Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2010 (new variant)- Need help


  • This topic is locked This topic is locked
16 replies to this topic

#1 tgrisko

tgrisko

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 01 October 2010 - 10:54 PM

Well.... a friend of mine got his Toshiba laptop with Windows XP SP3 infected with Anti-virus 2010 malware and its a doozy! He connects wirelessly via a router... and thats the way I am working on it as well... If I need to LAN it.... I can.... just let me know....

I have tried to located the files, registry keys and processes running this malware following all the 'fixes' listed on the web....

blocked sites, deleted select registry keys, and search HDD for files... none of which worked. What I mean is, the filenames were not found (might be respawning under a different name) DLL files not located, maybe 5 of 10 registry keys affected were located and deleted( not all of them listed were found in the registry)

It had already disabled the firewall, antivirus software and Spyhunter when I got it.... I installed Malwarebytes after completing the manual procedures for cleaning. when I try to run it ( either in normal mode or safe mode) the main screen appears, once you kit scan the virus kills the program and deletes the execution files.

I have tried using HijackThis and get the same result... the virus kills it and deletes the .exe file for it.

I have now turned to you all for assistance.... I have followed the guide from this site with some issues I cannot resolve:

I turned off the CD emulator, unblocked the scripting and proceeded to run the DDS.... sat for 30 minutes with no notepad files popping up.... it actually locked up the PC. I restarted, did all the same stuff again and ran DDS... no luck on the files.

I then ran the GMER log generator as described... its been running ( not locked up) for 4 hours now....is this normal? should I run these logs out of safe mode? Im in normal login now...

Once GMER completes... I will post the log file....

Any suggestions? thanks!

OK... I got the DDS files to complete by doing it in safe mode.... it was the only way. The GMER Log does NOT work and locks up after 4-5 hours... yes it is running and doing its thing for that long. TWICE yesterday with same result... once in normal mode... once in safe mode.

Here is the DDS log and the Attach.zip is uploaded.

THIS COMPUTER IS NOT BEING USED AT ALL RIGHT NOW WHILE BEING DIAGNOSED BY THIS SITE..


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Barbara Albiniano at 22:41:29.78 on Thu 09/30/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1393 [GMT -7:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\QuickTime\qttask .exe
C:\PROGRA~1\FREEDO~1\fdm .exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Barbara Albiniano\Desktop\dds.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [Getdo]
uRun: [{4CB8A0BA-76B2-B049-2C56-F1F6586907F6}] "c:\documents and settings\barbara albiniano\application data\azetg\upqa.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [LtMoh] "c:\program files\ltmoh\Ltmoh.exe"
mRun: [AGRSMMSG] "c:\windows\AGRSMMSG.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] "c:\windows\system32\TPSMain.exe"
mRun: [PadTouch] "c:\program files\toshiba\touch and launch\PadExe.exe"
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
StartupFolder: c:\docume~1\barbar~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180159054296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\barbar~1\applic~1\mozilla\firefox\profiles\g2hvt3c0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101058100&s=
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\barbara albiniano\local settings\application data\yahoo!\browserplus\2.7.0\plugins\npybrowserplus_2.7.0.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-26 353672]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2008-10-19 1201640]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [2005-11-4 12800]
S2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2007-7-18 1858144]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-9 135664]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
S3 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\ge fanuc\proficy machine edition\fxview\runtime\proficydrivers\win32\gefpdfopc.exe --> c:\program files\ge fanuc\proficy machine edition\fxview\runtime\proficydrivers\win32\GefPdfOpc.exe [?]
S3 USA19H;USA19H;c:\windows\system32\drivers\usa19h2k.sys --> c:\windows\system32\drivers\USA19H2k.sys [?]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\usa19h2kp.sys --> c:\windows\system32\drivers\USA19H2kp.SYS [?]

============== File Associations ===============

.scr=

=============== Created Last 30 ================

2010-10-01 05:25:03 0 d-----w- c:\docume~1\barbar~1\applic~1\SUPERAntiSpyware.com
2010-10-01 05:25:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-01 01:04:09 0 ----a-w- c:\documents and settings\barbara albiniano\defogger_reenable
2010-09-30 19:46:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 19:46:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 19:46:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 12:11:16 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-30 12:11:15 0 d-----w- c:\program files\Trend Micro
2010-09-21 23:21:11 72706 ----a-w- c:\docume~1\alluse~1\applic~1\XG03mHGo.exe
2010-09-21 23:13:03 112 ----a-w- c:\docume~1\alluse~1\applic~1\ErxxGM.dat
2010-09-21 18:53:07 53248 ----a-w- c:\windows\system32\6to4v32.dll
2010-09-21 16:40:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Update

==================== Find3M ====================

2010-09-21 20:48:52 94724 ----a-w- c:\windows\RTHDCPL.EXE
2010-09-21 20:48:52 94724 ----a-w- c:\windows\ALCMTR.EXE
2010-09-21 20:48:52 94724 ----a-w- c:\windows\AGRSMMSG.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2008-07-21 03:10:33 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072020080721\index.dat

============= FINISH: 22:42:40.04 ===============

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 02 October 2010 - 03:19 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 07 October 2010 - 07:45 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 tgrisko

tgrisko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 08 October 2010 - 06:09 AM

Thanks! I am here.... I am just about ready to nuke this laptop....

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 08 October 2010 - 06:30 PM

No need to nuke the machine.

Let's test what this virus will let us do.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Next

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.

Then attempt to run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 tgrisko

tgrisko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 09 October 2010 - 12:24 PM

Thanks for all the help with this.

I wanted to attempt to rid this machine of the 2010 Antivirus by myself, but I had no luck. I found a way to run Malwarebytes by renaming the execution file... it found several viruses, but still have many issues.

I decided to rerun the DDS, GMER as well as the EXEHELPER, RKILL and COMBOFIX.

DDS Log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Barbara Albiniano at 17:44:34.65 on Thu 10/07/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1409 [GMT -7:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\opcenum.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\RTHDCPL .exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey .exe
C:\WINDOWS\AGRSMMSG .exe
C:\Program Files\Toshiba\Tvs\TvsTray .exe
C:\Program Files\ltmoh\Ltmoh .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe .exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView .exe
C:\Program Files\Microsoft IntelliPoint\ipoint .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Free Download Manager\fdm .exe
C:\Program Files\Atheros\ACU .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\ATT-SST\McciTrayApp .exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Documents and Settings\Barbara Albiniano\Desktop\dds.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [LtMoh] "c:\program files\ltmoh\Ltmoh.exe"
mRun: [AGRSMMSG] "c:\windows\AGRSMMSG.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] "c:\windows\system32\TPSMain.exe"
mRun: [PadTouch] "c:\program files\toshiba\touch and launch\PadExe.exe"
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: motive.com\patttbc.att
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180159054296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\barbar~1\applic~1\mozilla\firefox\profiles\g2hvt3c0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101058100&s=
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

S3 mvb35316;mvb35316; [x]
S3 USA19H;USA19H;c:\windows\system32\drivers\usa19h2k.sys --> c:\windows\system32\drivers\USA19H2k.sys [?]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\usa19h2kp.sys --> c:\windows\system32\drivers\USA19H2kp.SYS [?]

=============== Created Last 30 ================

2010-10-06 03:12:26 0 d-----w- c:\docume~1\barbar~1\applic~1\Uniblue
2010-10-06 01:37:45 0 d-----w- c:\docume~1\barbar~1\applic~1\IObit
2010-10-06 01:37:44 0 d-----w- c:\program files\IObit
2010-10-06 01:11:53 0 d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-06 01:00:57 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-06 00:51:33 0 d-----w- c:\program files\AVG
2010-10-06 00:43:57 0 d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-05 01:10:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 01:09:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 05:25:03 0 d-----w- c:\docume~1\barbar~1\applic~1\SUPERAntiSpyware.com
2010-10-01 05:25:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-01 01:04:09 0 ----a-w- c:\documents and settings\barbara albiniano\defogger_reenable
2010-09-30 19:46:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 12:11:16 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-30 12:11:15 0 d-----w- c:\program files\Trend Micro
2010-09-21 23:21:11 73218 ----a-w- c:\docume~1\alluse~1\applic~1\XG03mHGo.exe
2010-09-21 23:13:03 112 ----a-w- c:\docume~1\alluse~1\applic~1\ErxxGM.dat
2010-09-21 16:40:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Update

==================== Find3M ====================

2010-09-21 20:48:52 94724 ----a-w- c:\windows\RTHDCPL.EXE
2010-09-21 20:48:52 94724 ----a-w- c:\windows\ALCMTR.EXE
2010-09-21 20:48:52 94724 ----a-w- c:\windows\AGRSMMSG.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2008-07-21 03:10:33 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072020080721\index.dat

============= FINISH: 17:48:30.84 ===============


EXEHELPER Log:

exeHelper by Raktor
Build 20100414
Run at 17:15:25 on 10/07/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


RKILL Log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Barbara Albiniano on 10/07/2010 at 17:30:57.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Barbara Albiniano\Desktop\rkill.exe


Rkill completed on 10/07/2010 at 17:31:24.


COMBOFIX Log:

ComboFix 10-10-08.01 - Barbara Albiniano 10/08/2010 9:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1519 [GMT -7:00]
Running from: c:\documents and settings\Barbara Albiniano\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\All Users\Application Data\XG03mHGo.exe
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
c:\program files\Atheros\ACU.exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\program files\ATT-SST\McciTrayApp.exe
c:\program files\Free Download Manager\fdm.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\ltmoh\Ltmoh.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\Microsoft IntelliPoint\ipoint.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Toshiba\Toshiba Applet\thotkey.exe
c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
c:\program files\Toshiba\Tvs\TvsTray.exe
c:\program files\Windows Media Player\WMPNSCFG.exe
c:\toshiba\ivp\ism\pinger.exe
c:\windows\AGRSMMSG.exe
c:\windows\ALCMTR.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\spool\prtprocs\w32x86\CNMPD9D.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPP9D.DLL

CODE
<pre>
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe --->c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
c:\program files\Atheros\ACU .exe --->c:\program files\Atheros\ACU.exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe --->c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\program files\ATT-SST\McciTrayApp .exe --->c:\program files\ATT-SST\McciTrayApp.exe
c:\program files\Free Download Manager\fdm .exe --->c:\program files\Free Download Manager\fdm.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe --->c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\ltmoh\Ltmoh .exe --->c:\program files\ltmoh\Ltmoh.exe
c:\program files\Messenger\msmsgs .exe --->c:\program files\Messenger\msmsgs.exe
c:\program files\Microsoft IntelliPoint\ipoint .exe --->c:\program files\Microsoft IntelliPoint\ipoint.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe --->c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\QuickTime\qttask                                                                                                                                                                                       .exe --->c:\program files\QuickTime\qttask.exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe --->c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynTPLpr .exe --->c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\thotkey .exe --->c:\program files\TOSHIBA\TOSHIBA Applet\thotkey.exe
c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView .exe --->c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
c:\program files\TOSHIBA\Touch and Launch\PadExe .exe --->c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
c:\program files\TOSHIBA\Tvs\TvsTray .exe --->c:\program files\TOSHIBA\Tvs\TvsTray.exe
c:\program files\Windows Media Player\WMPNSCFG .exe --->c:\program files\Windows Media Player\WMPNSCFG.exe
c:\toshiba\IVP\ISM\pinger .exe --->c:\toshiba\IVP\ISM\pinger.exe
c:\windows\AGRSMMSG .exe --->c:\windows\AGRSMMSG.exe
c:\windows\ALCMTR .exe --->c:\windows\ALCMTR.exe
c:\windows\RTHDCPL .exe --->c:\windows\RTHDCPL.exe
</pre>

.
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
c:\windows\system32\drivers\asyncmac.sys was missing
Restored copy from - c:\windows\system32\dllcache\asyncmac.sys

.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 17:03 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-10-08 17:03 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-10-06 03:12 . 2010-10-06 03:12 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Uniblue
2010-10-06 02:32 . 2010-09-07 01:51 268640 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\setup.exe
2010-10-06 02:32 . 2010-05-11 14:35 865280 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\htmlayout.dll
2010-10-06 02:32 . 2010-09-21 18:53 3142496 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\avgmfapx.exe
2010-10-06 02:32 . 2010-09-17 03:10 675168 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\avgmfarx.dll
2010-10-06 02:32 . 2010-09-09 23:45 237408 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe
2010-10-06 02:32 . 2010-09-07 01:50 282464 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\avgntdumpx.exe
2010-10-06 01:37 . 2010-10-06 01:37 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\IObit
2010-10-06 01:37 . 2010-10-06 01:37 -------- d-----w- c:\program files\IObit
2010-10-06 01:11 . 2010-10-06 01:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-06 01:00 . 2010-10-06 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-06 00:51 . 2010-10-06 00:51 -------- d-----w- c:\program files\AVG
2010-10-06 00:43 . 2010-10-06 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-05 01:10 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 01:09 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 05:25 . 2010-10-01 05:25 63488 ----a-w- c:\documents and settings\Barbara Albiniano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-01 05:25 . 2010-10-01 05:25 52224 ----a-w- c:\documents and settings\Barbara Albiniano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-01 05:25 . 2010-10-01 05:25 117760 ----a-w- c:\documents and settings\Barbara Albiniano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-01 05:25 . 2010-10-01 05:25 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\SUPERAntiSpyware.com
2010-10-01 05:25 . 2010-10-01 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-01 00:18 . 2010-10-01 00:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-30 19:46 . 2010-10-05 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 19:44 . 2010-09-30 19:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-30 12:11 . 2010-09-30 12:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-30 12:11 . 2010-09-30 12:11 -------- d-----w- c:\program files\Trend Micro
2010-09-21 16:40 . 2010-10-04 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-21 15:23 . 2010-09-21 15:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-09-21 15:22 . 2010-09-21 15:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 17:04 . 2009-09-11 08:03 -------- d-----w- c:\program files\QuickTime
2010-10-08 17:04 . 2008-02-02 06:44 -------- d-----w- c:\program files\Free Download Manager
2010-10-08 17:04 . 2007-08-09 22:02 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-10-08 17:04 . 2005-11-30 23:16 -------- d-----w- c:\program files\ltmoh
2010-10-08 17:04 . 2010-03-04 00:31 -------- d-----w- c:\program files\ATT-SST
2010-10-08 17:04 . 2006-06-23 02:10 -------- d-----w- c:\program files\Atheros
2010-10-08 16:51 . 2008-02-02 06:44 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Free Download Manager
2010-10-08 14:22 . 2010-09-21 23:13 112 ----a-w- c:\documents and settings\All Users\Application Data\ErxxGM.dat
2010-10-08 00:00 . 2008-09-14 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-10-05 03:02 . 2008-09-11 06:07 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Webroot
2010-10-04 23:20 . 2006-09-22 06:11 -------- d-----w- c:\program files\a-squared Free
2010-10-04 11:10 . 2006-11-04 18:18 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Azetg
2010-09-22 16:14 . 2009-08-26 12:30 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Beit
2010-09-21 18:51 . 2010-04-13 00:57 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Windows Desktop Search
2010-09-15 10:08 . 2009-05-02 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-24 17:20 . 2007-08-09 21:38 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\U3
2010-08-17 13:17 . 2005-11-05 00:53 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 18:02 . 2007-04-20 03:35 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\AdobeUM
2010-08-11 02:24 . 2010-08-11 02:24 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Windows Search
2010-07-22 15:49 . 2005-11-05 00:53 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 03:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.
CODE
<pre>
c:\program files\IObit\Advanced SystemCare 3\AWC .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-21 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-11-10 15473664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]
"NDSTray.exe"="NDSTray.exe" [N/A]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-19 188416]
"AGRSMMSG"="c:\windows\AGRSMMSG.exe" [2005-10-15 88203]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"TFncKy"="TFncKy.exe" [N/A]
"TPSMain"="c:\windows\system32\TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-07-11 311296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [7/18/2007 10:08 PM 1858144]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/9/2009 1:02 AM 135664]
S3 mvb35316;mvb35316; [x]
S3 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe --> c:\program files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe [?]
S3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19H2k.sys --> c:\windows\system32\DRIVERS\USA19H2k.sys [?]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\DRIVERS\USA19H2kp.SYS --> c:\windows\system32\DRIVERS\USA19H2kp.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-04 04:45]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 08:02]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 08:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: motive.com\patttbc.att
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
FF - ProfilePath - c:\documents and settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101058100&s=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-08 10:08:45
ComboFix-quarantined-files.txt 2010-10-08 17:08

Pre-Run: 60,589,228,032 bytes free
Post-Run: 60,799,066,112 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 25CBDE3CBE1A05F4EAC83FFF48D5B4BB




Again... thanks for all the help.... I have attached a new GMER log names attach.zip again, since I tried some things on my own....




Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 09 October 2010 - 12:30 PM

Okay, tgrisko. Please only run the tools I ask for. You are infected with a rootkit and a file infector so we don't want anything else running as this will make the problem worse.

Please run Combofix again, as below:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

CODE
RenV::
c:\program files\IObit\Advanced SystemCare 3\AWC .exe
c:\program files\TOSHIBA\TOSCDSPD\toscdspd .exe
c:\program files\Zone Labs\ZoneAlarm\zlclient .exe


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 tgrisko

tgrisko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 09 October 2010 - 12:43 PM

Took alot les time this time.....

ComboFix 10-10-09.01 - Barbara Albiniano 10/08/2010 10:35:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1415 [GMT -7:00]
Running from: c:\documents and settings\Barbara Albiniano\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Barbara Albiniano\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.

((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 17:03 . 2008-04-13 18:57 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-10-08 17:03 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-10-06 03:12 . 2010-10-06 03:12 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Uniblue
2010-10-06 02:32 . 2010-09-07 01:51 268640 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\setup.exe
2010-10-06 02:32 . 2010-05-11 14:35 865280 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\htmlayout.dll
2010-10-06 02:32 . 2010-09-21 18:53 3142496 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\avgmfapx.exe
2010-10-06 02:32 . 2010-09-17 03:10 675168 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\avgmfarx.dll
2010-10-06 02:32 . 2010-09-09 23:45 237408 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe
2010-10-06 02:32 . 2010-09-07 01:50 282464 ----a-w- c:\documents and settings\All Users\Application Data\MFAData\pack\avgntdumpx.exe
2010-10-06 01:37 . 2010-10-06 01:37 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\IObit
2010-10-06 01:37 . 2010-10-06 01:37 -------- d-----w- c:\program files\IObit
2010-10-06 01:11 . 2010-10-06 01:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-06 01:00 . 2010-10-06 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-06 00:51 . 2010-10-06 00:51 -------- d-----w- c:\program files\AVG
2010-10-06 00:43 . 2010-10-06 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-05 01:10 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 01:09 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 05:25 . 2010-10-01 05:25 63488 ----a-w- c:\documents and settings\Barbara Albiniano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-01 05:25 . 2010-10-01 05:25 52224 ----a-w- c:\documents and settings\Barbara Albiniano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-01 05:25 . 2010-10-01 05:25 117760 ----a-w- c:\documents and settings\Barbara Albiniano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-01 05:25 . 2010-10-01 05:25 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\SUPERAntiSpyware.com
2010-10-01 05:25 . 2010-10-01 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-01 00:18 . 2010-10-01 00:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-30 19:46 . 2010-10-05 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 19:44 . 2010-09-30 19:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-30 12:11 . 2010-09-30 12:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-30 12:11 . 2010-09-30 12:11 -------- d-----w- c:\program files\Trend Micro
2010-09-21 16:40 . 2010-10-04 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-21 15:23 . 2010-09-21 15:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-09-21 15:22 . 2010-09-21 15:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 17:04 . 2009-09-11 08:03 -------- d-----w- c:\program files\QuickTime
2010-10-08 17:04 . 2008-02-02 06:44 -------- d-----w- c:\program files\Free Download Manager
2010-10-08 17:04 . 2007-08-09 22:02 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-10-08 17:04 . 2005-11-30 23:16 -------- d-----w- c:\program files\ltmoh
2010-10-08 17:04 . 2010-03-04 00:31 -------- d-----w- c:\program files\ATT-SST
2010-10-08 17:04 . 2006-06-23 02:10 -------- d-----w- c:\program files\Atheros
2010-10-08 16:51 . 2008-02-02 06:44 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Free Download Manager
2010-10-08 14:22 . 2010-09-21 23:13 112 ----a-w- c:\documents and settings\All Users\Application Data\ErxxGM.dat
2010-10-08 00:00 . 2008-09-14 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-10-05 03:02 . 2008-09-11 06:07 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Webroot
2010-10-04 23:20 . 2006-09-22 06:11 -------- d-----w- c:\program files\a-squared Free
2010-10-04 11:10 . 2006-11-04 18:18 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Azetg
2010-09-22 16:14 . 2009-08-26 12:30 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Beit
2010-09-21 18:51 . 2010-04-13 00:57 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Windows Desktop Search
2010-09-15 10:08 . 2009-05-02 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-24 17:20 . 2007-08-09 21:38 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\U3
2010-08-17 13:17 . 2005-11-05 00:53 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 18:02 . 2007-04-20 03:35 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\AdobeUM
2010-08-11 02:24 . 2010-08-11 02:24 -------- d-----w- c:\documents and settings\Barbara Albiniano\Application Data\Windows Search
2010-07-22 15:49 . 2005-11-05 00:53 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 03:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-21 2474031]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-11-10 15473664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-19 188416]
"AGRSMMSG"="c:\windows\AGRSMMSG.exe" [2005-10-15 88203]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="c:\windows\system32\TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-07-11 311296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [7/18/2007 10:08 PM 1858144]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/9/2009 1:02 AM 135664]
S3 mvb35316;mvb35316; [x]
S3 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe --> c:\program files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe [?]
S3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19H2k.sys --> c:\windows\system32\DRIVERS\USA19H2k.sys [?]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\DRIVERS\USA19H2kp.SYS --> c:\windows\system32\DRIVERS\USA19H2kp.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-04 04:45]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 08:02]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 08:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: motive.com\patttbc.att
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
FF - ProfilePath - c:\documents and settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://search.search-tab.com/?sid=10101058100&s=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-08 10:41:30
ComboFix-quarantined-files.txt 2010-10-08 17:41
ComboFix2.txt 2010-10-08 17:08

Pre-Run: 60,807,049,216 bytes free
Post-Run: 60,789,899,264 bytes free

- - End Of File - - EF8C34D7CF769AB0207CF741BE7F18E4


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 09 October 2010 - 04:12 PM

Yes, it was a quick run as we finally removed all traces of the file infector.

Please run ESET's online scanner next
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#9 tgrisko

tgrisko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 09 October 2010 - 05:32 PM

ok... over 500 threats found..... here is the log: Seems like alot were in Quarantine from the Combofix run...

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\XG03mHGo.exe.vir a variant of Win32/Kryptik.HFN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Atheros\ACU.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ATT-SST\McciTrayApp.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Free Download Manager\fdm.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ltmoh\Ltmoh.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Microsoft IntelliPoint\ipoint.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Microsoft Office\Office12\GrooveMonitor.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Synaptics\SynTP\SynTPEnh.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Synaptics\SynTP\SynTPLpr.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\TOSHIBA\Touch and Launch\PadExe.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\TOSHIBA\Tvs\TvsTray.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Media Player\WMPNSCFG.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\TOSHIBA\IVP\ISM\pinger.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\AGRSMMSG.exe.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\ALCMTR.EXE.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\RTHDCPL.EXE.vir Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\tcpip.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP851\A0151164.com Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP851\A0152180.exe Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP851\A0154276.exe a variant of Win32/Kryptik.GYN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP852\A0155297.exe Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP852\A0159308.exe a variant of Win32/Kryptik.HFL trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160296.exe a variant of Win32/Kryptik.HFL trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160307.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160326.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160333.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160334.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160336.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160337.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160338.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160339.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160340.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160341.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160342.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160343.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160344.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160345.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160346.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160347.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160348.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160349.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160350.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160351.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160352.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160353.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160354.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160355.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160357.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160358.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160359.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160360.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160361.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160362.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160363.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160369.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160397.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160400.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160401.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160411.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160412.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160413.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160475.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160478.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160479.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160480.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160481.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160482.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160483.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160484.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0160485.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0163498.exe a variant of Win32/Kryptik.HFL trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0165510.exe a variant of Win32/Kryptik.HFL trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168522.dll Win32/Wimpixo.AA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168547.exe a variant of Win32/Kryptik.HFL trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0170765.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0171841.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0173927.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0173940.exe a variant of Win32/Kryptik.HFL trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP857\A0176973.exe a variant of Win32/Kryptik.HFN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP861\A0179980.exe a variant of Win32/Kryptik.HFN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP861\A0183063.exe a variant of Win32/Kryptik.HFN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186424.sys Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186532.exe a variant of Win32/Kryptik.HFN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186533.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186534.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186535.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186536.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186537.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186538.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186539.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186540.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186541.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186542.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186543.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186544.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186545.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186546.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186547.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186548.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186549.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186550.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186551.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186552.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186553.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186554.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186555.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186556.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186557.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186558.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186559.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186560.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186561.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186562.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186563.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186564.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186565.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186566.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186567.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186568.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186569.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186570.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186571.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186572.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186573.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186574.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186575.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186576.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186577.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186578.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186579.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186580.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186581.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186582.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186583.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186584.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186585.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186586.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186587.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186588.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186589.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186590.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186591.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186592.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186593.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186594.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186595.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186596.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186597.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186598.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186599.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186600.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186601.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186602.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186603.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186604.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186605.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186606.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186607.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186608.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186609.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186610.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186611.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186612.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186613.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186614.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186615.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186616.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186617.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186618.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186619.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186620.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186621.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186622.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186623.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186624.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186625.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186626.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186627.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186628.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186629.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186630.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186631.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186632.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186633.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186634.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186635.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186636.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186637.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186638.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186639.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186640.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186641.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186642.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186643.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186644.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186645.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186646.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186647.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186648.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186649.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186650.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186651.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186652.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186653.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186654.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186655.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186656.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186657.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186658.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186659.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186660.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186661.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186662.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186663.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186664.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186665.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186666.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186667.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186668.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186669.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186670.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186671.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186672.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186673.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186674.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186675.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186676.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186677.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186678.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186679.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186680.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186681.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186682.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186683.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186684.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186685.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186686.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186687.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186688.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186689.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186690.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186691.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186692.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186693.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186694.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186695.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186696.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186697.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186698.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186699.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186700.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186701.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186702.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186703.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186704.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186705.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186706.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186707.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186708.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186709.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186710.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186711.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186712.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186713.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186714.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186715.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186716.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186717.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186718.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186719.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186720.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186721.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186722.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186723.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186724.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186725.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186726.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186727.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186728.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186729.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186730.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186731.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186732.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186733.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186734.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186735.EXE Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186736.EXE Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186885.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP862\A0186886.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2BGXKFYA\default[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2BGXKFYA\default[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2BGXKFYA\default[3] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2BGXKFYA\dialog_alert[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2BGXKFYA\script[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\dialog_alert[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\dialog_attack[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\dialog_pay[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\dialog_pay[3] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\INSTALL[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\script[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\script[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\script[3] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2YGEZ1NV\uninstall[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO1MPXX6\default[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO1MPXX6\dialog_attack[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO1MPXX6\dialog_attack[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO1MPXX6\dialog_attack[3] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7HO5RW4\dialog_alert[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7HO5RW4\dialog_alert[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7HO5RW4\dialog_attack[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7HO5RW4\dialog_attack[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7HO5RW4\dialog_attack[4] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7HO5RW4\dialog_pay[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7HO5RW4\dialog_pay[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q7HO5RW4\dialog_pay[3] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 09 October 2010 - 06:19 PM

Correct. Plenty of quarantined files and a set of duplicate infected files (qttask). Nothing to worry about but let's check we have no lingering registry elements with a run of Superantispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#11 tgrisko

tgrisko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 09 October 2010 - 07:22 PM

Here is the scan log....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/08/2010 at 05:04 PM

Application Version : 4.44.1000

Core Rules Database Version : 5661
Trace Rules Database Version: 3473

Scan type : Complete Scan
Total Scan Time : 00:38:40

Memory items scanned : 420
Memory threats detected : 0
Registry items scanned : 7951
Registry threats detected : 2
File items scanned : 23349
File threats detected : 87

Trojan.Agent/Gen-FakeAlert
C:\PROGRA~1\MALWAR~1\WINLOGON.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe#Path
C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\WINLOGON.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@ads.xapads[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@collective-media[2].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@server.cpmstar[2].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@ad.yieldmanager[2].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@eas.apm.emediate[2].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@invitemedia[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@ads.pubmatic[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@adecn[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@adportmedia[2].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@media6degrees[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@eset.122.2o7[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@content.yieldmanager[3].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@adserver.adtechus[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@content.yieldmanager[2].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@media.adfrontiers[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@rotator.adjuggler[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@harrenmedianetwork[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Barbara Albiniano\Cookies\barbara_albiniano@edgeadx[1].txt
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uyl9s3ji.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uyl9s3ji.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uyl9s3ji.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uyl9s3ji.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uyl9s3ji.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uyl9s3ji.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uyl9s3ji.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
click.superpaysys.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.ehg-eset.hitbox.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
.eset.122.2o7.net [ C:\Documents and Settings\Barbara Albiniano\Application Data\Mozilla\Firefox\Profiles\g2hvt3c0.default\cookies.sqlite ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4N4GZY2R ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4N4GZY2R ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4N4GZY2R ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4N4GZY2R ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4N4GZY2R ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4N4GZY2R ]
serving-sys.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4N4GZY2R ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\89W5HVGD ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\89W5HVGD ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\89W5HVGD ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\89W5HVGD ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\89W5HVGD ]
stat.easydate.biz [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\89W5HVGD ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168569.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168570.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168571.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168572.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168573.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168574.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168575.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP853\A0168592.EXE


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 09 October 2010 - 07:39 PM

Did you remove everything found?

How is the PC running now?
Posted Image
m0le is a proud member of UNITE

#13 tgrisko

tgrisko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 09 October 2010 - 09:58 PM

Good morning m0le,

Seems to be doing alot better.... Can I try to install a firewall and antivirus proram now? It would not let me prior to doing all you asked me to do...
Can I delete all the quarantines now?


Thanks

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 10 October 2010 - 03:01 AM

Yes, go ahead and add the antivirus. As the PC is clean we can clear up our mess. The OTC progam should help you remove much of the tools we have been using - the rest can be manually deleted.

As I said before...

You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#15 tgrisko

tgrisko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 10 October 2010 - 10:58 AM

m0le,

You are a life-saver! Everything seems to be operational and functioning faster than ever... even though its not my machine... its much faster and virus -free.

You have provided a great service to me and many others... I know you all are overwhelmed with work.... people need to be patient and understanding of the time it takes and the workload you all have.

Thanks again and if I ever have another problem to fix.... I know EXACTLY where to get my help....

You all ROCK!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users