Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clickspring.purityscan


  • This topic is locked This topic is locked
18 replies to this topic

#1 Zyrael

Zyrael

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 31 January 2007 - 07:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:21:53 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WNSXS~1\winlogon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\gaim\gaim.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\test\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {8C793958-D0E1-F03C-9E49-F6BADD4046E7} - C:\WINDOWS\system32\ubx.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ykmxfxwf.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Crvoaj] C:\WINDOWS\?ssembly\wucrtupd.exe
O4 - HKCU\..\Run: [Stai] "C:\WINDOWS\system32\WNSXS~1\winlogon.exe" -vt ndrv
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)

BC AdBot (Login to Remove)

 


#2 Zyrael

Zyrael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 31 January 2007 - 07:29 PM

Ive used Spybot many times to no effect. Ad-aware seems to do something for a few minutes, then the problem is back in full force within a half hour (if that long). Tried A-squared, no effect.

I would have just reinstalled my OS long ago and been done with it. But for reasons varied, i can't. I have to try to solve this without a reformat/reinstall. Unfortunately i am far out of my depth.

The problem has been around for atleast 2 months, probobly more like 3. any other questions that might help get this solved id be happy to answer.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:48 PM

Posted 31 January 2007 - 11:25 PM

Hello Zyrael,

I am SifuMike and I will be helping you. :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Do not proceed with the rest of the fix if you fail to run combofix
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Zyrael

Zyrael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 01 February 2007 - 01:18 AM

"test" - 07-02-01 0:10:24 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\test\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Outerinfo
C:\Program Files\VSAdd-in
C:\WINDOWS\system32\components
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\test
C:\qoobox\purity\DOCUME~1\test\Application Data
C:\qoobox\purity\DOCUME~1\test\My Documents
C:\qoobox\purity\DOCUME~1\test\Application Data\APPATC~1
C:\qoobox\purity\DOCUME~1\test\Application Data\ASEMBL~1
C:\qoobox\purity\DOCUME~1\test\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\test\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\test\Application Data\SMBOLS~1
C:\qoobox\purity\DOCUME~1\test\Application Data\STEM~1
C:\qoobox\purity\DOCUME~1\test\My Documents\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\test\My Documents\from.txt
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\FNTS~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\STEM~1
C:\qoobox\purity\Program Files\YSTEM~1
C:\qoobox\purity\Program Files\Common Files\SKS~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\WINDOWS\APPATC~1
C:\qoobox\purity\WINDOWS\RACLE~1
C:\qoobox\purity\WINDOWS\SSEMBL~1
C:\qoobox\purity\WINDOWS\SSTEM~1
C:\qoobox\purity\WINDOWS\YSTEM3~1
C:\qoobox\purity\WINDOWS\SSEMBL~1\wucrtupd.exe
C:\qoobox\purity\WINDOWS\system32\DOBE~1
C:\qoobox\purity\WINDOWS\system32\ICROSO~1
C:\qoobox\purity\WINDOWS\system32\ICROSO~1.NET
C:\qoobox\purity\WINDOWS\system32\MCROSO~1.NET
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\WNSXS~1\winlogon.exe
C:\qoobox\purity\WINDOWS\system32\WNSXS~1\WNSXS~1


((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))


2007-01-31 19:34 88,340 --a------ C:\WINDOWS\system32\ptcorqul.exe
2007-01-31 19:33 88,340 --a------ C:\WINDOWS\system32\odiwbrwa.exe
2007-01-31 17:24 88,340 --a------ C:\WINDOWS\system32\gyahlian.exe
2007-01-31 14:14 88,340 --a------ C:\WINDOWS\system32\aiuivvtg.exe
2007-01-31 03:58 88,340 --a------ C:\WINDOWS\system32\teooxady.exe
2007-01-31 01:40 88,340 --a------ C:\WINDOWS\system32\gawbdlat.exe
2007-01-31 01:40 60,416 --a------ C:\WINDOWS\system32\ubx.dll
2007-01-30 01:40 88,340 --a------ C:\WINDOWS\system32\ekelgqsf.exe
2007-01-30 00:26 88,340 --a------ C:\WINDOWS\system32\tfdhiaho.exe
2007-01-30 00:26 88,340 --a------ C:\WINDOWS\system32\avqkwjvy.exe
2007-01-30 00:26 44,165 --a------ C:\WINDOWS\system32\ckdojwvo.dll
2007-01-29 01:59 88,340 --a------ C:\WINDOWS\system32\pdcltwrw.exe
2007-01-28 19:44 88,340 --a------ C:\WINDOWS\system32\rpfqnfrt.exe
2007-01-28 04:27 88,340 --a------ C:\WINDOWS\system32\usagaatr.exe
2007-01-28 04:26 88,340 --a------ C:\WINDOWS\system32\edugnfaw.exe
2007-01-27 20:33 88,340 --a------ C:\WINDOWS\system32\ufmlwtjx.exe
2007-01-27 19:36 88,340 --a------ C:\WINDOWS\system32\prawwlqd.exe
2007-01-27 19:36 88,340 --a------ C:\WINDOWS\system32\pklsbaec.exe
2007-01-27 03:59 88,340 --a------ C:\WINDOWS\system32\cnunyfyf.exe
2007-01-26 03:59 88,340 --a------ C:\WINDOWS\system32\lkqvdbnt.exe
2007-01-25 02:41 88,340 --a------ C:\WINDOWS\system32\wdyltqcy.exe
2007-01-25 02:41 88,340 --a------ C:\WINDOWS\system32\dmudlruy.exe
2007-01-25 01:44 88,340 --a------ C:\WINDOWS\system32\retenvbb.exe
2007-01-25 01:34 88,340 --a------ C:\WINDOWS\system32\ssrbtrmh.exe
2007-01-25 00:31 88,340 --a------ C:\WINDOWS\system32\usklkwsx.exe
2007-01-24 21:10 76,412 --a------ C:\WINDOWS\system32\lmndibon.dll
2007-01-24 00:31 88,340 --a------ C:\WINDOWS\system32\pjxtvxwm.exe
2007-01-23 00:31 88,340 --a------ C:\WINDOWS\system32\rljhhwlp.exe
2007-01-23 00:30 88,340 --a------ C:\WINDOWS\system32\qjfadwfi.exe
2007-01-22 18:41 88,340 --a------ C:\WINDOWS\system32\wgjqqhup.exe
2007-01-21 18:41 88,340 --a------ C:\WINDOWS\system32\egemodci.exe
2007-01-21 17:01 88,340 --a------ C:\WINDOWS\system32\bilaqphw.exe
2007-01-20 17:01 88,340 --a------ C:\WINDOWS\system32\fifmqqqa.exe
2007-01-19 17:01 88,340 --a------ C:\WINDOWS\system32\wygwoqoh.exe
2007-01-19 17:01 88,340 --a------ C:\WINDOWS\system32\ctijmcok.exe
2007-01-19 17:00 88,340 --a------ C:\WINDOWS\system32\mjrfbnio.exe
2007-01-19 04:16 88,340 --a------ C:\WINDOWS\system32\xwrscmpe.exe
2007-01-19 04:16 88,340 --a------ C:\WINDOWS\system32\gtenjmcj.exe
2007-01-18 00:54 88,340 --a------ C:\WINDOWS\system32\tjkxfqpj.exe
2007-01-18 00:53 88,340 --a------ C:\WINDOWS\system32\vklbjucl.exe
2007-01-17 21:11 88,340 --a------ C:\WINDOWS\system32\uiwrusvy.exe
2007-01-17 21:11 76,412 --a------ C:\WINDOWS\system32\grutvgnd.dll
2007-01-16 21:11 88,340 --a------ C:\WINDOWS\system32\cvjctnde.exe
2007-01-15 21:49 88,340 --a------ C:\WINDOWS\system32\ugwrnxoj.exe
2007-01-15 20:17 <DIR> d-------- C:\DOCUME~1\test\Application Data\ąppPatch
2007-01-15 14:54 88,340 --a------ C:\WINDOWS\system32\jikdttja.exe
2007-01-15 14:54 81,684 --a------ C:\WINDOWS\system32\nqqdranc.dll
2007-01-14 14:53 88,340 --a------ C:\WINDOWS\system32\hliworvm.exe
2007-01-14 14:53 88,340 --a------ C:\WINDOWS\system32\agfonnuv.exe
2007-01-14 09:26 88,340 --a------ C:\WINDOWS\system32\yiqevnxe.exe
2007-01-14 09:24 88,340 --a------ C:\WINDOWS\system32\egeokhss.exe
2007-01-14 09:23 88,340 --a------ C:\WINDOWS\system32\vexgriop.exe
2007-01-13 15:23 88,340 --a------ C:\WINDOWS\system32\fpgliopr.exe
2007-01-13 10:12 88,340 --a------ C:\WINDOWS\system32\nnsusgsw.exe
2007-01-11 13:05 88,340 --a------ C:\WINDOWS\system32\mtualmkh.exe
2007-01-11 13:05 118,804 --a------ C:\WINDOWS\system32\ykmxfxwf.dll
2007-01-11 13:03 88,340 --a------ C:\WINDOWS\system32\htxkebxh.exe
2007-01-11 07:27 88,340 --a------ C:\WINDOWS\system32\smscuokq.exe
2007-01-11 07:27 81,684 --a------ C:\WINDOWS\system32\digvnhog.dll
2007-01-10 07:27 88,340 --a------ C:\WINDOWS\system32\fgspbkid.exe
2007-01-10 06:49 88,340 --a------ C:\WINDOWS\system32\tvutohsp.exe
2007-01-10 06:49 81,684 --a------ C:\WINDOWS\system32\oniunkbs.dll
2007-01-09 19:41 <DIR> d-------- C:\Program Files\Common Files\ądobe
2007-01-09 06:54 <DIR> d-------- C:\The Ur-Quan Masters
2007-01-09 06:29 <DIR> d-------- C:\DOCUME~1\test\Application Data\uqm
2007-01-09 01:07 88,340 --a------ C:\WINDOWS\system32\mpkdsdho.exe
2007-01-05 21:08 88,340 --a------ C:\WINDOWS\system32\nafdogmp.exe
2007-01-05 03:58 88,340 --a------ C:\WINDOWS\system32\olyamoso.exe
2007-01-05 03:57 88,340 --a------ C:\WINDOWS\system32\eakkodrs.exe
2007-01-04 19:02 88,340 --a------ C:\WINDOWS\system32\tvqrlrlk.exe
2007-01-04 18:53 2 --a------ C:\WINDOWS\system32\wnscpsv.exe
2007-01-04 17:52 88,340 --a------ C:\WINDOWS\system32\yxsfheiv.exe
2007-01-04 17:52 88,340 --a------ C:\WINDOWS\system32\ltlsqkdv.exe
2007-01-03 23:31 88,340 --a------ C:\WINDOWS\system32\rebbnppp.exe
2007-01-03 23:31 44,060 --a------ C:\WINDOWS\system32\wxrraswv.dll
2007-01-03 23:30 88,340 --a------ C:\WINDOWS\system32\kxyestkx.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-01 00:13 994834 ---hs---- C:\WINDOWS\system32\svvwa.ini2
2007-02-01 00:07 -------- d-------- C:\Program Files\mozilla firefox
2007-02-01 00:05 -------- d-------- C:\DOCUME~1\test\Application Data\.gaim
2007-01-31 19:34 1001953 ---hs---- C:\WINDOWS\system32\svvwa.bak2
2007-01-31 01:40 995628 ---hs---- C:\WINDOWS\system32\svvwa.bak1
2007-01-25 06:35 -------- d-------- C:\DOCUME~1\test\Application Data\dvdcss
2007-01-05 05:52 -------- d-------- C:\Program Files\windows live safety center
2006-12-23 00:33 81684 --a------ C:\WINDOWS\system32\indofskg.dll
2006-12-22 08:00 81684 --a------ C:\WINDOWS\system32\wjjdmvta.dll
2006-12-18 08:50 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-15 15:08 44052 --a------ C:\WINDOWS\system32\vfymtyqw.dll
2006-12-15 03:30 118804 --a------ C:\WINDOWS\system32\vxpbtxjm.dll
2006-12-10 18:18 90164 ---hs---- C:\WINDOWS\system32\jkkjh.dll
2006-12-08 01:38 -------- d---s---- C:\DOCUME~1\test\Application Data\microsoft
2006-12-07 22:59 -------- d-------- C:\Program Files\msbuild
2006-12-07 22:59 -------- d-------- C:\Program Files\microsoft works
2006-12-07 22:56 -------- d-------- C:\Program Files\microsoft.net
2006-12-07 22:56 -------- d-------- C:\Program Files\Common Files\odbc
2006-12-07 21:59 -------- d-------- C:\DOCUME~1\test\Application Data\opera
2006-12-07 21:57 -------- d-------- C:\DOCUME~1\test\Application Data\adobe
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-07 15:02 90164 ---hs---- C:\WINDOWS\system32\jkkjg.dll
2006-12-04 03:48 -------- d-------- C:\Program Files\windows defender
2006-12-04 02:10 40973 ---hs---- C:\WINDOWS\system32\ddcbbcd.dll
2006-12-03 18:53 274484 ---hs---- C:\WINDOWS\system32\awvvs.dll
2006-12-03 18:47 72704 --a------ C:\WINDOWS\system32\drvlec.dll
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Crvoaj"="C:\\WINDOWS\\?ssembly\\wucrtupd.exe"
"Stai"="\"C:\\WINDOWS\\system32\\WNSXS~1\\winlogon.exe\" -vt ndrv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"DAEMON Tools"="\"C:\\DAEMON Tools\\daemon.exe\" -lang 1033"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"GrooveMonitor"="\"C:\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\ykmxfxwf.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VIA RAID TOOL.lnk"
"backup"="C:\\WINDOWS\\pss\\VIA RAID TOOL.lnkCommon Startup"
"location"="Common Startup"
"item"="VIA RAID TOOL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"c:\\PROGRA~1\\Windows Live Safety Center\\Watson\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"c:\\PROGRA~1\\Windows Live Safety Center\\Watson\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbbcd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-02-01 0:14:32

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:48 PM

Posted 01 February 2007 - 01:30 AM

Hi Zyrael,

Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. :thumbsup:

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

**************

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the AVG Anti-Spyware 7.5 log, the [b]BitDefender
log and a fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:48 PM

Posted 01 February 2007 - 01:35 AM

Are you running an antivirus program? I am not seeing any :thumbsup:

This is somewhat suicidal in today's digital world.

You need to install an antivirus program as soon as you can and run a complete scan of the computer.
I recommend you download the free
AntiVir or
AVG antivirus or
Avast
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Edited by SifuMike, 01 February 2007 - 01:36 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Zyrael

Zyrael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 01 February 2007 - 01:44 AM

working on the above steps as we speak. I can tell you that no i dont run a persistant anti-virus program. Up untill the problem started id simply run a spybot scan every couple days. Nothing more.

Ive always hated things like norton, cause it seems to slow down ur pc more than help. But i guess i could give one of the ones u linked a try. any one in particular have a small digital signature?

i ask cause i play pc games, and any lag inducing program is a hinderance.

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:48 PM

Posted 01 February 2007 - 01:52 AM

i ask cause i play pc games, and any lag inducing program is a hinderance.


The dozens of viruses you have now will slow you computer far more than an antivirus program. :flowers:
You are infected with viruses now because you did not run an antivirus. :thumbsup:

I am supprised you are able to post. The viruses will slow your computer far more than an antivirus program. Take your pick of the three antivirus programs and run one of them. We cant go any further until you do that.

Edited by SifuMike, 01 February 2007 - 01:53 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Zyrael

Zyrael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 01 February 2007 - 02:34 AM

ok so ive run an antivir scan and i figured ud want the report so i saved it. here it is:





AntiVir PersonalEdition Classic
Report file date: Thursday, February 01, 2007 01:04

Scanning for 658863 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: test
Computer name: BONES

Version information:
BUILD.DAT : 217 12749 Bytes 12/5/2006 17:00:00
AVSCAN.EXE : 7.0.3.5 208936 Bytes 2/1/2007 07:00:15
AVSCAN.DLL : 7.0.3.1 35880 Bytes 12/5/2006 23:00:22
LUKE.DLL : 7.0.3.2 143400 Bytes 10/31/2006 23:07:46
LUKERES.DLL : 7.0.2.0 9256 Bytes 12/5/2006 23:00:22
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 5/31/2006 22:30:06
ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 1/12/2007 07:00:16
ANTIVIR2.VDF : 6.37.0.235 374784 Bytes 1/29/2007 07:00:16
ANTIVIR3.VDF : 6.37.1.8 56320 Bytes 1/31/2007 07:00:16
AVEWIN32.DLL : 7.3.1.33 2281984 Bytes 2/1/2007 07:00:17
AVPREF.DLL : 7.0.2.0 23592 Bytes 11/3/2006 17:53:44
AVREP.DLL : 6.37.1.1 1105960 Bytes 2/1/2007 07:00:16
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 3/30/2006 15:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 10/23/2006 22:21:31
AVREG.DLL : 7.0.1.2 30760 Bytes 2/1/2007 07:00:15
NETNT.DLL : No Information!
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 11/8/2006 19:26:26
RCTEXT.DLL : 7.0.12.1 77864 Bytes 12/5/2006 23:00:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, February 01, 2007 01:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'wscntfy.exe' - '1' Modules have been scanned
Scan process 'wuauclt.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'wmiprvse.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'reader_sl.exe' - '1' Modules have been scanned
Scan process 'iPodService.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'GrooveMonitor.exe' - '1' Modules have been scanned
Scan process 'MSASCui.exe' - '1' Modules have been scanned
Scan process 'iTunesHelper.exe' - '1' Modules have been scanned
Scan process 'qttask.exe' - '1' Modules have been scanned
Scan process 'daemon.exe' - '1' Modules have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Modules have been scanned
Scan process 'WMP54GSv1_1.exe' - '1' Modules have been scanned
Scan process 'WLService.exe' - '1' Modules have been scanned
Scan process 'nvsvc32.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'MsMpEng.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
35 processes with 35 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( 20 files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1\winlogon.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '462f94bf.qua'!
C:\WINDOWS\system32\agfonnuv.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\aiuivvtg.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\avqkwjvy.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\awvvs.dll
[DETECTION] Is the Trojan horse TR/Vundo.H.DLL
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\bilaqphw.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\ckdojwvo.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '462596ba.qua'!
C:\WINDOWS\system32\cnunyfyf.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\ctijmcok.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\cvjctnde.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\digvnhog.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.J
[INFO] The file was deleted!
C:\WINDOWS\system32\dmudlruy.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\eakkodrs.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\edugnfaw.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\egemodci.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\egeokhss.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\ekelgqsf.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\fgspbkid.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\fifmqqqa.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\fpgliopr.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\gawbdlat.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\grutvgnd.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was deleted!
C:\WINDOWS\system32\gtenjmcj.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\gyahlian.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\hliworvm.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\htxkebxh.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\indofskg.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.J
[INFO] The file was deleted!
C:\WINDOWS\system32\jikdttja.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\jkkjg.dll
[DETECTION] Is the Trojan horse TR/Spy.Agent.OZ.3
[INFO] The file was deleted!
C:\WINDOWS\system32\jkkjh.dll
[DETECTION] Is the Trojan horse TR/Spy.Agent.OZ.3
[INFO] The file was deleted!
C:\WINDOWS\system32\kxyestkx.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\lkqvdbnt.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\lmndibon.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was deleted!
C:\WINDOWS\system32\ltlsqkdv.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\mjrfbnio.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\mpkdsdho.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\mtualmkh.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\nafdogmp.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\nnsusgsw.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\nqqdranc.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.J
[INFO] The file was deleted!
C:\WINDOWS\system32\odiwbrwa.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\olyamoso.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\oniunkbs.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.J
[INFO] The file was deleted!
C:\WINDOWS\system32\pdcltwrw.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\pjxtvxwm.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\pklsbaec.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\prawwlqd.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\ptcorqul.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\qjfadwfi.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\rebbnppp.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\retenvbb.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\rljhhwlp.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\rpfqnfrt.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\smscuokq.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\ssrbtrmh.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\teooxady.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\tfdhiaho.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\tjkxfqpj.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\tvqrlrlk.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\tvutohsp.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\ufmlwtjx.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\ugwrnxoj.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\uiwrusvy.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\usagaatr.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\usklkwsx.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\vexgriop.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\vfymtyqw.dll
[DETECTION] Is the Trojan horse TR/Juan.B
[INFO] The file was deleted!
C:\WINDOWS\system32\vklbjucl.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\vxpbtxjm.dll
[DETECTION] Is the Trojan horse TR/Virtumod.DG
[INFO] The file was deleted!
C:\WINDOWS\system32\wdyltqcy.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\wgjqqhup.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\wjjdmvta.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.J
[INFO] The file was deleted!
C:\WINDOWS\system32\wxrraswv.dll
[DETECTION] Is the Trojan horse TR/Juan.D.2
[INFO] The file was deleted!
C:\WINDOWS\system32\wygwoqoh.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\xwrscmpe.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\yiqevnxe.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\yxsfheiv.exe
[DETECTION] Is the Trojan horse TR/Agent.ACL.1
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd1805.sys
[WARNING] The file could not be opened!


End of the scan: Thursday, February 01, 2007 01:29
Used time: 25:38 min

The scan has been done completely.

5196 Scanning directories
202400 Files were scanned
77 viruses and/or unwanted programs were found
74 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
202323 Files not concerned
1538 Archives were scanned
6 Warnings
34 Notes

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:48 PM

Posted 01 February 2007 - 11:10 AM

Looks like it caught many trojans. :thumbsup:
Let's see if there is any more malware.

See my previous instructions on how to run BitDefender online scan and AVG antispyware.

Be sure to run AVG antispyware in the Safe Mode.

Post both BitDefender online scan and AVG antispyware logs and a fresh Hijackthis log.

Edited by SifuMike, 01 February 2007 - 03:25 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Zyrael

Zyrael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 02 February 2007 - 07:05 AM

BitDefender Online Scanner







Scan report generated at: Fri, Feb 02, 2007 - 05:44:19









Scan path: C:\;D:\;E:\;















Statistics

Time


01:34:02

Files


370270

Folders


6029

Boot Sectors


2

Archives


1536

Packed Files


67422







Results

Identified Viruses


13

Infected Files


105

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


103







Engines Info

Virus Definitions


417888

Engine build


AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP142\A0025724.dll


Infected with: Trojan.FakeAlert.S

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP142\A0025724.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP142\A0025724.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028478.dll


Infected with: MemScan:Trojan.Agent.HT

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028478.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028478.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028494.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028494.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028494.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028496.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028496.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028496.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028511.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028511.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028511.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029598.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029598.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029598.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029599.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029599.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029599.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029600.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029600.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029600.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029601.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029601.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029601.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029602.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029602.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029602.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029603.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029603.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP194\A0029603.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP238\A0030522.dll


Infected with: Trojan.Juan.A

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP238\A0030522.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP238\A0030522.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP239\A0030535.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP239\A0030535.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP239\A0030535.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP241\A0030570.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP241\A0030570.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP241\A0030570.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP242\A0030575.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP242\A0030575.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP242\A0030575.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP244\A0030582.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP244\A0030582.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP244\A0030582.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP244\A0030597.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP244\A0030597.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP244\A0030597.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP245\A0030598.exe


Infected with: Trojan.Tasker.A

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP245\A0030598.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP245\A0030614.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP245\A0030614.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP245\A0030614.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP246\A0030627.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP246\A0030627.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP246\A0030627.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP247\A0031627.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP247\A0031627.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP247\A0031627.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP249\A0032635.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP249\A0032635.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP249\A0032635.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP250\A0032647.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP250\A0032647.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP250\A0032647.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP251\A0032661.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP251\A0032661.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP251\A0032661.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP253\A0032671.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP253\A0032671.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP253\A0032671.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP253\A0032686.dll


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP253\A0032686.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP253\A0032686.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032875.dll


Infected with: Trojan.Virtumod.DG

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032875.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032875.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032877.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032877.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032877.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032878.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032878.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032878.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032879.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032879.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032879.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032880.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032880.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032880.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032881.dll


Infected with: Trojan.Juan.E

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032881.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032881.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032882.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032882.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032882.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032883.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032883.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032883.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032884.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032884.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032884.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032885.dll


Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032885.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032885.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032886.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032886.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032886.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032887.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032887.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032887.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032888.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032888.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032888.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032889.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032889.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032889.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032890.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032890.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032890.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032891.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032891.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032891.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032892.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032892.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032892.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032893.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032893.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032893.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032894.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032894.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032894.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032895.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032895.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032895.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032896.dll


Infected with: MemScan:Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032896.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032896.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032897.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032897.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032897.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032898.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032898.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032898.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032899.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032899.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032899.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032900.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032900.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032900.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032901.dll


Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032901.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032901.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032902.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032902.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032902.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032903.dll


Infected with: Trojan.Spy.Agent.OZ

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032903.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032903.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032904.dll


Infected with: Trojan.Spy.Agent.OZ

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032904.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032904.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032905.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032905.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032905.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032906.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032906.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032906.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032907.dll


Infected with: MemScan:Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032907.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032907.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032908.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032908.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032908.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032909.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032909.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032909.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032910.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032910.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032910.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032911.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032911.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032911.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032912.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032912.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032912.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032913.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032913.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032913.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032914.dll


Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032914.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032914.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032915.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032915.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032915.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032916.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032916.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032916.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032917.dll


Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032917.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032917.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032918.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032918.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032918.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032919.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032919.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032919.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032920.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032920.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032920.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032921.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032921.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032921.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032922.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032922.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032922.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032923.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032923.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032923.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032924.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032924.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032924.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032925.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032925.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032925.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032926.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032926.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032926.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032927.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032927.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032927.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032928.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032928.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032928.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032929.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032929.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032929.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032930.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032930.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032930.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032931.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032931.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032931.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032932.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032932.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032932.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032933.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032933.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032933.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032934.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032934.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032934.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032935.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032935.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032935.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032936.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032936.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032936.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032937.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032937.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032937.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032938.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032938.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032938.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032939.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032939.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032939.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032940.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032940.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032940.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032941.dll


Infected with: Trojan.Juan.B

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032941.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032941.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032942.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032942.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032942.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032943.dll


Infected with: Trojan.Virtumod.DG

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032943.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032943.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032944.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032944.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032944.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032945.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032945.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032945.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032946.dll


Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032946.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032946.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032947.dll


Infected with: Trojan.Juan.D

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032947.dll


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032947.dll


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032948.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032948.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032948.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032949.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032949.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032949.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032950.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032950.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032950.exe


Deleted

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032951.exe


Infected with: Trojan.Agent.ACL

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032951.exe


Disinfection failed

C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP258\A0032951.exe


Deleted

C:\WINDOWS\system32\awvvs.dll


Infected with: MemScan:Trojan.Vundo.U

C:\WINDOWS\system32\awvvs.dll


Disinfection failed

C:\WINDOWS\system32\awvvs.dll


Delete failed

C:\WINDOWS\system32\ddcbbcd.dll


Infected with: MemScan:Trojan.Agent.HT

C:\WINDOWS\system32\ddcbbcd.dll


Disinfection failed

C:\WINDOWS\system32\ddcbbcd.dll


Delete failed

C:\WINDOWS\system32\drvlec.dll


Infected with: Trojan.FakeAlert.S

C:\WINDOWS\system32\drvlec.dll


Disinfection failed

C:\WINDOWS\system32\drvlec.dll


Deleted

#12 Zyrael

Zyrael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 02 February 2007 - 08:38 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:24:05 AM 2/2/2007

+ Scan result:



C:\System Volume Information\_restore{0B9D3072-3404-44EA-BC13-4BA32B69A66A}\RP185\A0028516.exe -> Adware.SaveNow : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t4jatlp9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 7:36:53 AM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\test\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {8C793958-D0E1-F03C-9E49-F6BADD4046E7} - C:\WINDOWS\system32\ubx.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ckdojwvo.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {8C793958-D0E1-F03C-9E49-F6BADD4046E7} - C:\WINDOWS\system32\ubx.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\ddcbbcd.dll
O2 - BHO: (no name) - {FBA49523-82B4-4A9E-A9D8-52426F9E021D} - C:\WINDOWS\system32\awvvs.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ykmxfxwf.dll",setvm
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Crvoaj] C:\WINDOWS\?ssembly\wucrtupd.exe
O4 - HKCU\..\Run: [Stai] "C:\WINDOWS\system32\WNSXS~1\winlogon.exe" -vt ndrv
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: ddcbbcd - C:\WINDOWS\SYSTEM32\ddcbbcd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)

#13 Zyrael

Zyrael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 02 February 2007 - 08:39 AM

theres all 3 reports. i havent noticed any change in the problem.

except now i get a antivir guard pop up every few seconds (literally). and its always about like 3 files. exact same location and all. No matter which action i choose (access deny, quarantine, or delete) itll just notify me again near instantaneously.

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:48 PM

Posted 02 February 2007 - 12:51 PM

You will continue to get antivir guard pop ups until we have you clean.

You have quite a collection of malware on your computer. I have not seen one this bad in quite some time. :thumbsup:

How long were you running this computer with no antivirus?

Next we go after the Vundo infection.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Edited by SifuMike, 02 February 2007 - 12:56 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Zyrael

Zyrael
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 02 February 2007 - 03:14 PM

VundoFix V6.3.5

Checking Java version...

Sun Java not detected
Scan started at 1:42:32 PM 2/2/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\ckdojwvo.dll
C:\WINDOWS\system32\ddcbbcd.dll
C:\WINDOWS\system32\ewudejao.exe
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak2
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini2
C:\WINDOWS\system32\svvwa.tmp
C:\WINDOWS\system32\vfymtyqw.dll
C:\WINDOWS\system32\wxrraswv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvs.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ddcbbcd.dll
C:\WINDOWS\system32\ddcbbcd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ewudejao.exe
C:\WINDOWS\system32\ewudejao.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.bak2
C:\WINDOWS\system32\svvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.ini2
C:\WINDOWS\system32\svvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.tmp
C:\WINDOWS\system32\svvwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcbbcd.dll
C:\WINDOWS\system32\ddcbbcd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Sun Java not detected
Scan started at 1:54:46 PM 2/2/2007

Listing files found while scanning....

C:\WINDOWS\system32\ckdojwvo.dll
C:\WINDOWS\system32\ddcbbcd.dll
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\vfymtyqw.dll
C:\WINDOWS\system32\wxrraswv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcbbcd.dll
C:\WINDOWS\system32\ddcbbcd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Sun Java not detected
Scan started at 2:05:16 PM 2/2/2007

Listing files found while scanning....


VundoFix V6.3.5

Checking Java version...

Sun Java not detected
Scan started at 2:07:39 PM 2/2/2007

Listing files found while scanning....

C:\WINDOWS\system32\ckdojwvo.dll
C:\WINDOWS\system32\ddcbbcd.dll
C:\WINDOWS\system32\vfymtyqw.dll
C:\WINDOWS\system32\wxrraswv.dll

Beginning removal...

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 2:11:29 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\test\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {8C793958-D0E1-F03C-9E49-F6BADD4046E7} - C:\WINDOWS\system32\ubx.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F972483-C6E8-4577-A64D-9506D26322E4} - C:\WINDOWS\system32\pmkjg.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ckdojwvo.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {82332E8B-5EB3-41CC-9C2B-3E458478F260} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {8C793958-D0E1-F03C-9E49-F6BADD4046E7} - C:\WINDOWS\system32\ubx.dll
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\ddcbbcd.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Crvoaj] C:\WINDOWS\?ssembly\wucrtupd.exe
O4 - HKCU\..\Run: [Stai] "C:\WINDOWS\system32\WNSXS~1\winlogon.exe" -vt ndrv
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users