Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help


  • Please log in to reply
9 replies to this topic

#1 hijack me

hijack me

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 24 October 2009 - 06:13 AM

A week or so ago I noticed that the folder tab had dissapeared from the top of all my explorer and browser windows, when i search online for a solution i was directed to try and edit some system setting witch i was denied access to because i am not the administrator. This should be false as i am the only one using the PC and set it up myself. I have no anti virus as i had gained some frustration with Norton then AVG, it seemed to be fine for a few months guess I've learned a valuable lesson. Am sorry I cant really remember any more about the problem as I have moved to student accommodation and have been away from the PC. Also the RootRepeal scan keeps crashing and I have no icon for mycomputer and a mysterious D drive icon that asks if i want to format? I've noticed the PC shutting down randomly when I'm not about, i know this due to ram problems that ask me to hit F1 at startup.


DDS (Ver_09-10-24.01) - NTFSx86
Run by Ryan at 11:33:51.17 on 24/10/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=13920&l=dis
uWindow Title = Tiscali Internet Access
mWindow Title = Tiscali Internet Access
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe
mWinlogon: Taskman=c:\recycler\s-1-5-21-8642560273-8833150452-912256250-8271\wnzip32.exe
BHO: c:\windows\system32\gumbawl4.dll: {a249bc15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\gumbawl4.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [Google Update] "c:\documents and settings\ryan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\docume~1\ryan\locals~1\temp\taskmgr.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe"
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Cobian Backup 9 interface] "c:\program files\cobian backup 9\cbInterface.exe" -service
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\windows\temp\mdm.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {7D295657-FECA-495F-A641-A77B9A2A9332} = 62.6.40.178 194.72.9.38
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: HfIXeuNw - {B087E241-1A2D-48EB-FA52-1B52A1D9F3F2} - c:\windows\system32\xv.dll
STS: c:\windows\system32\gumbawl4.dll: {a249bc15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\gumbawl4.dll

============= SERVICES / DRIVERS ===============


============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-10-24 10:02:19 0 d-----w- c:\program files\Cobian Backup 9
2009-10-13 22:13:12 0 d-----w- c:\program files\Trend Micro
2009-10-03 23:24:18 0 d-----w- c:\program files\VideoLAN
2009-10-03 10:55:02 0 d-----w- c:\program files\uTorrent
2009-10-02 00:18:27 0 d-----w- c:\docume~1\ryan\applic~1\Red Kawa
2009-10-02 00:14:39 0 d-----w- c:\program files\Regensoft
2009-10-02 00:14:34 0 d-----w- c:\program files\AviSynth 2.5
2009-10-02 00:14:25 0 d-----w- c:\program files\Red Kawa
2009-09-30 08:05:01 48640 ----a-w- c:\windows\system32\drivers\smss.exe
2009-09-30 08:04:31 15000 ----a-w- c:\windows\system32\gumbawl4.dll
2009-09-30 08:04:12 19456 ----a-w- C:\xrwy.exe
2009-09-30 08:04:11 5632 ----a-w- C:\rlswn.exe
2009-09-30 07:32:38 15000 ----a-w- c:\windows\system32\u4fssr.dll
2009-09-30 07:32:22 15000 ----a-w- c:\windows\system32\ipmqg8n3nz.dll
2009-09-30 07:31:59 15000 ----a-w- c:\windows\system32\qqz3gauj.dll
2009-09-30 07:31:50 15000 ----a-w- c:\windows\system32\f6ncl.dll
2009-09-30 07:31:46 15000 ----a-w- c:\windows\system32\dkwl1qo.dll
2009-09-30 07:31:43 48640 ----a-w- C:\yonm.exe
2009-09-30 07:31:39 15000 ----a-w- c:\windows\system32\ijr19.dll
2009-09-30 07:31:37 15000 ----a-w- c:\windows\system32\rvl0k7zpa.dll
2009-09-30 07:31:28 110080 ----a-w- C:\mtlff.exe

==================== Find3M ====================

2009-09-17 04:04:27 28096 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-06 23:16:10 2008 ----a-w- c:\docume~1\ryan\applic~1\wklnhst.dat
2009-08-28 18:42:52 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll

============= FINISH: 11:34:07.84 ===============

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:25 PM

Posted 26 October 2009 - 03:48 PM

Hello hijack me :( Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Please perform the following:



We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.




Please do not post any logs as an attachment unless asked to do so.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 hijack me

hijack me
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 28 October 2009 - 04:57 PM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 21:54:43
Windows 5.1.2600 Service Pack 3
Running: et0gn3u1.exe; Driver: C:\DOCUME~1\Ryan\LOCALS~1\Temp\agayyaob.sys


---- User code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\svchost.exe[208] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[208] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\winlogon.exe[636] C:\WINDOWS\system32\winlogon.exe section is executable [0x01077000, 0xB000, 0x60000060]
.rsrc C:\WINDOWS\system32\winlogon.exe[636] C:\WINDOWS\system32\winlogon.exe entry point in ".rsrc" section [0x01081000]
.rsrc C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\system32\services.exe section is executable [0x0101C000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\services.exe[688] C:\WINDOWS\system32\services.exe entry point in ".rsrc" section [0x0101D000]
.rsrc C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[876] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[932] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[932] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\System32\svchost.exe[984] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[1084] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1084] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[1116] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1116] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.rsrc C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1380] C:\WINDOWS\system32\svchost.exe entry point in ".rsrc" section [0x01006000]
.aspack C:\WINDOWS\system32\drivers\smss.exe[1736] C:\WINDOWS\system32\drivers\smss.exe entry point in ".aspack" section [0x0041A001]
.adata C:\WINDOWS\system32\drivers\smss.exe[1736] C:\WINDOWS\system32\drivers\smss.exe unknown last section [0x0041E000, 0x1000, 0xC0000040]
.reloc C:\WINDOWS\Explorer.EXE[1772] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x5000, 0x62000060]
.reloc C:\WINDOWS\Explorer.EXE[1772] C:\WINDOWS\Explorer.EXE entry point in ".reloc" section [0x010FF000]
.rsrc C:\WINDOWS\System32\svchost.exe[1896] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x2000, 0x60000060]
.rsrc C:\WINDOWS\System32\svchost.exe[1896] C:\WINDOWS\System32\svchost.exe entry point in ".rsrc" section [0x01006000]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E351F8F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351F10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E351F54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351E9C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351ED6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E351FCA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35218C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] ws2_32.dll!send 71AB4C27 5 Bytes JMP 1042584C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10425BA8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10425D88
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4960] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10425CF8
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5508] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5840] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

Device \FileSystem\Fastfat \Fat B7786D20

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\nvnetbus\SNPU@FwlSocketHandleRemove 2164

---- EOF - GMER 1.0.15 ----

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:25 PM

Posted 28 October 2009 - 05:51 PM

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.








Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 hijack me

hijack me
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 30 October 2009 - 09:39 AM

Malwarebytes' Anti-Malware 1.41
Database version: 3060
Windows 5.1.2600 Service Pack 3

30/10/2009 14:36:55
mbam-log-2009-10-30 (14-36-55).txt

Scan type: Quick Scan
Objects scanned: 103411
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 7
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 293

Memory Processes Infected:
C:\WINDOWS\system32\drivers\smss.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\gumbawl4.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a249bc15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a249bc15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a249bc15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a249bc15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yjafosi8kdf98winmdkmnkmfnwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yjafosi8kdf98winmdkmnkmfnwe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\drivers\smss.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\drivers\smss.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gumbawl4.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mdm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\mtlff.exe (Backdoor.BHO) -> Quarantined and deleted successfully.
C:\rlswn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\xrwy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\yonm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8642560273-8833150452-912256250-8271\wnzip32.exe (Backdoor.BHO) -> Delete on reboot.
C:\WINDOWS\system32\u4fssr.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f6ncl.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dkwl1qo.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rvl0k7zpa.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qqz3gauj.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijr19.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipmqg8n3nz.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1170612772.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1097230006.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\128.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\129.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\12A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\12B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\12C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\12E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\12F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\130.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\131.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\133.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\134.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\135.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\136.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\137.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\138.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\139.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\13A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\llskpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\login.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\n.exn (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\nzki2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\p6f4v.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\f74k4g.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\winamp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\13B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\150.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\165.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\17A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\18E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1A4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1B9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1C0.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1E3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1F8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\20D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\220.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\236.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\24B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\25F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\275.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\28A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\2A2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\hckdhci.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\avp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\b0offhtc96.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\c4f8kmfg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\cmd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\13C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\13D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\13E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\13F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\140.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\141.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\142.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\143.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\144.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\146.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\147.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\148.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\149.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\14A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\14C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\14D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\14E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\14F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\152.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\153.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\154.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\155.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\156.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\157.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\158.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\159.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\15A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\15B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\15E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\15F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\160.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\161.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\162.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\163.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\164.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\166.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\167.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\168.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\169.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\16A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\16B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\16C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\16D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\16E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\16F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\171.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\172.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\174.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\175.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\176.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\177.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\178.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\179.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\17C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\17F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\180.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\182.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\185.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\186.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\189.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\190946752.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\191.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\19D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\19E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\19F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1A0.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1A1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1A2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1A6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1A8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1A9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1AB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1AC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1B4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1B8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1BA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1BE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1E2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1E5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1E8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1EB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1EE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1F9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1FA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1FB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1FD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\1FE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\200.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\201.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\202.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\203.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\204.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\205.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\206.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\207.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\208.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\20A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\20C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\20E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\20F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\210.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\211.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\212.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\213.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\214.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\215.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\216.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\217.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\217353002.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\218.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\21A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\21B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\21C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\21D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\21E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\21F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\221.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\223.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\224.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\225.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\226.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\227.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\22A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\22B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\22C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\22E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\22F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\230.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\232.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\233.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\234.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\238.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\239.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\23B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\23E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\23F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\242.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\247.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\24A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\24E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\24F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\250.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\251.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\252.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\254.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\258.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\259.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\25A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\25C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\25E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\262.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\263.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\264.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\265.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\267.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\269.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\26A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\26B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\26C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\26D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\26E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\26F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\270.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\271.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\272.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\273.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\274.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\276.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\277.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\278.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\279.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\27A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\27D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\27E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\27F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\281.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\282.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\283.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\284.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\285.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\286.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\288.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\289.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\28B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\28C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\28D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\28E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\28F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\292.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\293.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\294.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\295.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\296.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\297.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\298.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\299.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\29A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\29B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\29C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\29D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\29E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\29F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\2A0.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\r79lcilb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\rsyncini.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\e6v5r.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\2A3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\2A4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\2A5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\2A6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\2A7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\325165502.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\6FWX6P1W\buuiijjx[3].htm (Backdoor.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\6FWX6P1W\lbblzmzax[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\H87I5P3M\lbblzmzax[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\Y3FHZQNY\elyii[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\Y3FHZQNY\inst32A[1].com (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\Y3FHZQNY\atuuiima[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\Y3FHZQNY\atuuiima[3].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:25 PM

Posted 30 October 2009 - 09:47 AM

I would say you were definitely infected. That was a big MBAM log.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:25 PM

Posted 03 November 2009 - 09:20 AM

Are you still with me?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:25 PM

Posted 04 November 2009 - 10:57 PM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact my by PM. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:25 PM

Posted 07 November 2009 - 11:38 AM

I'm am going to reopen this topic but keep in mind it is not polite to go away and not let me know anything. I would not do that to you as a user and I only ask for the same courtesy.


The following scan will take quite a bit of time to run so be patient with it.


Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#10 hijack me

hijack me
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 15 November 2009 - 06:52 AM

I had to do a factory restore just to get my connection up and running but the scan still found 2 objec

KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 15, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 15, 2009 02:55:52
Records in database: 3210640
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics
Objects scanned 161002
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 05:08:15

File name Threat Threats count
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
H:\BBDesktopHelpInstall.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
Selected area has been scanned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users