 105,984 a--sh--- c:\windows\system32\seyamoyu.dll
2009-02-25 12:28 108,214 a--sh--- c:\windows\system32\siremase.dll
2009-02-22 12:46 108,681 a--sh--- c:\windows\system32\sogidona.dll
2009-03-03 07:09 144,003 a--sh--- c:\windows\system32\sojerire.dll
2009-01-19 10:10 97,475 a--sh--- c:\windows\system32\sokazoya.dll
2009-02-28 11:51 144,028 a--sh--- c:\windows\system32\sokodewu.dll
1601-01-01 01:12 70,656 a--sh--- c:\windows\system32\sonuleme.dll
2009-03-06 21:52 0 a--sh--- c:\windows\system32\soremeno.dll
2009-04-19 21:51 63,488 a--sh--- c:\windows\system32\sufasamo.exe
2009-01-24 21:06 103,936 a--sh--- c:\windows\system32\suhalewo.dll
2009-01-21 12:22 86,223 a--sh--- c:\windows\system32\suhamose.dll
2009-01-10 18:29 102,400 a--sh--- c:\windows\system32\supiyiha.dll
1601-01-01 01:12 88,064 a--sh--- c:\windows\system32\suvekesa.dll
2009-01-06 17:49 105,984 a--sh--- c:\windows\system32\tadezuzu.dll
2009-03-30 06:35 0 a--sh--- c:\windows\system32\telemize.dll
2009-03-02 13:33 143,132 a--sh--- c:\windows\system32\tepusiga.dll
2009-04-11 10:54 64,512 a--sh--- c:\windows\system32\tepusiga.exe
2009-04-12 11:40 62,976 a--sh--- c:\windows\system32\teyesiti.exe
2009-02-13 06:19 106,496 a--sh--- c:\windows\system32\teyunufa.dll
2009-03-20 14:03 102,912 a--sh--- c:\windows\system32\tijebevi.dll
2009-01-07 05:54 100,352 a--sh--- c:\windows\system32\tituzeki.dll
2008-09-14 12:25 92,160 a--sh--- c:\windows\system32\tizabedi.dll
2009-03-19 17:58 0 a--sh--- c:\windows\system32\todomeko.dll
2009-04-19 09:44 63,488 a--sh--- c:\windows\system32\todomeko.exe
2009-03-15 09:40 106,496 a--sh--- c:\windows\system32\tojedela.dll.vir
2009-02-08 18:47 106,496 a--sh--- c:\windows\system32\torajigu.dll
2009-03-20 17:59 0 a--sh--- c:\windows\system32\toyoyavi.dll
2009-02-18 12:31 110,168 a--sh--- c:\windows\system32\tudumupu.dll
1601-01-01 01:12 141,312 a--sh--- c:\windows\system32\tukowohu.dll
2009-03-04 07:18 107,520 a--sh--- c:\windows\system32\tutepega.dll
2009-03-03 08:42 0 a--sh--- c:\windows\system32\vajafeti.dll
2009-03-01 18:15 0 a--sh--- c:\windows\system32\vakemuna.dll
2009-02-27 08:28 49,664 a--sh--- c:\windows\system32\vakumene.dll
2009-02-04 10:37 101,376 a--sh--- c:\windows\system32\vamibedi.dll
2009-01-11 22:55 62,976 a--sh--- c:\windows\system32\vawokiwe.exe
2009-01-13 19:24 107,520 a--sh--- c:\windows\system32\vayipoki.dll
2009-03-17 16:20 142,848 a--sh--- c:\windows\system32\vegapaye.dll
2009-02-28 22:14 79,872 a--sh--- c:\windows\system32\veseyusi.dll
2009-02-11 11:45 102,194 a--sh--- c:\windows\system32\vihegawu.dll
2009-03-11 16:18 101,888 a--sh--- c:\windows\system32\vihokaso.dll
2009-03-09 07:59 107,008 a--sh--- c:\windows\system32\viliwesi.dll
2009-03-15 21:36 101,376 a--sh--- c:\windows\system32\vimuvayo.dll
2009-02-26 16:19 109,907 a--sh--- c:\windows\system32\vinomisu.dll
1601-01-01 01:12 74,412 a--sh--- c:\windows\system32\visegobu.dll
1601-01-01 01:12 141,824 a--sh--- c:\windows\system32\viwawobi.dll
2009-04-08 10:24 100,864 a--sh--- c:\windows\system32\vodarowo.dll
2009-02-12 23:46 2,713 ---sh--- c:\windows\system32\vofehafi.dll
2009-01-26 15:24 109,345 a--sh--- c:\windows\system32\vojijaje.dll
2009-03-25 07:46 142,336 a--sh--- c:\windows\system32\vopereso.dll
2009-01-22 18:01 72,192 a--sh--- c:\windows\system32\vorosuka.dll
2009-02-25 20:37 106,496 a--sh--- c:\windows\system32\vosukaso.dll
2009-02-27 08:28 49,664 a--sh--- c:\windows\system32\votojoye.dll
1601-01-01 01:12 86,016 a--sh--- c:\windows\system32\vufeguja.dll
2009-02-17 21:14 106,496 a--sh--- c:\windows\system32\vulademu.dll
2009-01-22 09:49 100,158 a--sh--- c:\windows\system32\vumehijo.dll
2009-02-20 15:29 108,745 a--sh--- c:\windows\system32\vuvimuwe.dll
2009-03-20 14:03 140,288 a--sh--- c:\windows\system32\vzxmts.dll
2009-03-14 10:42 0 a--sh--- c:\windows\system32\waliriro.dll
2009-03-14 09:33 142,848 a--sh--- c:\windows\system32\waseyibe.dll
2009-01-30 06:36 98,304 a--sh--- c:\windows\system32\wasodoku.dll
2009-01-02 06:12 100,864 a--sh--- c:\windows\system32\wavowibi.dll
2009-01-17 10:24 99,521 a--sh--- c:\windows\system32\wayebomi.dll
2009-01-28 17:52 105,984 a--sh--- c:\windows\system32\wefeyubi.dll
2008-12-13 12:26 85,732 a--sh--- c:\windows\system32\wegehove.dll
2009-04-14 10:44 109,568 a--sh--- c:\windows\system32\welatili.dll
2009-03-01 06:10 0 a--sh--- c:\windows\system32\wetibolo.dll
2009-02-12 18:19 106,496 a--sh--- c:\windows\system32\wevagofo.dll
2009-03-31 18:14 104,448 a--sh--- c:\windows\system32\wewidilu.dll
1601-01-01 01:12 142,848 a--sh--- c:\windows\system32\wezisuve.dll
2009-02-06 16:24 74,537 a--sh--- c:\windows\system32\wibakihi.dll
2009-01-21 12:22 64,269 a--sh--- c:\windows\system32\wipidahe.dll
2009-02-17 09:07 110,171 a--sh--- c:\windows\system32\wisegava.dll
2009-02-12 18:19 102,400 a--sh--- c:\windows\system32\wisogola.dll
2009-03-17 16:20 142,848 a--sh--- c:\windows\system32\wjotfy.dll
1601-01-01 01:12 104,960 a--sh--- c:\windows\system32\wojifizi.dll
2009-02-27 08:28 49,664 a--sh--- c:\windows\system32\wolugeri.dll
2009-01-19 21:45 63,488 a--sh--- c:\windows\system32\wopebulu.exe
2009-04-15 22:46 107,520 a--sh--- c:\windows\system32\wopilawu.dll
1601-01-01 01:12 107,008 a--sh--- c:\windows\system32\wosomupo.dll
2009-01-15 22:44 107,520 a--sh--- c:\windows\system32\woyawizi.dll
2009-03-02 06:11 0 a--sh--- c:\windows\system32\wuduluto.dll
2009-02-15 18:04 106,496 a--sh--- c:\windows\system32\wusorevo.dll
2009-02-17 21:14 100,864 a--sh--- c:\windows\system32\wutakizu.dll
2009-03-06 21:52 0 a--sh--- c:\windows\system32\wuvotifa.dll
1601-01-01 01:12 101,888 a--sh--- c:\windows\system32\yabokiya.dll
2009-02-09 22:44 106,496 a--sh--- c:\windows\system32\yabusavu.dll
2008-09-12 21:01 92,160 a--sh--- c:\windows\system32\yabutuwi.dll
2009-01-22 18:01 100,864 a--sh--- c:\windows\system32\yadebene.dll
2009-03-03 20:42 0 a--sh--- c:\windows\system32\yaromido.dll
2009-01-29 18:30 98,304 a--sh--- c:\windows\system32\yaturite.dll
2009-04-02 18:46 0 a--sh--- c:\windows\system32\yegemiso.dll
2009-02-15 18:04 101,376 a--sh--- c:\windows\system32\yemibumi.dll
2009-04-20 13:53 2,713 ---sh--- c:\windows\system32\yepuwuto.dll
2009-01-22 18:01 109,056 a--sh--- c:\windows\system32\yeweduwo.dll
1601-01-01 01:12 101,376 a--sh--- c:\windows\system32\yeweyefa.dll
2009-03-27 14:59 98,816 a--sh--- c:\windows\system32\yeyapoyu.dll
2009-01-09 22:12 106,496 a--sh--- c:\windows\system32\yihaguta.dll
2009-03-22 17:38 0 a--sh--- c:\windows\system32\yihazuso.dll
2009-02-13 06:19 102,400 a--sh--- c:\windows\system32\yilejino.dll
2009-04-04 10:13 100,352 a--sh--- c:\windows\system32\yiriyidi.dll
2009-02-01 17:46 69,632 a--sh--- c:\windows\system32\yizimife.dll
2009-01-19 21:45 99,328 a--sh--- c:\windows\system32\yofujaya.dll
2009-03-28 10:15 107,008 a--sh--- c:\windows\system32\yomoviya.dll
1601-01-01 01:12 106,496 a--sh--- c:\windows\system32\yovinumo.dll
2009-03-13 17:19 2,713 ---sh--- c:\windows\system32\yozuyosa.dll
2009-03-24 06:34 102,400 a--sh--- c:\windows\system32\yuhituka.dll
2009-02-10 22:46 106,496 a--sh--- c:\windows\system32\yukojuni.dll
2009-01-11 22:55 109,568 a--sh--- c:\windows\system32\zasulege.dll
2009-03-02 13:33 143,132 a--sh--- c:\windows\system32\zcvsuk.dll
2009-03-15 09:36 141,312 a--sh--- c:\windows\system32\zeharw.dll
2009-04-21 05:56 109,056 a--sh--- c:\windows\system32\zevihami.dll
2008-09-27 17:39 97,792 a--sh--- c:\windows\system32\zijodope.dll
2009-04-21 15:24 0 a--sh--- c:\windows\system32\zinudemi.dll
2009-02-07 13:23 102,999 a--sh--- c:\windows\system32\zitakihu.dll
2009-04-11 22:55 109,568 a--sh--- c:\windows\system32\zofarimo.dll
2009-04-15 22:46 100,352 a--sh--- c:\windows\system32\zolekohi.dll
2009-02-09 14:46 103,230 a--sh--- c:\windows\system32\zomejuhe.dll
2009-01-01 06:12 106,496 a--sh--- c:\windows\system32\zowepaba.dll
2008-09-23 16:25 97,792 a--sh--- c:\windows\system32\zudeyuwi.dll
2009-02-01 17:46 106,496 a--sh--- c:\windows\system32\zugibiru.dll
2009-02-22 18:04 106,496 a--sh--- c:\windows\system32\zuvusibo.dll
1601-01-01 01:12 103,424 a--sh--- c:\windows\system32\zuzogomi.dll
2009-04-11 15:09 11,098,144 a--sh--- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 1:28:04.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:21 AM

Posted 24 July 2009 - 02:10 PM

Hello JDW1991,

While we are working on your HijackThis log, please:

1. Reply to this thread; do not start another!
2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
3. Do not run any other tool until instructed to do so!
4. Let me know if any of the links do not work or if any of the tools do not work.
5. Tell me about problems or symptoms that occur during the fix.
6. Do not run any other programs or open any other windows while doing a fix.
7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ SE Runtime Environment 6 Update 1
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.
*******************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

*******************


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 24 July 2009 - 02:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 JDW1991

JDW1991
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 24 July 2009 - 06:41 PM

Hi, thanks for your help :). The Security Check results are below, but I'm going to do the Anti-Malware scan tomorrow when I will have the time for it, if that's OK.

Also, one question: when you said to post the Anti-Malware scan report, you mentioned something about also posting a HijackThis log. Did you mean you want me to give one of those too? Because if you did, I don't know how... so is there a tutorial? :thumbup2: Thanks :). I didn't want to go do one of those if that's not what you were after, so I thought I'd ask to be sure.

Results of screen317's Security Check version 0.98.5
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton AntiVirus 2005
Norton Internet Security 2005 (Symantec Corporation)
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security


``````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 14
Adobe Flash Player 10
Adobe Reader 8.1.6
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton Internet Security Norton AntiVirus navapsvc.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Very random)

`````````End of Log```````````

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:21 AM

Posted 24 July 2009 - 07:36 PM

Hi JDW1991,

you mentioned something about also posting a HijackThis log. Did you mean you want me to give one of those too? Because if you did, I don't know how...



You need to do this to get Hijackthis :
1. Download HijackThis here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.
Please post it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 JDW1991

JDW1991
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 July 2009 - 12:13 PM

The MBAM log is underneath; I am beginning a HijackThis scan now.


Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

27/07/2009 17:58:47
mbam-log-2009-07-27 (17-58-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 439023
Time elapsed: 15 hour(s), 2 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 32
Registry Values Infected: 6
Registry Data Items Infected: 10
Folders Infected: 1
Files Infected: 330

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\nelesoye.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vakumene.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wolugeri.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\robejaku.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2ce7202c-b5f6-489c-a19d-892a4ab94319} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f79} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8dcdf50f-db8c-45a2-bab2-1dd7cc6a5e4e} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e5727799-54ae-47ab-bcf2-2b5347f0e945} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ce7202c-b5f6-489c-a19d-892a4ab94319} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f79} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcdf50f-db8c-45a2-bab2-1dd7cc6a5e4e} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqoibss (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ab5974-55a3-4737-9fd5-b93c64307f79} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dcdf50f-db8c-45a2-bab2-1dd7cc6a5e4e} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5727799-54ae-47ab-bcf2-2b5347f0e945} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm279034d9 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jomimuzugi (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\robejaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wolugeri.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wolugeri.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\robejaku.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wolugeri.dll -> No action taken.

Folders Infected:
D:\Documents and Settings\Sam.049688420010\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> No action taken.

Files Infected:
C:\WINDOWS\ld09.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\bedihidu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bibegipe.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bidubiti.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\biravoja.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bufezeza.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\buhegavu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\butabefu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\buvoyaki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dafanole.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dapatudi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\defariha.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dewezuwa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\duyagawe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fefiyiri.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fejuvizo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fifugiku.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fizelugo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fujehone.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fumupofo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gabuwuwo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gajiname.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gekuhiri.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gikosiha.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gomukamu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gufulise.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gukowema.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hewurogo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hibunevo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hiniripa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hobavana.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\holiwaga.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\honomige.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\honumopi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hulahake.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\husamiza.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jahomayo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jewipaje.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jirohowu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jogopamo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kiduruka.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kivumolo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kobitaka.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\konazuki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\korumore.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kowajovu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kugeyugu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kunuzavi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kuvimulo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lahofipe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\larihisu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ledanozo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lemovefo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\litunude.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lufesoko.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lujorosu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lukopijo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\luyusowa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\majudusu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mapenelo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\medemovo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\metitalu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mibevilo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mubodigi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nakonaze.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nanuleya.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nefapifa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nelesoye.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\neletato.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nisisaji.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nojutoko.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nosadepu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nudeleze.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nulutuni.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nupejote.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pajohebu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\papubovu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pegeseyi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pekugedi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pewafahu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pudosuji.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ramuzovi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\remowoka.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\renazuvi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\revulazo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rigivika.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\riwakabe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rogahefa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rudadiza.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rudagitu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rufupiba.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ruyebana.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sadeyoli.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sayiwido.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\senifetu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\serevudo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sinodisi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\siruboma.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sofodowi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sosafuji.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sovowuyi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\soziredo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqOIBsS.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suhalewo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tadezuzu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tewetopi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tituzeki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\torajigu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\toyoyavi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tuneyevi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tutatezu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vajafeti.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vakumene.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vetuyija.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vojijaje.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vumehijo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\welatili.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wewidilu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wiwuzoza.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wobupobu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wolugeri.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yaruvofo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yeyapoyu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yihazuso.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yizimife.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yozuyosa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yukojuni.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zasulege.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zinudemi.dll (Trojan.Vundo) -> No action taken.
C:\d45.bat (Malware.Trace) -> No action taken.
C:\nm8912.bat (Malware.Trace) -> No action taken.
c:\WINDOWS\BM279034d9.txt (Trojan.Vundo) -> No action taken.
c:\WINDOWS\BM279034d9.xml (Trojan.Vundo) -> No action taken.
c:\WINDOWS\instsp1.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\instsp2.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\abusonap.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\aduyayij.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ajuyodul.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\akutihuy.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\apofujer.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\azuvutir.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bewijeze.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bogerijo.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\bokosefu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\bosurezo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bulawasi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\butabefu.dll.tmp (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\dejufedu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\devoresi.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\doguzeri.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\dojapode.dll (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\dokakuru.dll.vir (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\dosoyahe.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\dovamewo.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\edurojel.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ehavogek.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ehujemoz.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\emosedov.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\emumomeg.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\esomahus.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\etikasih.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\etonuvih.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\eyonagol.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ezejiweb.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ezimelet.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\febawoyi.dll.vir (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\fedozuta.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\fiyobubi.dll.vir (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\fohiyizo.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\fugafizu.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\fuyisajo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\gasesowo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\gemomume.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\getaviwi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\getovojo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\gidogudi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\giletisa.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\gitiraru.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\gobekado.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\gujayiwo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\gumovudo.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\habemoya.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\hekazezi.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\heupgj.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\hisakite.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\hivunote.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\hiwumeku.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\hobokuzu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\idiyiriy.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ihasarik.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\iseroved.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ivebejit.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\iyibuwas.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\izezakeh.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\jahiyaso.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\japidahu.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\jayosuto.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\jenupiso.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\jifakade.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\jifakade.dll.tmp (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\jigefuwi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\jiyayuda.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\jotumumu.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\junehoda.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\kegovahe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\kejefuru.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\kerojade.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\keyiguvu.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\kirasahi.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\kirenalo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\kirenalo.exe (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\kohajawu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\korumore.dll.tmp (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\kuvbyc.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\lebapide.exe (Rogue.SystemSecurity) -> No action taken.
c:\WINDOWS\system32\lefegosi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\lejorude.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\lesuzeka.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\litikusi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\loganoye.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\lqlgks.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\ludoyuja.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\lugarine.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\lujorosu.exe (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\matiberi.exe (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\memovovo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\midevebi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\musowewo.dll.tmp (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\nageyefu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\nahuhiju.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\nikalute.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\nowepeto.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ojasiyuf.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ojovoteg.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\olanerik.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\onemeros.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\osakohiv.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\osayihaj.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\otepewon.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\othxym.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\owiyajug.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\oworadov.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\owosesag.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ozerusob.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\pagapobo.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\pakiguwu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\panosuba.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\pegeseyi.dll.tmp (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\pgusim.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\pizakuma.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\pogewaso.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\puyekari.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rapepute.exe (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\rehosaki.exe (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\rejufopa.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\rigiwoti.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rituvuza.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\robejaku.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\ropenoya.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\rulosuka.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\sawubiyi.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\sehajiwi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\sehajiwi.exe (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\sevakidu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\siremase.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\sofofuhi.exe (Rogue.SystemSecurity) -> No action taken.
c:\WINDOWS\system32\sogidona.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\sojerire.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\sokodewu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\sonuleme.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\soremeno.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\sufasamo.exe (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\suhamose.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\tagusoka.dll.tmp (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\telemize.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\tepusiga.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\tijebevi.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\tizabedi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\todomeko.exe (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\tojedela.dll.vir (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\tudumupu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\uhadipaj.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\uhikatiz.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\umumutoj.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\urufejek.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\uvugiyek.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\uwagehiv.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\uzifaguf.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\veseyusi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\vihegawu.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\vihokaso.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\vimuvayo.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\vinomisu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\visegobu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\vodarowo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\vodesome.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\votojoye.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\vuvimuwe.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wavowibi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wayebomi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wefeyubi.dll (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\wegehove.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wibakihi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wisegava.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\wopebulu.exe (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\woyadolu.dll (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\wurubawu.dll.tmp (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yabutuwi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yaturite.dll (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\yikujode.dll.tmp (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\yofujaya.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\yuhituka.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\zcvsuk.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zelojive.dll (Trojan.Vundo.V) -> No action taken.
c:\WINDOWS\system32\zevihami.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zijodope.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zitakihu.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\zolekohi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zomejuhe.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\zudeyuwi.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zuzogomi.dll (Trojan.Vundo) -> No action taken.
d:\documents and settings\sam.049688420010\local settings\temporary internet files\Content.IE5\WQWRX3VE\CAN6WRRP (Trojan.Vundo) -> No action taken.
d:\documents and settings\sam.049688420010\local settings\temporary internet files\Content.IE5\Z48WR5RO\rld[1] (Trojan.Vundo) -> No action taken.
d:\documents and settings\sam.049688420010\local settings\temporary internet files\Content.IE5\ZNMJW8WG\d[1].htm (Trojan.Vundo) -> No action taken.
d:\documents and settings\sue.049688420010.000\local settings\temporary internet files\Content.IE5\WVWMBO6C\d[1].htm (Trojan.Vundo) -> No action taken.
d:\documents and settings\sue.049688420010.000\local settings\temporary internet files\Content.IE5\WVWMBO6C\d[2].htm (Trojan.Vundo) -> No action taken.

#6 JDW1991

JDW1991
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 July 2009 - 12:22 PM

And here is the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:50, on 27/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {324F9FFE-C6AF-4326-8530-023EF2050094} - C:\WINDOWS\system32\jkkKApNF.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F79} - C:\WINDOWS\system32\nelesoye.dll
O2 - BHO: (no name) - {77D3A5B4-CFD1-4046-8909-7CD99A68311F} - C:\WINDOWS\system32\ssqOIBsS.dll (file missing)
O2 - BHO: (no name) - {8dcdf50f-db8c-45a2-bab2-1dd7cc6a5e4e} - C:\WINDOWS\system32\vakumene.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e5727799-54ae-47ab-bcf2-2b5347f0e945} - C:\WINDOWS\system32\raganapo.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - ?????????????U?????????????????????????n?????????????????????????n?????????????? - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld09.exe
O4 - HKLM\..\Run: [jomimuzugi] Rundll32.exe "?????????????i?????????????????????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????n??????????????:?+????????n????????????C:\WINDOWS\system32\vakumene.dll",s
O4 - HKLM\..\Run: [CPM279034d9] Rundll32.exe "c:\windows\system32\robejaku.dll",a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [jomimuzugi] Rundll32.exe "?????????????i?????????????????????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????n??????????????:?+????????n????????????C:\WINDOWS\system32\wolugeri.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: stem32\dokakuru.dll c:\windows\system32\febawoyi.dll C:\WINDOWS\system32\wolugeri.dll c:\windows\system32\robejaku.dll,?????????????i?????????????????????????n?????????????????????????n????????????????+????????n?????????????????????????n??????????????:?+????????n?????????????????????????n????????????????+????????n?????????????????????????n????????????????+????????n?????????????????????????U?????????????????????????n?????????????????????????n??????????????
O20 - Winlogon Notify: ssqOIBsS - ssqOIBsS.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\robejaku.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\robejaku.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache MS4W Web Server (ApacheMS4WWebServer) - Unknown owner - D:\Documents and Settings\Joe.049688420010\My Documents\Joe's Folder\Applications\ms4w_2.2.6\ms4w\Apache\bin\httpd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Update Service (gupdate1c999b76c529a6c) (gupdate1c999b76c529a6c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12857 bytes

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:21 AM

Posted 27 July 2009 - 03:40 PM

Hi JDW1991,


Memory Modules Infected:
C:\WINDOWS\system32\nelesoye.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vakumene.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wolugeri.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\robejaku.dll (Trojan.Vundo.H) -> No action taken.


Your MBAM log shows "No action taken".
This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile.
Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal.
Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 JDW1991

JDW1991
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 28 July 2009 - 04:56 AM

Scanned, removed and rebooted. When I logged in this time, a Windows Security Alerts balloon popped up and told me that Norton was out of date.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

28/07/2009 10:42:10
mbam-log-2009-07-28 (10-42-10).txt

Scan type: Quick Scan
Objects scanned: 226282
Time elapsed: 8 hour(s), 29 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 32
Registry Values Infected: 6
Registry Data Items Infected: 10
Folders Infected: 1
Files Infected: 330

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\vakumene.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\robejaku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wolugeri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nelesoye.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqoibss (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ab5974-55a3-4737-9fd5-b93c64307f79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dcdf50f-db8c-45a2-bab2-1dd7cc6a5e4e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8dcdf50f-db8c-45a2-bab2-1dd7cc6a5e4e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5727799-54ae-47ab-bcf2-2b5347f0e945} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5727799-54ae-47ab-bcf2-2b5347f0e945} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcdf50f-db8c-45a2-bab2-1dd7cc6a5e4e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ce7202c-b5f6-489c-a19d-892a4ab94319} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ce7202c-b5f6-489c-a19d-892a4ab94319} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm279034d9 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{77d3a5b4-cfd1-4046-8909-7cd99a68311f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jomimuzugi (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\robejaku.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\robejaku.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wolugeri.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wolugeri.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wolugeri.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
D:\Documents and Settings\Sam.049688420010\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\ssqOIBsS.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bewijeze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ezejiweb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bosurezo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ozerusob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\devoresi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\iseroved.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fugafizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uzifaguf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fuyisajo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ojasiyuf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gasesowo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\owosesag.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gemomume.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\emumomeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\getovojo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ojovoteg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gujayiwo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\owiyajug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hekazezi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\izezakeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hisakite.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\etikasih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hivunote.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\etonuvih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jahiyaso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\osayihaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\japidahu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uhadipaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jiyayuda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\aduyayij.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jotumumu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\umumutoj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kegovahe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ehavogek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kejefuru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\urufejek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\keyiguvu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uvugiyek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kirasahi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ihasarik.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kirenalo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\olanerik.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lejorude.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\edurojel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\loganoye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eyonagol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ludoyuja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ajuyodul.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nowepeto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\otepewon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\panosuba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\abusonap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rejufopa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\apofujer.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rituvuza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\azuvutir.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sawubiyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\iyibuwas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\soremeno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\onemeros.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\suhamose.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\esomahus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\telemize.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ezimelet.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tijebevi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ivebejit.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vihegawu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uwagehiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vihokaso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\osakohiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vodarowo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\oworadov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vodesome.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\emosedov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\idiyiriy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yuhituka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\akutihuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zitakihu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uhikatiz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zomejuhe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ehujemoz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\robejaku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nelesoye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vakumene.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wolugeri.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\instsp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\instsp2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bogerijo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bokosefu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bulawasi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\butabefu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dejufedu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\doguzeri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dojapode.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dosoyahe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dovamewo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fohiyizo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\habemoya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\heupgj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jifakade.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jifakade.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jigefuwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\junehoda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fedozuta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gitiraru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kerojade.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kuvbyc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lqlgks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lugarine.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lujorosu.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\memovovo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\midevebi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nikalute.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pegeseyi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pgusim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pizakuma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pogewaso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\puyekari.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rapepute.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rehosaki.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rulosuka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sehajiwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sehajiwi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sevakidu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\siremase.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sonuleme.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sufasamo.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tagusoka.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tizabedi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\todomeko.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tudumupu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vimuvayo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vinomisu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\visegobu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\votojoye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wefeyubi.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wegehove.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wisegava.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wopebulu.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wurubawu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\matiberi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\litikusi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yabutuwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yaturite.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\musowewo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nageyefu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nahuhiju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yikujode.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yofujaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vuvimuwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wavowibi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wayebomi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\veseyusi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hiwumeku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hobokuzu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gobekado.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gumovudo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\woyadolu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zcvsuk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zelojive.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zevihami.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zijodope.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zolekohi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zudeyuwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zuzogomi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rigiwoti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ropenoya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kirenalo.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kohajawu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\korumore.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\othxym.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pagapobo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pakiguwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lebapide.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lefegosi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lesuzeka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sofofuhi.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sogidona.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sojerire.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sokodewu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jayosuto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jenupiso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wibakihi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tepusiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\getaviwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gidogudi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\giletisa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\documents and settings\sam.049688420010\local settings\temporary internet files\Content.IE5\WQWRX3VE\CAN6WRRP (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\documents and settings\sam.049688420010\local settings\temporary internet files\Content.IE5\Z48WR5RO\rld[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\documents and settings\sam.049688420010\local settings\temporary internet files\Content.IE5\ZNMJW8WG\d[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\documents and settings\sue.049688420010.000\local settings\temporary internet files\Content.IE5\WVWMBO6C\d[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
d:\documents and settings\sue.049688420010.000\local settings\temporary internet files\Content.IE5\WVWMBO6C\d[2].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bibegipe.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ld09.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vojijaje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sofodowi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pekugedi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kowajovu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nefapifa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sayiwido.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\revulazo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tituzeki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\butabefu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suhalewo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\biravoja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\welatili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sadeyoli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nudeleze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tutatezu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wobupobu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sosafuji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bufezeza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hewurogo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kivumolo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\torajigu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rudagitu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fizelugo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mapenelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\metitalu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gikosiha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luyusowa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sinodisi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vajafeti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hiniripa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pewafahu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buvoyaki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nanuleya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fumupofo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sovowuyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\defariha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ramuzovi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serevudo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fejuvizo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gufulise.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\majudusu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jahomayo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dokakuru.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\febawoyi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fiyobubi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tojedela.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kunuzavi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duyagawe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mibevilo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nulutuni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuvimulo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\holiwaga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lahofipe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\remowoka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vumehijo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nisisaji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\toyoyavi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vetuyija.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senifetu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mubodigi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gajiname.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gekuhiri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neletato.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fujehone.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bedihidu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dafanole.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\BM279034d9.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\BM279034d9.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\litunude.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pegeseyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nojutoko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jirohowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gomukamu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\renazuvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tewetopi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soziredo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nosadepu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rogahefa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kobitaka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yihazuso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nupejote.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujorosu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yozuyosa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuneyevi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ledanozo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hulahake.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nakonaze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bidubiti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tadezuzu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pajohebu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siruboma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jewipaje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kiduruka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jogopamo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medemovo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\honomige.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hibunevo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fifugiku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pudosuji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\larihisu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zinudemi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gukowema.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yukojuni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rigivika.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\honumopi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wewidilu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rudadiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lemovefo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lufesoko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaruvofo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruyebana.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\papubovu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fefiyiri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiwuzoza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gabuwuwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buhegavu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\husamiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yeyapoyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lukopijo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dapatudi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hobavana.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dewezuwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rufupiba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\d45.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\korumore.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yizimife.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\riwakabe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\nm8912.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zasulege.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kugeyugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\konazuki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:21 AM

Posted 28 July 2009 - 08:19 AM

Hi JDW1991,

a Windows Security Alerts balloon popped up and told me that Norton was out of date.

Please check to see if Norton is out of date.

You are still heavily infected so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your Norton Internet Security Antivirus a before running ComboFix, as it will prevent it from running.

To disable NORTON INTERNET SECURITY 2008 refer to these instructions:
http://service1.symantec.com/SUPPORT/nip.n...003071515220236

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Edited by SifuMike, 28 July 2009 - 08:20 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 JDW1991

JDW1991
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 30 July 2009 - 07:14 AM

The ComboFix log is below.

ComboFix 09-07-29.04 - Joe 30/07/2009 12:15.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.140 [GMT 1:00]
Running from: d:\documents and settings\Joe.049688420010\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\recycler\S-1-5-21-2199279724-74069599-2554326520-1003
c:\windows\Installer\122e310.msp
c:\windows\Installer\122e311.msp
c:\windows\Installer\122e312.msp
c:\windows\Installer\122e313.msp
c:\windows\Installer\122e314.msp
c:\windows\Installer\122e315.msp
c:\windows\Installer\122e316.msp
c:\windows\Installer\122e317.msp
c:\windows\Installer\122e318.msp
c:\windows\Installer\1aa5720.msp
c:\windows\Installer\1bae389.msp
c:\windows\Installer\3de0d.msi
c:\windows\Installer\3f955.msp
c:\windows\Installer\465209.msi
c:\windows\Installer\786281.msi
c:\windows\Installer\83503.msp
c:\windows\Installer\c96c53.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\abiwefiz.ini
c:\windows\system32\abovituw.ini
c:\windows\system32\adinozuv.ini
c:\windows\system32\adowemeg.ini
c:\windows\system32\aduyuliz.ini
c:\windows\system32\afaduleb.ini
c:\windows\system32\aheyuhip.ini
c:\windows\system32\ahuvubuv.ini
c:\windows\system32\akuhezof.ini
c:\windows\system32\akuresil.ini
c:\windows\system32\alatizuh.ini
c:\windows\system32\aliyowot.ini
c:\windows\system32\alofupif.ini
c:\windows\system32\alohurun.ini
c:\windows\system32\amubalip.ini
c:\windows\system32\amuranaz.ini
c:\windows\system32\anamugoh.ini
c:\windows\system32\anevuyen.ini
c:\windows\system32\anibugod.ini
c:\windows\system32\anotorin.ini
c:\windows\system32\apusinaw.ini
c:\windows\system32\ariyalez.ini
c:\windows\system32\ataforey.ini
c:\windows\system32\ateyosun.ini
c:\windows\system32\atiyolaf.ini
c:\windows\system32\atwedcfk.ini
c:\windows\system32\awapesas.ini
c:\windows\system32\axcagsik.ini
c:\windows\system32\azetufil.ini
c:\windows\system32\bafuvisi.dll
c:\windows\system32\bamukitu.exe
c:\windows\system32\barijatu.dll
c:\windows\system32\bdfdkf.dll
c:\windows\system32\bekubonu.dll
c:\windows\system32\bikurifo.dll
c:\windows\system32\bimawoyo.dll
c:\windows\system32\bobebeji.dll
c:\windows\system32\buhedina.dll
c:\windows\system32\bulimane.dll
c:\windows\system32\bulopazo.dll
c:\windows\system32\cuuvfu.dll
c:\windows\system32\damopore.dll
c:\windows\system32\dataheme.dll
c:\windows\system32\dayoyadu.dll
c:\windows\system32\debabawe.dll
c:\windows\system32\defohesi.dll
c:\windows\system32\dejegima.dll
c:\windows\system32\dekoyemu.dll
c:\windows\system32\delidubu.dll
c:\windows\system32\dmhmeq.dll
c:\windows\system32\dupefomu.dll
c:\windows\system32\dvwifjpk.ini
c:\windows\system32\eberutum.ini
c:\windows\system32\edikeles.ini
c:\windows\system32\egusawik.ini
c:\windows\system32\ehihidav.ini
c:\windows\system32\ehonedis.ini
c:\windows\system32\ekapejon.ini
c:\windows\system32\ekidipet.ini
c:\windows\system32\ekudowuf.ini
c:\windows\system32\elasezup.ini
c:\windows\system32\emaguneb.ini
c:\windows\system32\emehujap.ini
c:\windows\system32\emepiyog.ini
c:\windows\system32\enenotol.ini
c:\windows\system32\enikatol.ini
c:\windows\system32\epekesek.ini
c:\windows\system32\epudazar.ini
c:\windows\system32\erehayuk.ini
c:\windows\system32\eresuwad.ini
c:\windows\system32\erokuyak.ini
c:\windows\system32\esdnax.dll
c:\windows\system32\etatesel.ini
c:\windows\system32\etujutir.ini
c:\windows\system32\exbgkuop.ini
c:\windows\system32\eyegemav.ini
c:\windows\system32\eyotahif.ini
c:\windows\system32\falefigi.dll
c:\windows\system32\fanenoto.exe
c:\windows\system32\fefiyiri.dll.tmp
c:\windows\system32\ferazolu.dll
c:\windows\system32\fihiwiku.dll
c:\windows\system32\FNpAKkkj.ini
c:\windows\system32\FNpAKkkj.ini2
c:\windows\system32\fogiguzu.dll
c:\windows\system32\fogiguzu.exe
c:\windows\system32\fokitape.dll
c:\windows\system32\fokitape.dll.tmp
c:\windows\system32\fopihofu.dll
c:\windows\system32\fosepoyo.dll
c:\windows\system32\fosowefe.dll
c:\windows\system32\fuledipu.dll
c:\windows\system32\gavurane.exe
c:\windows\system32\gavuzeyi.exe
c:\windows\system32\gazanudu.dll
c:\windows\system32\gazeyuha.dll
c:\windows\system32\gedogeye.dll
c:\windows\system32\gejekoyu.dll
c:\windows\system32\gesiwoha.dll
c:\windows\system32\gibetara.exe
c:\windows\system32\gipefewa.dll
c:\windows\system32\gipunowe.dll
c:\windows\system32\giribemi.dll
c:\windows\system32\giribemi.exe
c:\windows\system32\gitisowe.dll
c:\windows\system32\gomujude.dll
c:\windows\system32\gubebusi.dll
c:\windows\system32\gugiyake.dll
c:\windows\system32\gukejibu.dll
c:\windows\system32\gukejibu.dll.tmp
c:\windows\system32\hafasego.dll
c:\windows\system32\hafatipo.dll
c:\windows\system32\hajifagu.dll
c:\windows\system32\haniyuga.dll
c:\windows\system32\hapojute.dll
c:\windows\system32\hawajifi.dll
c:\windows\system32\hazafupe.dll
c:\windows\system32\hazagebi.dll.tmp
c:\windows\system32\hegiguve.dll
c:\windows\system32\herugife.dll
c:\windows\system32\hevesopa.dll
c:\windows\system32\heyehupi.dll
c:\windows\system32\hobavana.dll.tmp
c:\windows\system32\hohejupo.dll
c:\windows\system32\hovufuka.dll
c:\windows\system32\ibewofuh.ini
c:\windows\system32\ibitawum.ini
c:\windows\system32\ifitejul.ini
c:\windows\system32\igibimed.ini
c:\windows\system32\ihatefij.ini
c:\windows\system32\ihcjltyq.ini
c:\windows\system32\ijodulur.ini
c:\windows\system32\ikebipol.ini
c:\windows\system32\ilomenud.ini
c:\windows\system32\ilubugih.ini
c:\windows\system32\imagijuv.ini
c:\windows\system32\inakamir.ini
c:\windows\system32\inibegun.ini
c:\windows\system32\ipogisih.ini
c:\windows\system32\ivofameh.ini
c:\windows\system32\iyakepud.ini
c:\windows\system32\izidomeh.ini
c:\windows\system32\janifedu.dll
c:\windows\system32\japidahu.exe
c:\windows\system32\jatipife.dll
c:\windows\system32\jbfjdgmp.ini
c:\windows\system32\jefizaya.dll
c:\windows\system32\jesuvaya.dll
c:\windows\system32\jijejamu.dll.tmp
c:\windows\system32\jijuwajo.dll
c:\windows\system32\jimekaju.dll
c:\windows\system32\jinuwayi.dll
c:\windows\system32\jipilere.dll
c:\windows\system32\jobobuwi.exe
c:\windows\system32\joliyusi.dll
c:\windows\system32\jowujino.dll
c:\windows\system32\jufonefi.dll
c:\windows\system32\jukabama.dll.tmp
c:\windows\system32\junefare.dll
c:\windows\system32\jurevewa.dll
c:\windows\system32\jureviji.dll
c:\windows\system32\kafawagi.dll
c:\windows\system32\kakekuze.dll
c:\windows\system32\kanelewu.dll
c:\windows\system32\kapihiwo.dll
c:\windows\system32\kegezadu.dll
c:\windows\system32\kelinepe.dll
c:\windows\system32\kiyituhe.dll
c:\windows\system32\klvqgc.dll
c:\windows\system32\kofemube.dll
c:\windows\system32\koladofo.dll
c:\windows\system32\kozezupo.dll
c:\windows\system32\kubuyula.dll
c:\windows\system32\kumeweva.exe
c:\windows\system32\kuzeyogi.dll
c:\windows\system32\kuzokutu.dll
c:\windows\system32\lagoguze.dll.tmp
c:\windows\system32\lahekede.dll
c:\windows\system32\laraguji.dll
c:\windows\system32\lasobemo.dll
c:\windows\system32\lehebofi.dll
c:\windows\system32\leliwomu.dll
c:\windows\system32\lelukuhi.dll
c:\windows\system32\lemutuja.dll
c:\windows\system32\lezaromo.dll
c:\windows\system32\lezawino.dll
c:\windows\system32\liwoduki.dll.tmp
c:\windows\system32\lkeujtut.ini
c:\windows\system32\lobeyari.exe
c:\windows\system32\lotakine.dll.tmp
c:\windows\system32\loyegeho.dll
c:\windows\system32\loyuvejo.dll
c:\windows\system32\loyuwisa.dll
c:\windows\system32\lugapeda.dll
c:\windows\system32\lutajugi.dll
c:\windows\system32\luveseja.dll
c:\windows\system32\luvoneme.dll
c:\windows\system32\maboveli.dll
c:\windows\system32\mamotapi.dll
c:\windows\system32\mejiyuwo.dll
c:\windows\system32\midogiru.dll
c:\windows\system32\mikasova.dll
c:\windows\system32\minuzudi.dll
c:\windows\system32\mufezuwi.dll
c:\windows\system32\mulirowo.dll
c:\windows\system32\mumonuwi.dll
c:\windows\system32\mupodalu.dll
c:\windows\system32\muturebe.dll.tmp
c:\windows\system32\muzupera.dll
c:\windows\system32\mwmdxfre.ini
c:\windows\system32\mypjsubf.ini
c:\windows\system32\nejehavi.exe
c:\windows\system32\nezusena.dll
c:\windows\system32\nodedeje.dll.tmp
c:\windows\system32\nogorike.dll
c:\windows\system32\nokanoza.dll
c:\windows\system32\nowaguki.dll
c:\windows\system32\nubamiko.dll.tmp
c:\windows\system32\numatuma.dll
c:\windows\system32\obohubeg.ini
c:\windows\system32\obomegot.ini
c:\windows\system32\obunogok.ini
c:\windows\system32\ofevokuh.ini
c:\windows\system32\ohotureh.ini
c:\windows\system32\ojarufuv.ini
c:\windows\system32\onikunuy.ini
c:\windows\system32\operabem.ini
c:\windows\system32\oretarik.ini
c:\windows\system32\osisepeg.ini
c:\windows\system32\osituzov.ini
c:\windows\system32\osukutad.ini
c:\windows\system32\otisifin.ini
c:\windows\system32\ovevahud.ini
c:\windows\system32\ovurorep.ini
c:\windows\system32\oyiniyej.ini
c:\windows\system32\oyutineb.ini
c:\windows\system32\ozatazut.ini
c:\windows\system32\ozirusat.ini
c:\windows\system32\ozvgsb.dll
c:\windows\system32\pasogeso.dll
c:\windows\system32\pebuhewe.exe
c:\windows\system32\pegigage.dll
c:\windows\system32\pemivubu.dll
c:\windows\system32\pikusuba.dll.tmp
c:\windows\system32\pmetqave.ini
c:\windows\system32\podezowu.dll
c:\windows\system32\putirise.dll
c:\windows\system32\puwenesu.dll
c:\windows\system32\puzominu.dll
c:\windows\system32\rafaweti.dll
c:\windows\system32\rafolate.dll
c:\windows\system32\rahuziti.dll
c:\windows\system32\ratifuya.dll
c:\windows\system32\ravezula.dll
c:\windows\system32\ravufuge.dll
c:\windows\system32\reguligu.dll.tmp
c:\windows\system32\repozuyi.dll
c:\windows\system32\rezakaju.dll
c:\windows\system32\rhbyxgcl.ini
c:\windows\system32\rinokulo.dll
c:\windows\system32\riremaja.dll
c:\windows\system32\risowupa.dll
c:\windows\system32\roliwiza.dll
c:\windows\system32\ropenoya.dll.tmp
c:\windows\system32\royetuki.dll
c:\windows\system32\ruhefife.dll
c:\windows\system32\rurisugo.dll
c:\windows\system32\safodaru.dll
c:\windows\system32\saheloju.dll.tmp
c:\windows\system32\sajekeye.dll
c:\windows\system32\sajekeye.exe
c:\windows\system32\sakabuji.dll
c:\windows\system32\sakamide.dll
c:\windows\system32\sasagasu.exe
c:\windows\system32\satevowa.dll
c:\windows\system32\sazukojo.dll
c:\windows\system32\sejezeni.dll
c:\windows\system32\sekanawo.dll
c:\windows\system32\sekisahi.dll
c:\windows\system32\setunude.exe
c:\windows\system32\sewoladu.dll
c:\windows\system32\seyamoyu.dll
c:\windows\system32\sidenohe.exe
c:\windows\system32\sihosido.exe
c:\windows\system32\sizesare.dll
c:\windows\system32\skyjxhau.ini
c:\windows\system32\sokazoya.dll
c:\windows\system32\sowemame.dll
c:\windows\system32\supiyiha.dll
c:\windows\system32\suvekesa.dll
c:\windows\system32\tanetezo.dll
c:\windows\system32\taomelbj.ini
c:\windows\system32\tebusuka.dll.tmp
c:\windows\system32\tefifohi.exe
c:\windows\system32\tepusiga.exe
c:\windows\system32\tevaziva.dll.tmp
c:\windows\system32\teyesiti.exe
c:\windows\system32\teyunufa.dll
c:\windows\system32\tfriecrl.ini
c:\windows\system32\todomeko.dll
c:\windows\system32\tubivabo.dll
c:\windows\system32\tukejavi.dll.tmp
c:\windows\system32\tukowohu.dll
c:\windows\system32\tuneyevi.dll.tmp
c:\windows\system32\tutepega.dll
c:\windows\system32\ubabarob.ini
c:\windows\system32\ubohunud.ini
c:\windows\system32\ubukogut.ini
c:\windows\system32\udeguway.ini
c:\windows\system32\ugagadat.ini
c:\windows\system32\ugahukib.ini
c:\windows\system32\ujadowep.ini
c:\windows\system32\ujapagol.ini
c:\windows\system32\ujeviwug.ini
c:\windows\system32\ujolehas.ini
c:\windows\system32\ukokopan.ini
c:\windows\system32\ulihunih.ini
c:\windows\system32\unajabon.ini
c:\windows\system32\unanwimk.ini
c:\windows\system32\unmfqnro.ini
c:\windows\system32\uruyefip.ini
c:\windows\system32\utafadeh.ini
c:\windows\system32\uweyarow.ini
c:\windows\system32\uwimufez.ini
c:\windows\system32\uzadihat.ini
c:\windows\system32\vagiwara.dll.tmp
c:\windows\system32\vakemuna.dll
c:\windows\system32\vamibedi.dll
c:\windows\system32\vayipoki.dll
c:\windows\system32\vegapaye.dll
c:\windows\system32\velivomo.dll
c:\windows\system32\vetajume.dll
c:\windows\system32\viliwesi.dll
c:\windows\system32\viwawobi.dll
c:\windows\system32\vopereso.dll
c:\windows\system32\vorosuka.dll
c:\windows\system32\vosukaso.dll
c:\windows\system32\vufeguja.dll
c:\windows\system32\vufipuye.dll
c:\windows\system32\vufosesa.exe
c:\windows\system32\vulademu.dll
c:\windows\system32\vzxmts.dll
c:\windows\system32\wadavuro.dll.tmp
c:\windows\system32\waliriro.dll
c:\windows\system32\wamejawe.dll
c:\windows\system32\waseyibe.dll
c:\windows\system32\wasodoku.dll
c:\windows\system32\wetibolo.dll
c:\windows\system32\wevagofo.dll
c:\windows\system32\wewusigo.dll.tmp
c:\windows\system32\wezisuve.dll
c:\windows\system32\wimesabi.dll
c:\windows\system32\wipidahe.dll
c:\windows\system32\wisogola.dll
c:\windows\system32\wjotfy.dll
c:\windows\system32\wojifizi.dll
c:\windows\system32\wopilawu.dll
c:\windows\system32\wosomupo.dll
c:\windows\system32\woyawizi.dll
c:\windows\system32\wuduluto.dll
c:\windows\system32\wusorevo.dll
c:\windows\system32\wutakizu.dll
c:\windows\system32\wuvotifa.dll
c:\windows\system32\wvpahwam.ini
c:\windows\system32\xreauxwd.ini
c:\windows\system32\yabusavu.dll
c:\windows\system32\yadebene.dll
c:\windows\system32\yaromido.dll
c:\windows\system32\ydeihknd.ini
c:\windows\system32\yegemiso.dll
c:\windows\system32\yemibumi.dll
c:\windows\system32\yemibumi.exe
c:\windows\system32\yeweduwo.dll
c:\windows\system32\yeweyefa.dll
c:\windows\system32\yihaguta.dll
c:\windows\system32\yilejino.dll
c:\windows\system32\yomoviya.dll
c:\windows\system32\yopareza.dll.tmp
c:\windows\system32\yosimanu.dll
c:\windows\system32\yovinumo.dll
c:\windows\system32\yugovuji.dll
c:\windows\system32\yuhodose.dll
c:\windows\system32\zawomebe.exe
c:\windows\system32\zeharw.dll
c:\windows\system32\zifirobo.dll
c:\windows\system32\zimuworo.dll.tmp
c:\windows\system32\zodetego.dll
c:\windows\system32\zofarimo.dll
c:\windows\system32\zowepaba.dll
c:\windows\system32\zugibiru.dll
c:\windows\system32\zuvusibo.dll
d:\documents and settings\All Users\Application Data\91035776.ini
d:\documents and settings\All Users\Application Data\91724526.ini
d:\documents and settings\All Users\Application Data\91733116.ini
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\Sue.049688420010.000\Desktop\System Security 2009.lnk
d:\documents and settings\Sue.049688420010.000\Start Menu\Programs\System Security
d:\documents and settings\Sue.049688420010.000\Start Menu\Programs\System Security\System Security 2009 Support.lnk
d:\documents and settings\Sue.049688420010.000\Start Menu\Programs\System Security\System Security 2009.lnk

----- BITS: Possible infected sites -----

hxxp://82.98.231.95
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-27 17:17 . 2009-07-27 17:17 -------- d-----w- c:\program files\Trend Micro
2009-07-25 13:12 . 2009-07-25 13:12 -------- d-----w- d:\documents and settings\Joe.049688420010\Application Data\Malwarebytes
2009-07-25 13:12 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 13:12 . 2009-07-25 13:12 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 13:12 . 2009-07-25 13:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 13:08 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 23:20 . 2009-07-24 23:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 15:53 . 2009-07-20 16:20 -------- d-----w- d:\documents and settings\TEMP
2009-07-03 17:32 . 2009-07-03 17:32 -------- d-----w- d:\documents and settings\Alice.W\Music
2009-07-03 13:58 . 2009-07-03 13:58 -------- d-----w- d:\documents and settings\Jack's\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 06:58 . 2007-06-30 19:34 -------- d-----w- d:\documents and settings\Sue.049688420010.000\Application Data\Apple Computer
2009-07-28 19:17 . 2007-02-11 18:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-24 23:19 . 2007-02-11 18:01 -------- d-----w- c:\program files\Java
2009-07-20 17:52 . 2008-12-24 14:54 574 ----a-w- C:\cleanup.bat
2009-07-20 17:52 . 2008-12-24 14:54 135168 ----a-w- C:\zip.exe
2009-07-20 15:58 . 2007-03-30 20:51 -------- d-----w- c:\program files\Opera
2009-07-20 15:57 . 2007-11-09 19:29 138216 -c--a-w- d:\documents and settings\Alice.W\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 07:00 . 2009-04-09 07:00 504120 --sha-w- c:\windows\system32\saheloju.exe
2009-06-22 18:39 . 2007-12-27 11:03 -------- d-----w- d:\documents and settings\Alice.W\Application Data\LimeWire
2009-06-22 16:38 . 2009-03-22 16:38 15360 --sha-w- c:\windows\system32\lopivasa.exe
2009-06-22 04:38 . 2009-03-22 04:38 15360 --sha-w- c:\windows\system32\kewevuro.exe
2009-06-21 09:34 . 2009-03-21 09:34 15360 --sha-w- c:\windows\system32\puleziwu.exe
2009-06-20 16:59 . 2009-03-20 16:59 15360 --sha-w- c:\windows\system32\hisatape.exe
2009-06-20 04:59 . 2009-03-20 04:59 15360 --sha-w- c:\windows\system32\herutoho.exe
2009-06-19 16:58 . 2009-03-19 16:58 15360 --sha-w- c:\windows\system32\hijiwuba.exe
2009-06-19 04:58 . 2009-03-19 04:58 15360 --sha-w- c:\windows\system32\fabireze.exe
2009-06-18 16:58 . 2009-03-18 16:58 15360 --sha-w- c:\windows\system32\keyipole.exe
2009-06-18 04:58 . 2009-03-18 04:58 15360 --sha-w- c:\windows\system32\devoresi.exe
2009-06-17 21:49 . 2007-04-12 18:02 -------- d-----w- c:\program files\Winamp
2009-06-17 17:10 . 2007-02-13 22:24 -------- d-----w- d:\documents and settings\Joe.049688420010\Application Data\Ulead Systems
2009-06-17 16:20 . 2009-03-17 16:20 15360 --sha-w- c:\windows\system32\sisazibo.exe
2009-06-16 19:57 . 2008-03-24 21:00 -------- d-----w- c:\program files\Common Files\Apple
2009-06-16 16:01 . 2009-02-13 15:55 -------- d-----w- d:\documents and settings\Joe.049688420010\Application Data\vlc
2009-06-16 15:49 . 2009-03-14 10:09 -------- d-----w- c:\program files\Nokia
2009-06-16 15:44 . 2008-12-24 21:28 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-06-16 04:21 . 2009-03-16 04:21 15360 --sha-w- c:\windows\system32\defariha.exe
2009-06-15 10:49 . 2009-03-15 10:49 15360 --sha-w- c:\windows\system32\degipeme.exe
2009-06-14 09:42 . 2009-03-14 09:42 15360 --sha-w- c:\windows\system32\nemudodi.exe
2009-06-14 09:07 . 2009-06-14 09:07 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-13 19:41 . 2009-06-13 19:41 2713 --sh--w- c:\windows\system32\nifarake.dll
2009-06-13 19:41 . 2009-06-13 19:41 2713 --sh--w- c:\windows\system32\lazahuji.dll
2009-06-13 19:40 . 2009-03-13 19:40 15360 --sha-w- c:\windows\system32\tumigike.exe
2009-06-11 18:49 . 2007-01-20 14:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Kontiki
2009-06-11 18:47 . 2009-06-11 18:47 2713 --sh--w- c:\windows\system32\hizapego.dll
2009-06-07 20:55 . 2009-06-07 20:55 2713 --sh--w- c:\windows\system32\dejidono.dll
2009-06-07 08:57 . 2009-06-07 08:57 2713 --sh--w- c:\windows\system32\hoyobuva.dll
2009-06-05 12:13 . 2009-06-05 12:13 2713 --sh--w- c:\windows\system32\nivedusa.dll
2009-06-05 12:11 . 2009-06-05 12:11 2713 --sh--w- c:\windows\system32\degipeme.dll
2009-06-04 21:30 . 2009-06-04 21:30 2713 --sh--w- c:\windows\system32\guratayo.dll
2009-06-03 19:44 . 2009-06-03 19:44 2713 --sh--w- c:\windows\system32\jaduzumi.dll
2009-06-03 10:52 . 2009-06-03 10:52 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-06-02 19:45 . 2009-06-02 19:45 2713 --sh--w- c:\windows\system32\hutikovu.dll
2009-05-31 17:14 . 2009-05-31 17:14 2713 --sh--w- c:\windows\system32\mayonibe.dll
2009-06-12 20:46 . 2008-06-19 12:15 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-04-11 21:55 . 2009-04-11 21:55 62976 --sha-w- c:\windows\system32\falefigi.exe
2009-03-22 14:09 . 2009-03-22 14:09 181 --sh--w- c:\windows\system32\fegufula.dll
1601-01-01 00:12 . 1601-01-01 00:12 66782 --sha-w- c:\windows\system32\gulobimu.dll.tmp
2009-03-29 20:43 . 2009-03-29 20:43 2713 --sh--w- c:\windows\system32\kopurege.dll
1601-01-01 00:12 . 1601-01-01 00:12 66782 --sha-w- c:\windows\system32\memovovo.dll.tmp
2008-09-11 12:14 . 2008-09-11 12:14 62042 --sha-w- c:\windows\system32\nefuwipi.dll.tmp
2009-02-08 09:00 . 2009-02-08 09:00 2713 --sh--w- c:\windows\system32\nezovefo.dll
2009-04-22 05:07 . 2009-04-22 05:07 1400916 --sh--w- c:\windows\system32\onikunuy.tmp
2009-03-13 16:19 . 2009-03-13 16:19 2713 --sh--w- c:\windows\system32\pimihiva.dll
2009-03-23 05:53 . 2009-03-23 05:53 2713 --sh--w- c:\windows\system32\piyuzuju.dll
2009-02-05 11:08 . 2009-02-05 11:08 2713 --sh--w- c:\windows\system32\satulosu.dll
2009-01-11 21:55 . 2009-01-11 21:55 62976 --sha-w- c:\windows\system32\vawokiwe.exe
2009-02-12 22:46 . 2009-02-12 22:46 2713 --sh--w- c:\windows\system32\vofehafi.dll
1601-01-01 00:12 . 1601-01-01 00:12 101888 --sha-w- c:\windows\system32\yabokiya.dll
1601-01-01 00:12 . 1601-01-01 00:12 66782 --sha-w- c:\windows\system32\yakituro.dll.tmp
2009-04-20 12:53 . 2009-04-20 12:53 2713 --sh--w- c:\windows\system32\yepuwuto.dll
2009-04-11 14:09 . 2009-04-10 18:58 11098144 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

d:\documents and settings\Jack's\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Nick\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Sue.049688420010.000\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Alice.W\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Slim Multimedia Keyboard.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Slim Multimedia Keyboard.lnk
backup=c:\windows\pss\Slim Multimedia Keyboard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Documents and Settings\\Jack's\\My Documents\\Downloads\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCAPP.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NAVAPSVC.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\cidaemon.exe"=
"c:\\WINDOWS\\system32\\LEXBCES.EXE"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\APPS\\ABOARD\\AOSD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [27/10/2007 15:09 11886]
S2 ApacheMS4WWebServer;Apache MS4W Web Server;"d:\documents and settings\Joe.049688420010\My Documents\Joe's Folder\Applications\ms4w_2.2.6\ms4w\Apache\bin\httpd.exe" -k runservice --> d:\documents and settings\Joe.049688420010\My Documents\Joe's Folder\Applications\ms4w_2.2.6\ms4w\Apache\bin\httpd.exe [?]
S2 gupdate1c999b76c529a6c;Google Update Service (gupdate1c999b76c529a6c);c:\program files\Google\Update\GoogleUpdate.exe [28/02/2009 16:15 133104]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [30/04/2008 21:44 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [30/04/2008 21:44 3768]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\AB929248918D05D0.job
- d:\docume~1\sue049~1.000\applic~1\heart1~1\BIRD 2 REAL.exe [2007-05-21 06:36]

2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 15:15]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 15:15]

2009-07-27 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Joe.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.EXE [2004-10-28 12:20]

2009-07-30 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 09:03]
.
- - - - ORPHANS REMOVED - - - -

BHO-{324F9FFE-C6AF-4326-8530-023EF2050094} - c:\windows\system32\jkkKApNF.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Joe.049688420010\Application Data\Mozilla\Firefox\Profiles\d8jpl5gt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 12:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\apps\ABOARD\AOSD.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-30 13:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 12:03

Pre-Run: 9,708,474,368 bytes free
Post-Run: 9,613,029,376 bytes free

672 --- E O F --- 2008-12-20 14:38

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:21 AM

Posted 30 July 2009 - 12:08 PM

Hi JDW1991,

Is your NORTON INTERNET SECURITY 2008 out of date?


You need to disable your Norton Internet Security Antivirus a before running ComboFix, as it will prevent it from running.

To disable NORTON INTERNET SECURITY 2008 refer to these instructions:
http://service1.symantec.com/SUPPORT/nip.n...003071515220236

Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
c:\windows\system32\lopivasa.exe
c:\windows\system32\kewevuro.exe
c:\windows\system32\puleziwu.exe
c:\windows\system32\hisatape.exe
c:\windows\system32\herutoho.exe
c:\windows\system32\hijiwuba.exe
c:\windows\system32\fabireze.exe
c:\windows\system32\keyipole.exe
c:\windows\system32\devoresi.exe
c:\windows\system32\sisazibo.exe
c:\windows\system32\defariha.exe
c:\windows\system32\degipeme.exe
c:\windows\system32\nemudodi.exe
c:\windows\system32\nifarake.dll
c:\windows\system32\lazahuji.dll
c:\windows\system32\tumigike.exe
c:\windows\system32\hizapego.dll
c:\windows\system32\dejidono.dll
c:\windows\system32\hoyobuva.dll
c:\windows\system32\nivedusa.dll
c:\windows\system32\degipeme.dll
c:\windows\system32\guratayo.dll
c:\windows\system32\jaduzumi.dll
c:\windows\system32\hutikovu.dll
c:\windows\system32\mayonibe.dll
c:\windows\system32\falefigi.exe
c:\windows\system32\fegufula.dll
c:\windows\system32\gulobimu.dll.tmp
c:\windows\system32\kopurege.dll
c:\windows\system32\memovovo.dll.tmp
c:\windows\system32\nefuwipi.dll.tmp
c:\windows\system32\nezovefo.dll
c:\windows\system32\onikunuy.tmp
c:\windows\system32\pimihiva.dll
c:\windows\system32\piyuzuju.dll
c:\windows\system32\satulosu.dll
c:\windows\system32\vawokiwe.exe
c:\windows\system32\vofehafi.dll
c:\windows\system32\yabokiya.dll
c:\windows\system32\yakituro.dll.tmp
c:\windows\system32\yepuwuto.dll

Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 JDW1991

JDW1991
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 31 July 2009 - 06:23 AM

I disabled Internet Security and Antivirus; they are out of date. Also, when ComboFix finished this time, it said it had to submit some files to the internet for processing. It didn't reboot.

ComboFix 09-07-29.04 - Joe 31/07/2009 11:54.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.146 [GMT 1:00]
Running from: d:\documents and settings\Joe.049688420010\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Joe.049688420010\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\defariha.exe"
"c:\windows\system32\degipeme.dll"
"c:\windows\system32\degipeme.exe"
"c:\windows\system32\dejidono.dll"
"c:\windows\system32\devoresi.exe"
"c:\windows\system32\fabireze.exe"
"c:\windows\system32\falefigi.exe"
"c:\windows\system32\fegufula.dll"
"c:\windows\system32\gulobimu.dll.tmp"
"c:\windows\system32\guratayo.dll"
"c:\windows\system32\herutoho.exe"
"c:\windows\system32\hijiwuba.exe"
"c:\windows\system32\hisatape.exe"
"c:\windows\system32\hizapego.dll"
"c:\windows\system32\hoyobuva.dll"
"c:\windows\system32\hutikovu.dll"
"c:\windows\system32\jaduzumi.dll"
"c:\windows\system32\kewevuro.exe"
"c:\windows\system32\keyipole.exe"
"c:\windows\system32\kopurege.dll"
"c:\windows\system32\lazahuji.dll"
"c:\windows\system32\lopivasa.exe"
"c:\windows\system32\mayonibe.dll"
"c:\windows\system32\memovovo.dll.tmp"
"c:\windows\system32\nefuwipi.dll.tmp"
"c:\windows\system32\nemudodi.exe"
"c:\windows\system32\nezovefo.dll"
"c:\windows\system32\nifarake.dll"
"c:\windows\system32\nivedusa.dll"
"c:\windows\system32\onikunuy.tmp"
"c:\windows\system32\pimihiva.dll"
"c:\windows\system32\piyuzuju.dll"
"c:\windows\system32\puleziwu.exe"
"c:\windows\system32\satulosu.dll"
"c:\windows\system32\sisazibo.exe"
"c:\windows\system32\tumigike.exe"
"c:\windows\system32\vawokiwe.exe"
"c:\windows\system32\vofehafi.dll"
"c:\windows\system32\yabokiya.dll"
"c:\windows\system32\yakituro.dll.tmp"
"c:\windows\system32\yepuwuto.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\defariha.exe
c:\windows\system32\degipeme.dll
c:\windows\system32\degipeme.exe
c:\windows\system32\dejidono.dll
c:\windows\system32\devoresi.exe
c:\windows\system32\fabireze.exe
c:\windows\system32\falefigi.exe
c:\windows\system32\fegufula.dll
c:\windows\system32\gulobimu.dll.tmp
c:\windows\system32\guratayo.dll
c:\windows\system32\herutoho.exe
c:\windows\system32\hijiwuba.exe
c:\windows\system32\hisatape.exe
c:\windows\system32\hizapego.dll
c:\windows\system32\hoyobuva.dll
c:\windows\system32\hutikovu.dll
c:\windows\system32\jaduzumi.dll
c:\windows\system32\kewevuro.exe
c:\windows\system32\keyipole.exe
c:\windows\system32\kopurege.dll
c:\windows\system32\lazahuji.dll
c:\windows\system32\lopivasa.exe
c:\windows\system32\mayonibe.dll
c:\windows\system32\memovovo.dll.tmp
c:\windows\system32\nefuwipi.dll.tmp
c:\windows\system32\nemudodi.exe
c:\windows\system32\nezovefo.dll
c:\windows\system32\nifarake.dll
c:\windows\system32\nivedusa.dll
c:\windows\system32\onikunuy.tmp
c:\windows\system32\pimihiva.dll
c:\windows\system32\piyuzuju.dll
c:\windows\system32\puleziwu.exe
c:\windows\system32\satulosu.dll
c:\windows\system32\sisazibo.exe
c:\windows\system32\tumigike.exe
c:\windows\system32\vawokiwe.exe
c:\windows\system32\vofehafi.dll
c:\windows\system32\yabokiya.dll
c:\windows\system32\yakituro.dll.tmp
c:\windows\system32\yepuwuto.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-30 11:57 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-30 11:57 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-07-30 11:57 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-30 11:57 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-30 11:57 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-30 11:57 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-30 11:57 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-30 11:57 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-30 11:57 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-30 11:57 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-30 11:53 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-30 11:52 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-27 17:17 . 2009-07-27 17:17 -------- d-----w- c:\program files\Trend Micro
2009-07-25 13:12 . 2009-07-25 13:12 -------- d-----w- d:\documents and settings\Joe.049688420010\Application Data\Malwarebytes
2009-07-25 13:12 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 13:12 . 2009-07-25 13:12 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 13:12 . 2009-07-25 13:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 13:08 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 23:20 . 2009-07-24 23:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 15:53 . 2009-07-20 16:20 -------- d-----w- d:\documents and settings\TEMP
2009-07-03 17:32 . 2009-07-03 17:32 -------- d-----w- d:\documents and settings\Alice.W\Music
2009-07-03 13:58 . 2009-07-03 13:58 -------- d-----w- d:\documents and settings\Jack's\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 09:47 . 2006-10-18 15:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-31 09:31 . 2007-02-11 18:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-30 06:58 . 2007-06-30 19:34 -------- d-----w- d:\documents and settings\Sue.049688420010.000\Application Data\Apple Computer
2009-07-24 23:19 . 2007-02-11 18:01 -------- d-----w- c:\program files\Java
2009-07-20 17:52 . 2008-12-24 14:54 574 ----a-w- C:\cleanup.bat
2009-07-20 17:52 . 2008-12-24 14:54 135168 ----a-w- C:\zip.exe
2009-07-20 15:58 . 2007-03-30 20:51 -------- d-----w- c:\program files\Opera
2009-07-20 15:57 . 2007-11-09 19:29 138216 -c--a-w- d:\documents and settings\Alice.W\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 07:00 . 2009-04-09 07:00 504120 --sha-w- c:\windows\system32\saheloju.exe
2009-06-29 16:12 . 2004-08-10 16:38 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-04-19 13:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 16:37 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-22 18:39 . 2007-12-27 11:03 -------- d-----w- d:\documents and settings\Alice.W\Application Data\LimeWire
2009-06-17 21:49 . 2007-04-12 18:02 -------- d-----w- c:\program files\Winamp
2009-06-17 17:10 . 2007-02-13 22:24 -------- d-----w- d:\documents and settings\Joe.049688420010\Application Data\Ulead Systems
2009-06-16 19:57 . 2008-03-24 21:00 -------- d-----w- c:\program files\Common Files\Apple
2009-06-16 16:01 . 2009-02-13 15:55 -------- d-----w- d:\documents and settings\Joe.049688420010\Application Data\vlc
2009-06-16 15:49 . 2009-03-14 10:09 -------- d-----w- c:\program files\Nokia
2009-06-16 15:44 . 2008-12-24 21:28 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-06-16 14:36 . 2004-08-10 16:38 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 09:07 . 2009-06-14 09:07 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-11 18:49 . 2007-01-20 14:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Kontiki
2009-06-03 19:09 . 2004-08-10 16:38 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 10:52 . 2009-06-03 10:52 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-05-07 15:32 . 2004-08-10 16:37 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-12 20:46 . 2008-06-19 12:15 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-04-11 14:09 . 2009-04-10 18:58 11098144 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_11.38.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-07-31 10:03 . 2009-07-31 10:03 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2004-08-10 16:38 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-10 16:38 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2004-08-10 16:38 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-10 16:38 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2004-08-10 16:38 . 2009-03-29 08:47 73956 c:\windows\system32\perfc009.dat
+ 2004-08-10 16:38 . 2009-07-31 10:07 73956 c:\windows\system32\perfc009.dat
- 2004-08-10 16:54 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-10 16:54 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-10 16:38 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-10 16:38 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
- 2007-08-13 17:54 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-10 16:54 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-10 16:54 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2004-08-10 16:37 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
- 2004-08-10 16:37 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
- 2004-08-10 16:37 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 16:37 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 17:36 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 17:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
- 2007-08-13 17:36 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 17:36 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-05-10 05:37 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-10 05:37 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2007-08-13 17:54 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 17:54 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-10 05:37 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-10 05:37 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 17:39 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 17:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-06-29 16:12 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 17:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 17:39 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-03-18 13:55 . 2009-07-31 09:47 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-26 21:13 . 2006-10-26 21:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-26 20:09 . 2006-10-26 20:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2009-07-31 09:42 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-31 09:42 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-31 09:42 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-31 09:42 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-31 09:42 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-31 09:42 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-31 09:42 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
- 2004-08-10 16:38 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-10 16:38 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-10 16:38 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 16:38 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 16:54 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-10 16:54 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-10 16:54 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
- 2004-08-10 16:38 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
+ 2004-08-10 16:38 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2004-08-10 16:38 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2004-08-10 16:38 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2004-08-10 16:38 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2004-08-10 16:38 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2004-08-10 16:38 . 2009-07-31 10:07 450644 c:\windows\system32\perfh009.dat
- 2004-08-10 16:38 . 2009-03-29 08:47 450644 c:\windows\system32\perfh009.dat
- 2004-08-10 16:38 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2004-08-10 16:38 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2004-08-10 16:38 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
+ 2004-08-10 16:38 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2004-08-10 16:38 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
- 2004-08-10 16:38 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
+ 2004-08-10 16:38 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2004-08-10 16:38 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2004-08-10 16:38 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
- 2004-08-10 16:38 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-10 16:38 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 17:54 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-10 16:54 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-10 16:54 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 16:54 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2004-08-10 16:54 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-10 16:54 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-10 16:37 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2004-08-10 16:37 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-10 16:37 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2007-08-13 17:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-10 16:37 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 16:37 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
- 2004-08-10 16:37 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
- 2004-08-10 16:37 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
- 2004-08-10 16:46 . 2009-01-16 00:17 434960 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 16:46 . 2009-07-31 10:02 434960 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 16:37 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2004-08-10 16:37 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-10 16:37 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 16:38 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2007-08-13 17:54 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-13 17:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 17:54 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 17:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 17:44 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-16 16:51 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-08-13 17:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 17:44 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 17:54 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 17:54 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 17:44 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 17:44 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 17:54 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:54 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-10 05:37 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-10 05:37 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2007-08-13 17:43 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-10 05:37 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 17:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-10 05:37 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 16:56 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 16:56 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 17:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 17:39 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 17:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 17:39 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 17:54 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 17:54 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 17:35 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 17:35 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 17:35 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 17:35 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 17:39 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 17:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-10 16:37 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
+ 2004-08-10 16:37 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2004-08-10 16:37 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
- 2004-08-10 16:37 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2009-05-26 17:53 . 2009-05-26 17:53 579072 c:\windows\Installer\4fb41.msp
+ 2009-07-31 09:30 . 2009-07-31 09:30 248832 c:\windows\Installer\4fb14.msi
- 2007-03-18 13:55 . 2008-12-20 14:38 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-07-31 09:42 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-31 09:42 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-31 09:42 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-31 09:42 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-31 09:42 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-31 09:42 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-31 09:42 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-07-31 09:40 . 2009-07-31 09:40 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2004-08-10 16:38 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2004-08-10 16:38 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-10 16:38 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
- 2004-08-10 16:38 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
+ 2004-08-10 16:38 . 2009-02-06 11:08 2189056 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-07 18:02 2066048 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2008-08-14 09:33 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-10 16:38 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
+ 2007-08-13 17:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 15:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2008-10-16 18:09 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-13 17:54 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-16 19:21 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 19:20 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 19:20 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 19:20 . 2009-02-07 18:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 19:20 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 19:21 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 19:21 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-08-13 17:54 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-10 05:37 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-10 05:37 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-05-04 06:46 . 2009-05-04 06:46 8299008 c:\windows\Installer\4fbd5.msp
+ 2009-05-26 17:54 . 2009-05-26 17:54 4192768 c:\windows\Installer\4fbbd.msp
+ 2009-05-04 06:47 . 2009-05-04 06:47 9124864 c:\windows\Installer\4fba1.msp
+ 2009-04-24 11:30 . 2009-04-24 11:30 2583552 c:\windows\Installer\4fb89.msp
+ 2009-02-25 18:08 . 2009-02-25 18:08 8311808 c:\windows\Installer\4fb70.msp
+ 2009-04-24 11:28 . 2009-04-24 11:28 4450816 c:\windows\Installer\4fb5a.msp
+ 2009-07-02 15:23 . 2009-07-02 15:23 5027328 c:\windows\Installer\4fb2a.msp
+ 2009-04-24 11:29 . 2009-04-24 11:29 9013760 c:\windows\Installer\4fb0d.msp
+ 2007-03-18 13:55 . 2009-07-31 09:47 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-03-18 13:55 . 2008-12-20 14:38 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-03-18 13:55 . 2009-07-31 09:47 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-07-31 09:42 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-07-31 09:42 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-07-31 09:42 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-07-31 09:42 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2008-10-16 19:21 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 19:20 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 19:20 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-16 19:20 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 19:20 . 2009-02-07 18:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 19:21 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-16 19:21 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2004-08-10 16:38 . 2008-11-11 17:34 10838016 c:\windows\system32\wmp.dll
+ 2009-07-31 09:31 . 2009-07-07 07:10 24539592 c:\windows\system32\MRT.exe
+ 2004-08-10 16:38 . 2008-11-11 17:34 10838016 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

d:\documents and settings\Jack's\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Nick\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Sue.049688420010.000\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

d:\documents and settings\Alice.W\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Slim Multimedia Keyboard.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Slim Multimedia Keyboard.lnk
backup=c:\windows\pss\Slim Multimedia Keyboard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Documents and Settings\\Jack's\\My Documents\\Downloads\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCAPP.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NAVAPSVC.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\cidaemon.exe"=
"c:\\WINDOWS\\system32\\LEXBCES.EXE"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\APPS\\ABOARD\\AOSD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [27/10/2007 15:09 11886]
S2 ApacheMS4WWebServer;Apache MS4W Web Server;"d:\documents and settings\Joe.049688420010\My Documents\Joe's Folder\Applications\ms4w_2.2.6\ms4w\Apache\bin\httpd.exe" -k runservice --> d:\documents and settings\Joe.049688420010\My Documents\Joe's Folder\Applications\ms4w_2.2.6\ms4w\Apache\bin\httpd.exe [?]
S2 gupdate1c999b76c529a6c;Google Update Service (gupdate1c999b76c529a6c);c:\program files\Google\Update\GoogleUpdate.exe [28/02/2009 16:15 133104]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [30/04/2008 21:44 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [30/04/2008 21:44 3768]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\AB929248918D05D0.job
- d:\docume~1\sue049~1.000\applic~1\heart1~1\BIRD 2 REAL.exe [2007-05-21 06:36]

2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 15:15]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 15:15]

2009-07-27 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Joe.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.EXE [2004-10-28 12:20]

2009-07-31 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 09:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Joe.049688420010\Application Data\Mozilla\Firefox\Profiles\d8jpl5gt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 12:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-31 12:12
ComboFix-quarantined-files.txt 2009-07-31 11:12
ComboFix2.txt 2009-07-30 12:04

Pre-Run: 9,389,051,904 bytes free
Post-Run: 9,362,612,224 bytes free

520 --- E O F --- 2009-07-31 09:47

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:21 AM

Posted 31 July 2009 - 11:09 AM

Hi JDW1991,

I disabled Internet Security and Antivirus; they are out of date.


And that is the reason you were so infected. Since it is out of date and worthless, uninstall it.

After you have uninstalled Norton, I want you to install a free antivirus antvirus!!

Please install Avira Antivirus: http://www.free-av.com/

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThis log.

It really makes no sense otherwise that we clean this up manually if an Antivirus scan is not present which should be able to deal with most and prevent further reinfection.

Edited by SifuMike, 31 July 2009 - 11:10 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 JDW1991

JDW1991
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 03 August 2009 - 05:09 PM

Avira log and HijackThis log below.

Avira AntiVir Personal
Report file date: 02 August 2009 21:10

Scanning for 1584543 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : 049688420010

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/05/2009 09:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 10:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 11:10:21
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19/07/2009 11:10:23
ANTIVIR3.VDF : 7.1.5.57 445952 Bytes 31/07/2009 11:10:24
Engineversion : 8.2.0.238
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 11:52:04
AESCRIPT.DLL : 8.1.2.22 450938 Bytes 01/08/2009 11:10:27
AESCN.DLL : 8.1.2.4 127348 Bytes 01/08/2009 11:10:27
AERDL.DLL : 8.1.2.4 430452 Bytes 01/08/2009 11:10:26
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 16:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 01/08/2009 11:10:26
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 01/08/2009 11:10:26
AEHELP.DLL : 8.1.5.3 233846 Bytes 01/08/2009 11:10:25
AEGEN.DLL : 8.1.1.53 356724 Bytes 01/08/2009 11:10:24
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 14:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 01/08/2009 11:10:24
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 10:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 15:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 10:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 02 August 2009 21:10

Starting search for hidden objects.
'257819' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'opera.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '55' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Qoobox\Quarantine\[4]-Submit_2009-07-31_11.53.09.zip
[0] Archive type: ZIP
--> defariha.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> degipeme.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> devoresi.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> fabireze.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> falefigi.exe
[1] Archive type: RSRC
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> gulobimu.dll.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
--> herutoho.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> hijiwuba.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> hisatape.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> kewevuro.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> keyipole.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> lopivasa.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> memovovo.dll.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
--> nefuwipi.dll.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
--> nemudodi.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> puleziwu.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> sisazibo.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> tumigike.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> vawokiwe.exe
[1] Archive type: RSRC
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> yabokiya.dll
[1] Archive type: RSRC
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> yakituro.dll.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bafuvisi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bamukitu.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bdfdkf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bekubonu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bikurifo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bobebeji.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\buhedina.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bulimane.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bulopazo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\cuuvfu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\debabawe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\defariha.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\defohesi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\degipeme.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\degipeme.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dejegima.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dejidono.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dekoyemu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\delidubu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\devoresi.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dupefomu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\esdnax.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fabireze.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\falefigi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\falefigi.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fanenoto.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fefiyiri.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fihiwiku.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fogiguzu.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fokitape.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fopihofu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fosowefe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuledipu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gavurane.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gavuzeyi.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gazanudu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gazeyuha.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gedogeye.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gejekoyu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gesiwoha.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gibetara.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gipefewa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\giribemi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\giribemi.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gitisowe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gomujude.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gubebusi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gugiyake.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gukejibu.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gukejibu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gulobimu.dll.tmp.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\guratayo.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hafasego.dll.vir
[DETECTION] Is the TR/Dldr.BHO.fqc Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\haniyuga.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hawajifi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hazafupe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hazagebi.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hegiguve.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\herugife.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\herutoho.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hevesopa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\heyehupi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hijiwuba.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hisatape.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hizapego.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hobavana.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hohejupo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hoyobuva.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hutikovu.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jaduzumi.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\japidahu.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jatipife.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jefizaya.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jesuvaya.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jijejamu.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jijuwajo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jimekaju.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jipilere.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\joliyusi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jowujino.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jufonefi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jukabama.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jurevewa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jureviji.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kafawagi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kanelewu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kapihiwo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kelinepe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kewevuro.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\keyipole.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kiyituhe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\klvqgc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kofemube.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\koladofo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kopurege.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kozezupo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kubuyula.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kumeweva.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kuzeyogi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lagoguze.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\laraguji.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lasobemo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lazahuji.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lehebofi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\leliwomu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lelukuhi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lemutuja.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lezaromo.dll.vir
[DETECTION] Is the TR/Spy.Agent.yqo Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\liwoduki.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lobeyari.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lopivasa.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lotakine.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\loyegeho.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\loyuwisa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lugapeda.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lutajugi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\luveseja.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\luvoneme.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\maboveli.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mamotapi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mayonibe.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mejiyuwo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\memovovo.dll.tmp.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\midogiru.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mikasova.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mumonuwi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mupodalu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\muturebe.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nefuwipi.dll.tmp.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nejehavi.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nemudodi.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nezovefo.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nezusena.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nifarake.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nivedusa.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nodedeje.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nokanoza.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nowaguki.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nubamiko.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ozvgsb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pasogeso.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pebuhewe.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pegigage.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pemivubu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pikusuba.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pimihiva.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\piyuzuju.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\podezowu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\puleziwu.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\putirise.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rafaweti.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ratifuya.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ravufuge.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\reguligu.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\repozuyi.dll.vir
[DETECTION] Is the TR/PSW.OnlineGames.ulvn Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rezakaju.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rinokulo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\riremaja.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\risowupa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\roliwiza.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ropenoya.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\royetuki.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ruhefife.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rurisugo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\safodaru.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\saheloju.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sajekeye.exe.vir
[DETECTION] Is the TR/Qhosts.AD Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sasagasu.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\satevowa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\satulosu.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sazukojo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sekanawo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sekisahi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\setunude.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sewoladu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\seyamoyu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sihosido.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sisazibo.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sokazoya.dll.vir
[DETECTION] Is the TR/Spy.Agent.rzk Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sowemame.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\supiyiha.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\suvekesa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tanetezo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tebusuka.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tefifohi.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tepusiga.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tevaziva.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\teyesiti.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\teyunufa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukejavi.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukowohu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tumigike.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuneyevi.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tutepega.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vagiwara.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vamibedi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vawokiwe.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vayipoki.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vegapaye.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\viliwesi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\viwawobi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vofehafi.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vopereso.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vorosuka.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vosukaso.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vufeguja.dll.vir
[DETECTION] Is the TR/Monder.arge Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vulademu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vzxmts.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wadavuro.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wamejawe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\waseyibe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wasodoku.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wevagofo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wewusigo.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wezisuve.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wipidahe.dll.vir
[DETECTION] Is the TR/PSW.OnlineGames.uoab Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisogola.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wjotfy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wojifizi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wopilawu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wosomupo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\woyawizi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wusorevo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wutakizu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yabokiya.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yabusavu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yadebene.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yakituro.dll.tmp.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yemibumi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yemibumi.exe.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yepuwuto.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yeweduwo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yeweyefa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yihaguta.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yilejino.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yomoviya.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yopareza.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yovinumo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yugovuji.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zawomebe.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zeharw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zifirobo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zimuworo.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zofarimo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zowepaba.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zugibiru.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zuvusibo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\saheloju.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XGTOVOX\d[1].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
Begin scan in 'D:\' <DATA>
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\029E5776.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\029E5776.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK.95 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06D85CDE.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06D85CDE.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK.100 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08AC6240.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08AC6240.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK.96 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A6A1BFA.exe
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A6A1BFA.exe
[DETECTION] Contains recognition pattern of the ADSPY/SaveNow.AN.2 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A7419EF.exe
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A7419EF.exe
[DETECTION] Contains recognition pattern of the ADSPY/Relevant.A adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0A31A5.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15740358.exe
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15740358.exe
[DETECTION] Contains recognition pattern of the ADSPY/NaviPromo.T.24 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15C1336C.ocx
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15C1336C.ocx
[DETECTION] Is the TR/Drop.PurityScan.AE Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E25748.exe
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E25748.exe
[DETECTION] Is the TR/Fakealert.CT Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\190C0C95.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\190C0C95.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\251B09E3.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\251B09E3.dll
[DETECTION] Is the TR/Dldr.VirusBurs.C Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E5738CB.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\482C565E.dll
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A606D4B.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A606D4B.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\600324B0.exe
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\600324B0.exe
--> Object
[2] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dldr.PurityScan.CP.2 Trojan
--> Object
[DETECTION] Is the TR/Dldr.Purity.BV.7 Trojan
[DETECTION] Is the TR/Downloader.Gen Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68DA520D.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68DA520D.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK.96 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D392B48.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D392B48.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK.94 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD20F09.exe
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD20F09.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the ADSPY/Companion.A.1 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\710565B1.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\710565B1.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK.93 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\770C0B1F.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\770C0B1F.dll
[DETECTION] Contains recognition pattern of the ADSPY/2Search.F adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77956E88.exe
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77956E88.exe
[DETECTION] Is the TR/Agent.GL Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A4846AF.dll
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A4846AF.dll
[DETECTION] Contains recognition pattern of the ADSPY/PurityScan.AK.90 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E2333C5.000
[DETECTION] Is the TR/Downloader.Gen Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE87ABE.dll
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{24480200-52DF-4A1B-92DB-A025AA4C25BC}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{24480200-52DF-4A1B-92DB-A025AA4C25BC}\00000001.URM
[DETECTION] Is the TR/Dldr.PurtiScan.B Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2CBA2A7D-9A9D-4CC4-85BA-768179293E74}\00000004.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2CBA2A7D-9A9D-4CC4-85BA-768179293E74}\00000004.URM
[DETECTION] Contains recognition pattern of the DR/Gator.3103.3.A dropper
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{41E02FA5-8765-44CF-B242-F639B3030CDD}\00000001.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{93660FCA-89EB-4036-AB97-EFBA9A246CB4}\00000002.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{93660FCA-89EB-4036-AB97-EFBA9A246CB4}\00000002.URM
[DETECTION] Contains recognition pattern of the ADSPY/Companion.A.1 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A243F2B4-BB5C-459E-A11F-4C44CB9B4A22}\00000002.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A243F2B4-BB5C-459E-A11F-4C44CB9B4A22}\00000002.URM
[DETECTION] Contains recognition pattern of the ADSPY/2Search.c.2 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A243F2B4-BB5C-459E-A11F-4C44CB9B4A22}\00000003.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A243F2B4-BB5C-459E-A11F-4C44CB9B4A22}\00000003.URM
[DETECTION] Contains recognition pattern of the ADSPY/2Search.c.3 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A243F2B4-BB5C-459E-A11F-4C44CB9B4A22}\00000004.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BA1D17D8-9B11-43ED-8387-1256CC2ABC53}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BA1D17D8-9B11-43ED-8387-1256CC2ABC53}\00000001.URM
[DETECTION] Contains recognition pattern of the ADSPY/SaveNow.AN.1 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000001.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000002.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000002.URM
[DETECTION] Is the TR/Dldr.PurtiScan.B Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000003.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000004.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000006.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000006.URM
[DETECTION] Contains recognition pattern of the ADSPY/WinAntiVi.A.5 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000021.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000021.URM
[DETECTION] Is the TR/Dldr.FakeAV.A.6 Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\0000002D.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\0000002D.URM
[DETECTION] Contains recognition pattern of the ADSPY/WinAntiVi.A.2 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000045.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000045.URM
[DETECTION] Is the TR/Dldr.FakeAV.A.4 Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000047.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000047.URM
[DETECTION] Contains recognition pattern of the ADSPY/WinAntiVi.A.3 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000048.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000048.URM
[DETECTION] Is the TR/Dldr.FakeAV.A.5 Trojan
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000049.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000049.URM
[DETECTION] Contains recognition pattern of the ADSPY/WinAntiVi.A.4 adware or spyware
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\0000004B.URM
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\0000004B.URM
[DETECTION] Contains recognition pattern of the ADSPY/Companion.A.1 adware or spyware
D:\Documents and Settings\dad\Local Settings\Temp\~wa6psetup.exe
[DETECTION] Contains recognition pattern of the DR/Fraud.WinAntiVirus.2006.4 dropper
D:\Documents and Settings\Joe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eJS.jar-73996a77-69314c6a.zip
[0] Archive type: ZIP
--> HiPointInstallShieldJS.class
[DETECTION] Is the TR/Dldr.Small.DHE Trojan
D:\Documents and Settings\Joe\Local Settings\Temp\und2CE.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\Joe\Local Settings\Temp\und2CE.tmp
[DETECTION] Is the TR/Dldr.FakeAV.A.5 Trojan
D:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\FMEUFKP3\counter[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
D:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\GGG2YL8P\ns[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
D:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\PIJ5N3GJ\thesafetytool[1].htm
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
D:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\UBDOQUZJ\counter[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
D:\Documents and Settings\Joe\My Documents\My Received Files\XPEnergyBlue2.zip
[0] Archive type: ZIP
--> XPEnergyBlue2.exe
[DETECTION] Is the TR/Agent.Mwy.1 Trojan
D:\Documents and Settings\Joe.049688420010\Application Data\Heart16peak\shimamen.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
D:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\EZ42Y3G2\1[1].htm
[DETECTION] Contains recognition pattern of the JS/FraudLoad.ljg Java script virus
D:\Documents and Settings\Sam\Desktop\empires2.exe
[DETECTION] Is the TR/Small.971264 Trojan
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\5R6QXB0P\1[1].htm
[DETECTION] Contains recognition pattern of the JS/FraudLoad.ljg Java script virus
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\5R6QXB0P\vatoconsulting_biz[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\EQQH4SHH\ad_uk[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\EQQH4SHH\logo[1].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\EQQH4SHH\logo[2].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\d[1].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\glas[1]
[DETECTION] Is the TR/Vundo.Gen Trojan
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\logo[1].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\logo[2].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\offer_new[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Malicious.PDF.Gen HTML script virus
D:\Documents and Settings\Sue.049688420010.000\Application Data\Heart16peak\cdjvnlgp.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
D:\Documents and Settings\Sue.049688420010.000\Application Data\Heart16peak\flap jump bore time.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
D:\Documents and Settings\Sue.049688420010.000\My Documents\My Received Files\image19.zip
[0] Archive type: ZIP
--> image19.jpg-www.photoslides.com
[DETECTION] Is the TR/Jevafus.A.239 Trojan
D:\Documents and Settings\Sue.049688420010.000\My Documents\My Received Files\image23.zip
[0] Archive type: ZIP
--> image23.JPG-www.slideshows.com
[DETECTION] Is the TR/Jevafus.A.239 Trojan
D:\RECYCLER\S-1-5-21-4127577620-2385475772-356134228-1013\Dd779\04-coldplay-42.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

Beginning disinfection:
C:\Qoobox\Quarantine\[4]-Submit_2009-07-31_11.53.09.zip
[NOTE] The file was moved to '4ad32934.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bafuvisi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4adc2961.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bamukitu.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae32961.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bdfdkf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4adc2964.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bekubonu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae12966.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bikurifo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae1296a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bobebeji.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad82970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\buhedina.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade2976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bulimane.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae22976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bulopazo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40d90a1f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cuuvfu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aeb2976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\debabawe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad82966.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\defariha.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4adc2967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\defohesi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40e36be0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\degipeme.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4add2967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\degipeme.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '409c7b70.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dejegima.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae02967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dejidono.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '40a348c0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dekoyemu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae12967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\delidubu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae22967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\devoresi.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aec2967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dupefomu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62977.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\esdnax.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ada2975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fabireze.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ad82964.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\falefigi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae22964.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\falefigi.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '40a9b68d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fanenoto.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae42964.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fefiyiri.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4adc2968.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fihiwiku.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade296c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fogiguzu.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add2972.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fokitape.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae12972.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fopihofu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62972.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fosowefe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae92972.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuledipu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae22978.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gavurane.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec2964.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gavuzeyi.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40b9c4dd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gazanudu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4af02964.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gazeyuha.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40a7d42d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gedogeye.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ada2968.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gejekoyu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae02968.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gesiwoha.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae92968.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gibetara.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad8296c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gipefewa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae6296c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\giribemi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae8296c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\giribemi.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae8296d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gitisowe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea296d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gomujude.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae32973.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gubebusi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad82979.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gugiyake.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add2979.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gukejibu.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae12979.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gukejibu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40844b0a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gulobimu.dll.tmp.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae22979.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\guratayo.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae82979.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hafasego.dll.vir
[DETECTION] Is the TR/Dldr.BHO.fqc Trojan
[NOTE] The file was moved to '4adc2965.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\haniyuga.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae42965.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hawajifi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aed2965.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hazafupe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4af02966.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hazagebi.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '409cb18f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hegiguve.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add296a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\herugife.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae8296a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\herutoho.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4087992b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hevesopa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec296a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\heyehupi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aef296b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hijiwuba.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae0296f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hisatape.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae9296f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hizapego.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4af0296f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hobavana.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad82975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hohejupo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade2975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hoyobuva.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aef2975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hutikovu.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aea297b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jaduzumi.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ada2967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\japidahu.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jatipife.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea2967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jefizaya.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4adc296b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jesuvaya.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae9296b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jijejamu.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40617fd8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jijuwajo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40627700.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jimekaju.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae3296f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jipilere.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae6296f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\joliyusi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae22975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jowujino.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aed2975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jufonefi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4adc297b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jukabama.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae1297c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jurevewa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae8297c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jureviji.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4062b5cd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kafawagi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40578d11.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kanelewu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae42968.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kapihiwo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62968.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kelinepe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae2296c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kewevuro.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aed296c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\keyipole.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aef296c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kiyituhe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aef2970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\klvqgc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec2973.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kofemube.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4adc2976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\koladofo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4076c3f7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kopurege.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae62976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kozezupo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4af02977.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kubuyula.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad8297d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kumeweva.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae3297d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kuzeyogi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4af0297e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lagoguze.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4046305b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\laraguji.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40740993.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lasobemo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae9296a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lazahuji.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4af0296a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lehebofi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade296e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\leliwomu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae2296e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lelukuhi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '40436e8f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lemutuja.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae3296e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lezaromo.dll.vir
[DETECTION] Is the TR/Spy.Agent.yqo Trojan
[NOTE] The file was moved to '4af0296e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\liwoduki.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aed2972.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lobeyari.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad82978.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lopivasa.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae62978.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lotakine.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea2978.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\loyegeho.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aef2979.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\loyuwisa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4041aec2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lugapeda.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add297f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lutajugi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea297f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\luveseja.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec297f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\luvoneme.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '405e8f58.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\maboveli.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad8296b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mamotapi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae3296b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mayonibe.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '405a975c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mejiyuwo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4056ec88.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\memovovo.dll.tmp.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae32970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\midogiru.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ada2974.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mikasova.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae12974.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mumonuwi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae32980.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mupodalu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62980.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\muturebe.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea2980.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nefuwipi.dll.tmp.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4adc2970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nejehavi.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae02971.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nemudodi.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae32971.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nezovefo.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4af02971.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nezusena.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '403232e2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nifarake.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4adc2975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nivedusa.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aec2975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nodedeje.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ada297b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nokanoza.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae1297b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nowaguki.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aed297b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nubamiko.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad82981.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ozvgsb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec2986.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pasogeso.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae9296d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pebuhewe.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad82971.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pegigage.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add2971.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pemivubu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae32972.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pikusuba.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae12976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pimihiva.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae32976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\piyuzuju.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aef2976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\podezowu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ada297c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\puleziwu.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae22982.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\putirise.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea2982.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rafaweti.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4adc296e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ratifuya.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea296e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ravufuge.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec296e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\reguligu.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '400a978b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\repozuyi.dll.vir
[DETECTION] Is the TR/PSW.OnlineGames.ulvn Trojan
[NOTE] The file was moved to '403eefb3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rezakaju.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4af02972.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rinokulo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae42976.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\riremaja.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae82977.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\risowupa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae92977.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\roliwiza.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae2297d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ropenoya.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae6297e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\royetuki.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aef297e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ruhefife.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade2984.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rurisugo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae82984.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\safodaru.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '403f3de1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\saheloju.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade2970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sajekeye.exe.vir
[DETECTION] Is the TR/Qhosts.AD Trojan
[NOTE] The file was moved to '4ae02970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sasagasu.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae92970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\satevowa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea2970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\satulosu.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '40021209.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sazukojo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4af02970.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sekanawo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '400b627d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sekisahi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '400a7ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\setunude.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea2974.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sewoladu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aed2974.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\seyamoyu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4001435e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sihosido.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade2979.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sisazibo.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae92979.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sokazoya.dll.vir
[DETECTION] Is the TR/Spy.Agent.rzk Trojan
[NOTE] The file was moved to '4ae1297f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sowemame.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aed297f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\supiyiha.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62985.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\suvekesa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec2985.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tanetezo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae42971.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tebusuka.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '402e811e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tefifohi.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '402b9946.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tepusiga.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62975.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tevaziva.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44db39f6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\teyesiti.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d7313e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\teyunufa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d60967.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukejavi.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae12986.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukowohu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44da0627.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tumigike.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae32986.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuneyevi.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae42986.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tutepega.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea2986.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vagiwara.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add2973.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vamibedi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a37ffc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vawokiwe.exe.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4aed2973.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vayipoki.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aef2973.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vegapaye.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add2977.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\viliwesi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae2297b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\viwawobi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a8540c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vofehafi.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4adc2981.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vopereso.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62981.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vorosuka.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae82981.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vosukaso.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae92981.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vufeguja.dll.vir
[DETECTION] Is the TR/Monder.arge Trojan
[NOTE] The file was moved to '4adc2988.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vulademu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae22988.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vzxmts.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aee298d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wadavuro.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '449792c5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wamejawe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae32974.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\waseyibe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae92974.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wasodoku.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b9fa7d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wevagofo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec2978.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wewusigo.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aed2978.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wezisuve.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4af02978.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wipidahe.dll.vir
[DETECTION] Is the TR/PSW.OnlineGames.uoab Trojan
[NOTE] The file was moved to '4ae6297d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisogola.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae9297d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wjotfy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae5297e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wojifizi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae02983.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wopilawu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62984.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wosomupo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae92984.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\woyawizi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aef2984.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wusorevo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae9298a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wutakizu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aea298a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yabokiya.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ad82977.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yabusavu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44871680.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yadebene.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ada2977.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yakituro.dll.tmp.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae12977.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yemibumi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae3297b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yemibumi.exe.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '44807664.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yepuwuto.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ae6297b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yeweduwo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '448847d4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yeweyefa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '448b5f0c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yihaguta.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade297f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yilejino.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae2297f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yomoviya.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '448aa44f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yopareza.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae62986.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yovinumo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4487b4df.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yugovuji.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add298c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zawomebe.exe.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44808591.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zeharw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ade297d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zifirobo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b395fa.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zimuworo.dll.tmp.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ae32982.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zofarimo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44ade581.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zowepaba.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aed2989.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zugibiru.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add298f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zuvusibo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aec298f.qua'!
C:\WINDOWS\system32\saheloju.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4ade297c.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XGTOVOX\d[1].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aa72977.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\029E5776.dll
[NOTE] The file was moved to '4aaf294f.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06D85CDE.dll
[NOTE] The file was moved to '4aba2953.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08AC6240.dll
[NOTE] The file was moved to '4ab72955.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A6A1BFA.exe
[NOTE] The file was moved to '4aac295e.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A7419EF.exe
[NOTE] The file was moved to '4aad295f.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0A31A5.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aa62962.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15740358.exe
[NOTE] The file was moved to '4aad2953.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15C1336C.ocx
[NOTE] The file was moved to '4ab92953.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E25748.exe
[NOTE] The file was moved to '4abb2953.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\190C0C95.dll
[NOTE] The file was moved to '4aa62957.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\251B09E3.dll
[NOTE] The file was moved to '4aa72954.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E5738CB.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
[NOTE] The file was moved to '4aab2964.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\482C565E.dll
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
[NOTE] The file was moved to '4aa82957.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A606D4B.dll
[NOTE] The file was moved to '4aac2960.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\600324B0.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aa6294f.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68DA520D.dll
[NOTE] The file was moved to '4aba2958.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D392B48.dll
[NOTE] The file was moved to '4aa92964.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD20F09.exe
[NOTE] The file was moved to '4aba2966.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\710565B1.dll
[NOTE] The file was moved to '4aa62951.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\770C0B1F.dll
[NOTE] The file was moved to '442198f8.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77956E88.exe
[NOTE] The file was moved to '4aaf2957.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A4846AF.dll
[NOTE] The file was moved to '4aaa2961.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E2333C5.000
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aa82966.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE87ABE.dll
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
[NOTE] The file was moved to '4abb2967.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{24480200-52DF-4A1B-92DB-A025AA4C25BC}\00000001.URM
[NOTE] The file was moved to '442bda12.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2CBA2A7D-9A9D-4CC4-85BA-768179293E74}\00000004.URM
[NOTE] The file was moved to '4428d25a.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{41E02FA5-8765-44CF-B242-F639B3030CDD}\00000001.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '44362b82.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{93660FCA-89EB-4036-AB97-EFBA9A246CB4}\00000002.URM
[NOTE] The file was moved to '443723ca.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A243F2B4-BB5C-459E-A11F-4C44CB9B4A22}\00000002.URM
[NOTE] The file was moved to '44343b32.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A243F2B4-BB5C-459E-A11F-4C44CB9B4A22}\00000003.URM
[NOTE] The file was moved to '4435337a.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{A243F2B4-BB5C-459E-A11F-4C44CB9B4A22}\00000004.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '443208a2.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BA1D17D8-9B11-43ED-8387-1256CC2ABC53}\00000001.URM
[NOTE] The file was moved to '443300ea.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000001.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '443018d2.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000002.URM
[NOTE] The file was moved to '4431101a.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000003.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '443e6842.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{BEC63B3B-72D5-4725-B073-38AB85AA82E3}\00000004.URM
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '443f618a.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000006.URM
[NOTE] The file was moved to '4aa62952.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000021.URM
[NOTE] The file was moved to '443d713b.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\0000002D.URM
[NOTE] The file was moved to '443a4963.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000045.URM
[NOTE] The file was moved to '443b4eab.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000047.URM
[NOTE] The file was moved to '44384693.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000048.URM
[NOTE] The file was moved to '44395edb.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\00000049.URM
[NOTE] The file was moved to '4aa62954.qua'!
D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{EA3B502D-ECCE-469E-8A7D-7CF9FA176E2A}\0000004B.URM
[NOTE] The file was moved to '4407ae4d.qua'!
D:\Documents and Settings\dad\Local Settings\Temp\~wa6psetup.exe
[DETECTION] Contains recognition pattern of the DR/Fraud.WinAntiVirus.2006.4 dropper
[NOTE] The file was moved to '4ad7299c.qua'!
D:\Documents and Settings\Joe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eJS.jar-73996a77-69314c6a.zip
[NOTE] The file was moved to '4ac92971.qua'!
D:\Documents and Settings\Joe\Local Settings\Temp\und2CE.tmp
[NOTE] The file was moved to '4ada2995.qua'!
D:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\FMEUFKP3\counter[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4aeb2997.qua'!
D:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\GGG2YL8P\ns[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4ad1299b.qua'!
D:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\PIJ5N3GJ\thesafetytool[1].htm
[DETECTION] Contains recognition pattern of the ADSPY/PestTrap adware or spyware
[NOTE] The file was moved to '4adb2990.qua'!
D:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\UBDOQUZJ\counter[1].htm
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4441e4b8.qua'!
D:\Documents and Settings\Joe\My Documents\My Received Files\XPEnergyBlue2.zip
[NOTE] The file was moved to '4abb2979.qua'!
D:\Documents and Settings\Joe.049688420010\Application Data\Heart16peak\shimamen.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4adf2992.qua'!
D:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\EZ42Y3G2\1[1].htm
[DETECTION] Contains recognition pattern of the JS/FraudLoad.ljg Java script virus
[NOTE] The file was moved to '4aa72985.qua'!
D:\Documents and Settings\Sam\Desktop\empires2.exe
[DETECTION] Is the TR/Small.971264 Trojan
[NOTE] The file was moved to '4ae62997.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\5R6QXB0P\1[1].htm
[DETECTION] Contains recognition pattern of the JS/FraudLoad.ljg Java script virus
[NOTE] The file was moved to '44123376.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\5R6QXB0P\vatoconsulting_biz[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4aea298b.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\EQQH4SHH\ad_uk[1].htm
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4ad5298e.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\EQQH4SHH\logo[1].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add2999.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\EQQH4SHH\logo[2].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4471f52a.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\d[1].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4aa72986.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\glas[1]
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ad72997.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\logo[1].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4add299a.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\logo[2].htm
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '446178f3.qua'!
D:\Documents and Settings\Sam.049688420010\Local Settings\Temporary Internet Files\Content.IE5\FTSX13W0\offer_new[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Malicious.PDF.Gen HTML script virus
[NOTE] The file was moved to '4adc2991.qua'!
D:\Documents and Settings\Sue.049688420010.000\Application Data\Heart16peak\cdjvnlgp.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4ae0298f.qua'!
D:\Documents and Settings\Sue.049688420010.000\Application Data\Heart16peak\flap jump bore time.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4ad72998.qua'!
D:\Documents and Settings\Sue.049688420010.000\My Documents\My Received Files\image19.zip
[NOTE] The file was moved to '4ad72999.qua'!
D:\Documents and Settings\Sue.049688420010.000\My Documents\My Received Files\image23.zip
[NOTE] The file was moved to '4467d24a.qua'!
D:\RECYCLER\S-1-5-21-4127577620-2385475772-356134228-1013\Dd779\04-coldplay-42.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4aa32960.qua'!


End of the scan: 03 August 2009 01:02
Used time: 3:49:40 Hour(s)

The scan has been done completely.

26113 Scanned directories
521233 Files were scanned
342 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
320 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
520889 Files not concerned
15265 Archives were scanned
2 Warnings
322 Notes
257819 Objects were scanned with rootkit scan
0 Hidden objects were found

************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:04, on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - ?????????????U?????????????????????????n?????????????????????????n?????????????? - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache MS4W Web Server (ApacheMS4WWebServer) - Unknown owner - D:\Documents and Settings\Joe.049688420010\My Documents\Joe's Folder\Applications\ms4w_2.2.6\ms4w\Apache\bin\httpd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Update Service (gupdate1c999b76c529a6c) (gupdate1c999b76c529a6c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8002 bytes

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:21 AM

Posted 03 August 2009 - 05:53 PM

Hi JDW1991

You deserve the prize for the most infected computer of the week. :thumbup2:

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Vista only:
Try right-clicking the HijackThis icon and select "Run As Administrator".

Please run HijackThis and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - ?????????????U?????????????????????????n?????????????????????????n??????????????  - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)



Close all browsers and other windows except for HijackThis, and click "Fix checked"


Reboot your computer.

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post even if it finds nothing.
You can refer to this animation by sundavis if needed.


Also post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users