Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Super Infected Computer


  • This topic is locked This topic is locked
18 replies to this topic

#1 Matthew.

Matthew.

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 12 October 2006 - 04:47 PM

I have no idea what happened to my computer. I remember that these annoying viruses and malware started showing up after I visited some game forum to check up on some tips. First, it secretly installed 'Brave Sentry' on my computer. When I had noticed, Brave Sentry had an uninstaller so I uninstalled it. But most likely, that will not do the trick. After that, when I checked my task manager due to unsuspected lagged, so many different procoesses were running that appeared out of nowhere. What the heck?! Wowzors!

Anyways, here is a HijackThis log of my computer.
Thanks in advance for helping me with this problem, I really appreciate it. This is my first time posting on this forum as well. I have been here many times reading about other peoples problem that were similiar to mine and it helped but this time is just too overwhelming.

EDIT: Oh yeah, sorry for not posting this ahead of time. I have just read the rules and one of the rules mention to try out possible solutions before posting. SOO!!! Of course, I have tried SmitRem while running in Safe Mode, I have scanned with Ewido Software but the same adwares/malware files keep reappearing and there is one that cannot be deleted which is called 'downloader.agent.uj' I have scanned with Ad-aware SE personal, Spybot S&D, and possible tried manual removal. Alrightty, hoped that cleared up some blanks. =]

Logfile of HijackThis v1.99.1
Scan saved at 5:38:06 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\xpupdate.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Matthew\LOCALS~1\Temp\15261\gm.exe
C:\Documents and Settings\Matthew\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {113EB69F-E3B6-C9B0-E6BC-009E557DDAFF} - C:\WINDOWS\system32\cashpk.dll
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [xgmqxifA] C:\WINDOWS\xgmqxifA.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wrkkcr.exe reg_run
O4 - HKLM\..\Run: [mmqyvhe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mmqyvhe.dll,tokitbg
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKLM\..\Run: [Explorer 2238] C:\WINDOWS\system32\dxvwlemy.exe
O4 - HKLM\..\Run: [ms] C:\DOCUME~1\Matthew\LOCALS~1\Temp\15261\gm.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [qorw] C:\PROGRA~1\COMMON~1\qorw\qorwm.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [Warez] "C:\Documents and Settings\Matthew\My Documents\warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E6FABD7-E52C-4697-85B9-1E8A5F795806}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9222AA-7698-4ECC-B6E5-92708E9CA92A}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{682B5FDA-1C75-4735-86A3-5CE220CB63D1}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F544109-AEAC-452A-B59A-53D4571B91BE}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FCF8587-E7E2-46F2-A747-1348878AA555}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{91326F6F-BBC5-492F-A7F9-375DD8908A68}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC7CA293-85D6-4385-9C74-7C8383E271A9}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{B380EA32-07AC-4E5E-A93E-643F95495A78}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{B775719D-0924-445F-AD0F-D1A58792300B}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB44891B-0E36-464E-B812-92DEDAABDC14}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1CBB263-4CE8-4ABD-8C76-C899077D9D84}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E6FABD7-E52C-4697-85B9-1E8A5F795806}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dllhost.dll
O20 - Winlogon Notify: emldvc - emldvc.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O21 - SSODL: kFyIUwON - {5C131492-F6B9-BE38-5D5C-03C4779F8D1B} - C:\WINDOWS\system32\pz.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\ztvu.dll
O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\system32\dxvwlemy.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Edited by Matthew., 12 October 2006 - 04:55 PM.


BC AdBot (Login to Remove)

 


#2 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 October 2006 - 11:12 AM

Welcome Matthew.! :thumbsup:

I will be helping you under the guidance of one of our expert coaches.

Please give me a little time to get back to you with instructions.

Thanks
Jamie
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#3 Matthew.

Matthew.
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 14 October 2006 - 11:21 AM

Hurray!!! Hi there, jamielaw. WOOT! I didn't mind waiting but I have been very anxious for a reply ever since I posted this. Thank you very much for the time and help.
Omg, omg! I'm saved!!! =]

Edited by Matthew., 14 October 2006 - 11:22 AM.


#4 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 14 October 2006 - 01:06 PM

Hey Matthew.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

NewDotNet

This is an optional fix! But I recommend you get rid of it.

Although NewDotNet does not claim to be spyware, it has been associated with computer instability in certain situations. Both SaveNow and NewDotNet have been linked for computer instability according to the MS Knowledge Base Article 302463.

For more information, please see the following:
What is SaveNow and/or New.Net?
Foistware: New Net, Inc. (NewDotNet) DLL

I recommend that you remove NewDotNet unless you deliberately installed it.

Please can you download LSP-Fix. Do not run this tool! You must only run this tool if you cannot connect to the Internet after removing NewDotNet. This should then repair your internet connection again.

Please go to add/remove programs and uninstall NewdotNet/New.Net. If you don't have that option or if you have difficulties then please follow the instructions on this site(Procedure 4).

Firewall:

Please download one of these free firewalls and install it, either ZoneAlarm or OutPost

Antivirus:

Please download one of these free antiviruses and install it, either AVG or Avast

Wareout:

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Please post the contents of this text file (C:\fixwareout\report.txt) in your next reply.

Qoologic:

Please download Qoofix by RubbeR DuckY from one of the following locations:

http://www.malwarebytes.org/Qoofix.zip or
http://www.besttechie.net/tools/Qoofix.zip
  • Unzip all files to a convenient location such as C:\Qoofix.
  • Go to the folder you unzipped all files and run Qoofix.exe.
  • Click Begin Removal and wait for the scan to finish.
  • If an infection has been found, select yes to restart your computer.
  • Post the contents of the Qoofix file in your next reply.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Kaspersky Online Scanner
Go to http://www.kaspersky.com/virusscanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post with another HJT log.

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#5 Matthew.

Matthew.
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 14 October 2006 - 02:25 PM

Hey, thank you so much for your help jamielaw. Sorry for not replying earlier as I had to go out to eat. I really appreciate your help. So far, everything is going according to plan as I have accomplished the first few steps. THANK YOU SO MUCH. I can't find the right words to express my gratitude right now other than to say thanks so much. You ROX!!!

I will repost another HJT log once everything is finished. I might get back to you tomorrow since I got other business to take care of at the moment. Sorry for the wait.

-Matthew.

Edited by Matthew., 14 October 2006 - 02:27 PM.


#6 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 15 October 2006 - 04:31 AM

Your welcome! :thumbsup:

I'll keep monitoring the thread so just reply when you can. Make sure you include all the relevant logs in your next post - you may need several posts to fit them all in.

Good luck!
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#7 Matthew.

Matthew.
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 15 October 2006 - 08:46 AM

Good morning, jamielaw. So far, everything has worked out perfectly except for the last step, which was to click on the click to 'Kaspersky Online Scanner.' Unfortunately, the link does not work for me but I have tried searching google for the Kaspersky Online Scanner as well. Should i use the scanner from this site?

http://usa.kaspersky.com/services/free-virus-scanner.php

Sorry for the inconvenience.

Once again, thank you so much for your help! Also, here are the logs from the last scans and fixes with the exception of a Qoofix log as nothing was to be found infected.

Fix Wareout Report

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ED54737D4E02-72FA-EFC4-1F10-8B0878EC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9725C210720-FC1B-B154-266E-BFA80AC8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FB8C533806E6-C059-0E34-C0AD-6E7D9D76{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B989C1143A8C-8858-03C4-AF03-3DE720CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DACE6FBA0378-B329-44B4-C497-5B4E9172{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C234C13A282E-9A29-C264-D51E-D9509F44{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9EC4CFFC31DB-6039-63E4-386D-3FEC04F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\17
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\vtgmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmgtv.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...
* csr.exe C:\WINDOWS\System32\CSODN.EXE

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSODN.EXE 51,257 2006-08-17
C:\WINDOWS\SYSTEM32\DMGTV.EXE 61,991 2004-08-04

Other suspects.
Directory of C:\WINDOWS\system32
{44F9059D-E15D-462C-92A9-E282A31C432C}.exe
{2719E4B5-794C-4B44-923B-8730ABF6ECAD}.exe
{AC027ED3-30FA-4C30-8588-C8A3411C989B}.exe
{67D9D7E6-DA0C-43E0-950C-6E608335C8BF}.exe
{8CA08AFB-E662-451B-B1CF-027012C5279D}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.






Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 9:43:46 AM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dxvwlemy.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Matthew\My Documents\warez\Warez.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matthew\My Documents\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {113EB69F-E3B6-C9B0-E6BC-009E557DDAFF} - C:\WINDOWS\system32\cashpk.dll
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [xgmqxifA] C:\WINDOWS\xgmqxifA.exe
O4 - HKLM\..\Run: [mmqyvhe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mmqyvhe.dll,tokitbg
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKLM\..\Run: [Explorer 2238] C:\WINDOWS\system32\dxvwlemy.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [qorw] C:\PROGRA~1\COMMON~1\qorw\qorwm.exe
O4 - HKCU\..\Run: [Warez] "C:\Documents and Settings\Matthew\My Documents\warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E6FABD7-E52C-4697-85B9-1E8A5F795806}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9222AA-7698-4ECC-B6E5-92708E9CA92A}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{682B5FDA-1C75-4735-86A3-5CE220CB63D1}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F544109-AEAC-452A-B59A-53D4571B91BE}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FCF8587-E7E2-46F2-A747-1348878AA555}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{91326F6F-BBC5-492F-A7F9-375DD8908A68}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC7CA293-85D6-4385-9C74-7C8383E271A9}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{B380EA32-07AC-4E5E-A93E-643F95495A78}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{B775719D-0924-445F-AD0F-D1A58792300B}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB44891B-0E36-464E-B812-92DEDAABDC14}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1CBB263-4CE8-4ABD-8C76-C899077D9D84}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E6FABD7-E52C-4697-85B9-1E8A5F795806}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dllhost.dll
O20 - Winlogon Notify: emldvc - emldvc.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O21 - SSODL: kFyIUwON - {5C131492-F6B9-BE38-5D5C-03C4779F8D1B} - C:\WINDOWS\system32\pz.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\ztvu.dll
O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\system32\dxvwlemy.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Edited by Matthew., 15 October 2006 - 08:50 AM.


#8 Matthew.

Matthew.
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 15 October 2006 - 12:06 PM

Wow, also, I am now on my other computer because the internet on the infected computer does not work anymore for some apparent reason. nooo!!!!

EDIT: Nvm, I restarted my computer and the internet is working again. As well, the scanner from the site I mentioned above brings me to a "Cannot find page."
I also believe that Brave Sentry is still there. My haste actions was to blame. I think Brave Sentry is still there because ewido's scans keep detecting Brave Sentry, yet I still cannot locate it anywhere after I have deleted it from my C: drive and reg keys.

Edited by Matthew., 15 October 2006 - 02:18 PM.


#9 Matthew.

Matthew.
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 15 October 2006 - 03:23 PM

Just to make sure, was I supposed to scan the computer with the AVG after I installed it? Because ever since then, I have only installed it and it has detected a lot of threats that got healed.
Hurray! At least some of the threats are gone!

#10 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 15 October 2006 - 03:27 PM

Yes feel free to run a full system scan with AVG. Make sure to clean everything it finds.

Please could you use your link to the Kaspersky log and follow the instructions I gave earlier. Then post the log back in this thread.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#11 Matthew.

Matthew.
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 15 October 2006 - 03:43 PM

Hi again, jamielaw. Sorry for the inconvenience but for some strange reason, the link you provide as well as the link that I have set aside for an alternative does not work as well. Whenever I click on the link you provided, it brings me to a "Page Cannot Be Displayed" message but on my other computer, the link works perfectly fine. Also, I can get into alternative link but when I click on the online virus scanner, it too brings me to a "Page Cannot Be Displayed" message.

I have no idea why.

#12 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 15 October 2006 - 03:44 PM

Hey Matthew.

Make sure to run ATF-Cleaner prior to these instructions.

Dr.Web CureIt

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Reboot your computer in safe mode by pressing F8 continually whilst your computer starts up.
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#13 Matthew.

Matthew.
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 15 October 2006 - 05:02 PM

Sorry for such the long wait, jamielaw. I didn't expect it to take so long for the scan. Here is the log from DrWeb-CureIt. (HOLY!!! A whopping 368 trojans!)

dxvwlemy.exe;C:\WINDOWS\system32;Trojan.Spambot;Will be cured after reboot.;
ztvu.dll;C:\WINDOWS\system32;Trojan.Proxy.1087;Will be cured after reboot.;
NNuninstall.exe;C:\Documents and Settings\Matthew\Desktop;Adware.NewDotNet;Moved.;
A0056145.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056151.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056157.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056167.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056171.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056176.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056178.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056184.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056190.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056197.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056201.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056207.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056212.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0056219.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0057212.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0057219.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0057252.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0057258.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0057292.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0057299.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP100;Trojan.DnsChange;Deleted.;
A0057310.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057317.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057321.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057327.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057336.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057339.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057344.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057346.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057351.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP101;Trojan.DnsChange;Deleted.;
A0057365.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057372.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057376.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057383.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057387.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057393.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057400.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057407.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057411.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057418.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057423.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057429.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057435.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057442.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057445.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057450.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP102;Trojan.DnsChange;Deleted.;
A0057453.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057459.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057463.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057470.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057472.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057478.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057510.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057517.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057548.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057554.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057587.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057594.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057625.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057630.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057638.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057644.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057647.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057653.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057685.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057692.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057723.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057729.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057765.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057771.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057838.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057842.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057852.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057856.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057868.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057872.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057875.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057880.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057942.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057945.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057949.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057955.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057986.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057990.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0057994.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058000.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058030.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058035.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058065.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058071.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058100.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058104.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058135.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058139.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP103;Trojan.DnsChange;Deleted.;
A0058142.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058148.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058152.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058156.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058187.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058193.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058195.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058200.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058210.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058216.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058261.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058266.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058300.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058306.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP104;Trojan.DnsChange;Deleted.;
A0058345.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058351.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058356.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058362.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058365.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058370.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058374.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058378.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058384.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058389.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058396.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058402.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058406.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058410.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058413.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058417.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058420.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058425.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058429.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058433.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058442.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058447.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP105;Trojan.DnsChange;Deleted.;
A0058487.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058492.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058497.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058501.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058508.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058514.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058545.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058550.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058559.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058564.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058568.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058573.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058604.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058609.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058639.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058644.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058647.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058651.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058655.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058660.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058690.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058695.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058725.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058730.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058760.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058765.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058768.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058772.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058803.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058808.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058844.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058848.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058853.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058857.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058860.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058864.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058869.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058876.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058878.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058884.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058887.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058892.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058895.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058899.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058931.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058935.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058940.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058946.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP106;Trojan.DnsChange;Deleted.;
A0058956.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0058960.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0058965.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0058970.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0058973.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0058977.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0058983.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0058989.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059018.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059024.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059061.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059064.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.Fakealert;Deleted.;
A0059066.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059070.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059075.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059081.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059086.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Tool.Prockill;Moved.;
A0059088.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Tool.ShutDown.11;Moved.;
A0059096.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059101.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059147.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059152.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059182.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059187.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059191.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059196.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059226.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059232.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059261.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059267.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059296.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059302.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP107;Trojan.DnsChange;Deleted.;
A0059343.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP108;Trojan.DnsChange;Deleted.;
A0059347.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP108;Trojan.DnsChange;Deleted.;
A0059353.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP108;Trojan.DnsChange;Deleted.;
A0059357.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP108;Trojan.DnsChange;Deleted.;
A0059372.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0059376.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060372.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060377.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060394.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060401.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060410.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060416.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060422.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060428.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060441.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0060447.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP109;Trojan.DnsChange;Deleted.;
A0061441.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061445.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061450.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061455.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061465.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061467.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061472.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061476.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061483.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061488.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061505.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061509.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061512.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061522.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061526.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061528.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0061628.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.9540;Deleted.;
A0061630.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.6332;Deleted.;
A0061631.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061636.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061640.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061644.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061647.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0061649.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061668.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061673.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061674.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0061700.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Tool.Prockill;Moved.;
A0061708.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061712.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061714.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0061716.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061721.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061723.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0061725.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061730.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061735.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061740.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061744.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061749.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061753.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061758.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0061766.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0061767.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0062753.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0062758.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0062760.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0062765.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0062771.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0062773.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0062775.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0062780.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0062781.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0063775.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0063782.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0063783.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0063799.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0063800.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Fakealert;Deleted.;
A0063802.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Fakealert;Deleted.;
A0063803.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.12453;Deleted.;
A0063804.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.10841;Deleted.;
A0063805.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.10842;Deleted.;
A0063807.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Fakealert;Deleted.;
A0063808.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0063809.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Proxy.899;Deleted.;
A0063811.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.13046;Deleted.;
A0063812.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.13914;Deleted.;
A0063813.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.11981;Deleted.;
A0063814.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.12041;Deleted.;
A0063815.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.6811;Deleted.;
A0063816.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.9540;Deleted.;
A0063817.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Spambot;Deleted.;
A0063819.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.MulDrop.4324;Deleted.;
A0063820.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DnsChange;Deleted.;
A0063822.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.Click.526;Deleted.;
A0063823.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Trojan.DownLoader.10747;Deleted.;
A0063824.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP110;Adware.NewDotNet;Moved.;
A0063892.dll;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP111;Adware.Spysheriff;Moved.;
A0063921.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP111;Dialer.Member;Deleted.;
A0063922.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP111;Trojan.Fakealert;Deleted.;
A0065847.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP111;Trojan.DnsChange;Deleted.;
A0016501.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP80;Win32.HLLW.MyBot.based;Deleted.;
A0054208.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP93;Trojan.DnsChange;Deleted.;
A0054213.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP93;Trojan.DnsChange;Deleted.;
A0054226.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP93;Trojan.DnsChange;Deleted.;
A0054231.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP93;Trojan.DnsChange;Deleted.;
A0054262.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054268.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054297.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054303.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054332.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054337.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054339.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054345.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054375.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054381.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP94;Trojan.DnsChange;Deleted.;
A0054416.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP95;Trojan.DnsChange;Deleted.;
A0054422.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP95;Trojan.DnsChange;Deleted.;
A0054453.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP95;Trojan.DnsChange;Deleted.;
A0054459.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP95;Trojan.DnsChange;Deleted.;
A0054490.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP96;Trojan.DnsChange;Deleted.;
A0054495.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP96;Trojan.DnsChange;Deleted.;
A0054526.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP96;Trojan.DnsChange;Deleted.;
A0054532.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP96;Trojan.DnsChange;Deleted.;
A0054562.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054568.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054572.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054577.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054579.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054584.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054586.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054592.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054594.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054600.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP97;Trojan.DnsChange;Deleted.;
A0054630.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP98;Trojan.DnsChange;Deleted.;
A0054636.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP98;Trojan.DnsChange;Deleted.;
A0054685.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP98;Trojan.DnsChange;Deleted.;
A0054691.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP98;Trojan.DnsChange;Deleted.;
A0054732.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0054737.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0054769.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0054776.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0054805.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0054812.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0054845.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055845.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055850.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055852.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055858.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055891.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055896.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055898.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055904.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055934.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055940.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055977.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
A0055984.exe;C:\System Volume Information\_restore{E5C565C3-DC04-4EBF-BCF1-0C73E4DD1AA9}\RP99;Trojan.DnsChange;Deleted.;
dmgtv.exe;C:\WINDOWS\system32;Trojan.DnsChange;Deleted.;
dxvwlemy.exe;C:\WINDOWS\system32;Trojan.Spambot;Will be cured after reboot.;

#14 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 17 October 2006 - 02:06 PM

Sorry for the delay I didn't receive the e-mail notification. Please could you post a fresh Hijackthis log.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#15 Matthew.

Matthew.
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maple, Ontario
  • Local time:11:43 AM

Posted 18 October 2006 - 10:35 AM

Okay, no problem. Sorry about my slow response as well, I am currently attending school so my responses will come later during the days from Monday to Friday.

Logfile of HijackThis v1.99.1
Scan saved at 11:31:54 AM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Matthew\My Documents\crimson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {113EB69F-E3B6-C9B0-E6BC-009E557DDAFF} - C:\WINDOWS\system32\cashpk.dll
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [xgmqxifA] C:\WINDOWS\xgmqxifA.exe
O4 - HKLM\..\Run: [mmqyvhe.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mmqyvhe.dll,tokitbg
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [qorw] C:\PROGRA~1\COMMON~1\qorw\qorwm.exe
O4 - HKCU\..\Run: [Warez] "C:\Documents and Settings\Matthew\My Documents\warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E6FABD7-E52C-4697-85B9-1E8A5F795806}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9222AA-7698-4ECC-B6E5-92708E9CA92A}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{682B5FDA-1C75-4735-86A3-5CE220CB63D1}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F544109-AEAC-452A-B59A-53D4571B91BE}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FCF8587-E7E2-46F2-A747-1348878AA555}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{91326F6F-BBC5-492F-A7F9-375DD8908A68}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC7CA293-85D6-4385-9C74-7C8383E271A9}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{B380EA32-07AC-4E5E-A93E-643F95495A78}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{B775719D-0924-445F-AD0F-D1A58792300B}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB44891B-0E36-464E-B812-92DEDAABDC14}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1CBB263-4CE8-4ABD-8C76-C899077D9D84}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E6FABD7-E52C-4697-85B9-1E8A5F795806}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dllhost.dll
O20 - Winlogon Notify: emldvc - emldvc.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O21 - SSODL: kFyIUwON - {5C131492-F6B9-BE38-5D5C-03C4779F8D1B} - C:\WINDOWS\system32\pz.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\ztvu.dll (file missing)
O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\system32\dxvwlemy.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users