Sponsored By

sarahw

My Infected Computer

Recommended Posts

Hi,

There is a serious problem with my computer.

when I boot normally I get a strange background telling me my computer is infected. I can't open Task manager and there is no start button. A timer then pops up and tells me it will reboot because there is an error. I can access Safe Mode but there is still no start menu.

Logfile of HijackThis v1.99.1

Scan saved at 9:00:52 AM, on 29/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\MSN Messenger\Device Manager\Loc\1774\Setup2.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Family Computer\Desktop\New Folder\install_sbd_en.exe

O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe

O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe

O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\wind32.exe

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe

O4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.dat

O21 - SSODL: nopzet - {60DCAB51-486C-43FB-B9B8-01C482802676} - C:\WINDOWS\nopzet.dll

O21 - SSODL: leorop - {A90E3E41-6AF8-4951-AE47-F14237589566} - C:\WINDOWS\leorop.dll

O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

Share this post


Link to post
Share on other sites

I'm guessing that you're my test person. Hi :)

Hi sarahw

Thanks for running HijackThis. However, before we can proceed, I will need you to run HijackThis again with the following instructions for an updated and renamed HijackThis.

Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.

Rename HijackThis(.exe) to scanner(.exe).

Next, run scanner(.exe). A window will pop up.

• Click on the button which says Main Menu, then Do a system scan and save a logfile.

• Please wait for the scan to be completed.

• After the scan has completed, a text window will pop up. Please post the contents of this window here.

This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.

NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.

Best Regards :D

Share this post


Link to post
Share on other sites

Ok, I did that.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:13:10 PM, on 29/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\MSN Messenger\Device Manager\Loc\1774\Setup2.exe

C:\Documents and Settings\Administrator\Desktop\scanner.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL

O2 - BHO: (no name) - {C1414B47-C261-4695-B157-3867F6649E93} - C:\WINDOWS\system32\geBtTMec.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Family Computer\Desktop\New Folder\install_sbd_en.exe

O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe

O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe

O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe

O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\wind32.exe

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe

O4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.dat

O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

O21 - SSODL: nopzet - {60DCAB51-486C-43FB-B9B8-01C482802676} - C:\WINDOWS\nopzet.dll

O21 - SSODL: leorop - {A90E3E41-6AF8-4951-AE47-F14237589566} - C:\WINDOWS\leorop.dll

O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

--

End of file - 5549 bytes

Share this post


Link to post
Share on other sites

Hey SarahW

Nice collection of malware there. Let's clean it up.

First, please download ComboFix.

With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.

Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.

**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

• Wait for the scan to be completed.

• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

After that, follow the next set of instructions in the next post.

Share this post


Link to post
Share on other sites

Please run HijackThis.

• Click on the button which says Main Menu, then Do a system scan only.

• Please wait for the scan to be completed.

• After the scan has completed, check the following entries only if they are still there. If they are not there, ignore them.

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O2 - BHO: (no name) - {C1414B47-C261-4695-B157-3867F6649E93} - C:\WINDOWS\system32\geBtTMec.dll
O3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Family Computer\Desktop\New Folder\install_sbd_en.exe
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.dat
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: nopzet - {60DCAB51-486C-43FB-B9B8-01C482802676} - C:\WINDOWS\nopzet.dll
O21 - SSODL: leorop - {A90E3E41-6AF8-4951-AE47-F14237589566} - C:\WINDOWS\leorop.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL

Click on the button Fix checked

NOTE:: Close all browsers before fixing anything.

Next, open Notepad. Type in the following:

@echo off 
sc stop Schedule
sc delete Schedule
exit

Click on File > Save As....

In the File Name box, type in fix.bat

In the Save as type box, select All Files from the drop-down list.

Click Save and save it to your Desktop.

Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.

After that, reboot.

What problems do you have left?

Best Regards :D

Edited by cdavfrew

Share this post


Link to post
Share on other sites

When I run Combo-Fix.exe it says:

Setup2.exe - Application error

The Aplication failed to initialize properly (0xc0000005). Click on OK to termiatre the application.

I click on OK and explorer closes. I have to reopen explorer from Task Manager.

I didn't do the next part yet. I'll wait to see what you say first.

Share this post


Link to post
Share on other sites

Hey sarahw

Thanks for the detailed report. Let's mix it up a little.

Follow the instructions in my second post, reboot, and then run Combo-Fix.exe.

Best Regards :D

Edited by cdavfrew

Share this post


Link to post
Share on other sites

I had the same error when I tried to run combofix.

I am using Safe Mode with networking to access the internet. I tried it in safe mode also. I still cannot access normal mode. It has a you are infected backgorund and the task manager is still disabled.

I am getting a new error when the computer starts.

/idlist;1940:1504cc:\Documents

Windows cannot find /idlist;1940:1504cc:\Documents. Make sure you typed it correctly, and then try again.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:44:26 PM, on 30/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\MSN Messenger\Device Manager\Loc\1774\Setup2.exe

C:\Documents and Settings\Administrator\Desktop\scanner.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {3234566F-583F-4B78-8539-53452D383C9F} - C:\WINDOWS\system32\geBtTMec.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [f84b99dd] rundll32.exe "C:\WINDOWS\system32\phtwjddf.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.dat

O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--

End of file - 3990 bytes

Share this post


Link to post
Share on other sites

Hey sarahw

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

• Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.

• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

• Press any Key and it will restart the PC.

• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

• Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum)

• Finally paste the contents of the Report.txt here.

Best Regards :D

Share this post


Link to post
Share on other sites

I got this error:

cmd.exe - Application error

The Application failed to initialize properly (0xc0000005). Click on OK to termiatre the application.

then it would say:

find.exe - Application error

The Application failed to initialize properly (0xc0000005). Click on OK to termiatre the application.

When I clicked OK it would jump from the first error to the second then back again about half a dozen times then it would quit.

Share this post


Link to post
Share on other sites

Hey sarahw

Before I can continue to more drastic measures, I will need more analysis.

1. Are you running as Administrator?

2. Please download EXE File Association Fix, unzip the file, and run the .reg file. When a prompt pops up, click on Yes.

After that, reboot, and try running Combo-Fix.exe again.

Best Regards :D

Share this post


Link to post
Share on other sites

Hi,

When the computer rebooted it went into normal mode.

ComboFix 08-09-28.03 - Administrator 2008-09-30 23:19:37.9 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.857 [GMT -7:00]

Running from: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users.\documents\settings\config.ini

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk

C:\Documents and Settings\Family Computer\Application Data\MANTEC~1

C:\Documents and Settings\Family Computer\Application Data\MANTEC~1\??mantec\

C:\Documents and Settings\Family Computer\Application Data\MANTEC~1\services.exe

C:\Documents and Settings\Family Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

C:\Documents and Settings\Family Computer\Application Data\printer.exe

C:\Documents and Settings\Family Computer\Application Data\rhc3ocj0en5t

C:\Documents and Settings\Family Computer\ftpdll.dll

C:\Documents and Settings\Family Computer\Local Settings\Application Data\cftmon.exe

C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\findfast.exe

C:\Documents and Settings\LocalService\ftpdll.dll

C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe

C:\Program Files\cowabanga

C:\Program Files\cowabanga\Cowabanga.exe

C:\Program Files\cowabanga\License.txt

C:\Program Files\cowabanga\uninstaller.exe

C:\Program Files\iSecurity

C:\Program Files\MediaVideoCodec

C:\Program Files\MediaVideoCodec\install.ico

C:\Program Files\MSN Messenger\Device Manager\Loc\1774

C:\Program Files\MSN Messenger\Device Manager\Loc\1774\acx.jog

C:\Program Files\MSN Messenger\Device Manager\Loc\1774\msvbvm60.dll

C:\Program Files\MSN Messenger\Device Manager\Loc\1774\mswinsck.ocx

C:\Program Files\MSN Messenger\Device Manager\Loc\1774\pub.jog

C:\Program Files\MSN Messenger\Device Manager\Loc\1774\Setup2.exe

C:\Program Files\rhc3ocj0en5t

C:\Program Files\snowball wars

C:\Program Files\snowball wars\License.txt

C:\Program Files\snowball wars\SnowballWars.exe

C:\Program Files\snowball wars\uninstaller.exe

C:\Program Files\tmp0.exe

C:\Program Files\tmp1.exe

C:\Program Files\tmp2.exe

C:\Program Files\tmp3.exe

C:\Program Files\yazzle sudoku

C:\Program Files\yazzle sudoku\License.txt

C:\Program Files\yazzle sudoku\Sudoku.exe

C:\Program Files\yazzle sudoku\uninstaller.exe

C:\Temp\sanR24

C:\WINDOWS\9129837.exe

C:\WINDOWS\blopenvsto.dll

C:\WINDOWS\BMfb78aa41.txt

C:\WINDOWS\BMfb78aa41.xml

C:\WINDOWS\dat.txt

C:\WINDOWS\jokvip.exe

C:\WINDOWS\leorop.dll

C:\WINDOWS\new_drv.sys

C:\WINDOWS\nopzet.dll

C:\WINDOWS\pskt.ini

C:\WINDOWS\retnsrp.dll

C:\WINDOWS\search_res.txt

C:\WINDOWS\shell.exe

C:\WINDOWS\system32\__c00F20E0.dat

C:\WINDOWS\system32\awtqooOG.dll

C:\WINDOWS\system32\bjgpiiab.dll

C:\WINDOWS\system32\blphc7ocj0en5t.scr

C:\WINDOWS\system32\cdjpdihq.dll

C:\WINDOWS\system32\ceMTtBeg.ini

C:\WINDOWS\system32\ceMTtBeg.ini2

C:\WINDOWS\system32\cjpniv.dll

C:\WINDOWS\system32\cssrss.exe

C:\WINDOWS\system32\drivers\b7a36ed3.sys

C:\WINDOWS\system32\drivers\Ecfn48.sys

C:\WINDOWS\system32\drivers\qandr.sys

C:\WINDOWS\system32\drivers\spools.exe

C:\WINDOWS\system32\fddjwthp.ini

C:\WINDOWS\system32\ftpdll.dll

C:\WINDOWS\system32\geBtTMec.dll

C:\WINDOWS\system32\ivyjjoiq.dll

C:\WINDOWS\system32\ixidrheu.dll

C:\WINDOWS\system32\jarplatb.dll

C:\WINDOWS\system32\jugqevxg.dll

C:\WINDOWS\system32\lekifewh.dll

C:\WINDOWS\system32\lphc7ocj0en5t.exe

C:\WINDOWS\system32\marwin32.dll

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\nyqupthp.dll

C:\WINDOWS\system32\opeinkgy.dll

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\phc7ocj0en5t.bmp

C:\WINDOWS\system32\phtwjddf.dll

C:\WINDOWS\system32\pphc7ocj0en5t.exe

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\qiojjyvi.ini

C:\WINDOWS\system32\rxVNF6.syz

C:\WINDOWS\system32\sdgrhuwu.dll

C:\WINDOWS\system32\sft.res

C:\WINDOWS\system32\spoolvs.exe

C:\WINDOWS\system32\taskkill.exe

C:\WINDOWS\system32\tasklist.exe

C:\WINDOWS\system32\usgfbxrx.dll

C:\WINDOWS\system32\vuhnsuof.dll

C:\WINDOWS\system32\wind32.exe

C:\WINDOWS\system32\wowfx.dll

C:\WINDOWS\system32\xtdxqhoc.dll

C:\WINDOWS\winlogon.exe

C:\Documents and Settings\All Users.\documents\settings . . . . failed to delete

C:\Documents and Settings\All Users.\documents\settings\partnership.dll . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://flycodecs.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ECFN48

-------\Legacy_new_drv

-------\Service_Ecfn48

-------\Service_new_drv

((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))

.

2008-09-30 21:02 . 2008-09-30 01:28 <DIR> d-------- C:\SDFix

2008-09-29 08:25 . 2008-09-29 08:25 7,680 --a------ C:\mmhkj.exe

2008-09-29 08:25 . 2008-09-29 08:25 29 --a------ C:\WINDOWS\system32\teytgohg.tmp

2008-09-29 08:25 . 2008-09-29 08:25 0 --a------ C:\AF.tmp

2008-09-29 08:25 . 2008-09-29 08:25 0 --a------ C:\AB.tmp

2008-09-29 08:24 . 2008-09-29 08:24 0 --a------ C:\A4.tmp

2008-09-29 08:24 . 2008-09-29 08:24 0 --a------ C:\A3.tmp

2008-09-29 08:24 . 2008-09-29 08:24 0 --a------ C:\A2.tmp

2008-09-29 08:24 . 2008-09-29 08:24 0 --a------ C:\A1.tmp

2008-09-29 08:18 . 2008-09-29 09:02 <DIR> d-------- C:\virus

2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\WINDOWS\Cache

2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\Program Files\MSN Messenger

2008-09-29 08:01 . 2008-09-29 08:02 491,520 --a------ C:\WINDOWS\msado15.dll

2008-09-29 08:00 . 2008-09-29 08:00 152,920 --a------ C:\WINDOWS\system32\vghd.scr

2008-09-29 07:58 . 2008-09-29 08:02 <DIR> d-------- C:\Program Files\vghd

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\pointgo

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\Al Roker Vs. Star Jones Boxing

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\vghd

2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\WINDOWS\system32\iDlo07

2008-09-29 07:56 . 2008-09-30 23:19 <DIR> d-------- C:\Temp

2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\Program Files\OINAnalytics

2008-09-29 07:56 . 2008-09-29 07:56 13,312 --a------ C:\WINDOWS\system32\tupdfim.dll

2008-09-29 07:56 . 2008-09-29 07:56 13,312 --a------ C:\WINDOWS\system32\papdfim.dll

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\QuickTime

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iTunes

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iPod

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Bonjour

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Apple Computer

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-29 07:41 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll

2008-09-29 07:41 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Program Files\Apple Software Update

2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-09-29 07:39 . 2008-09-29 08:19 <DIR> d-------- C:\Program Files\FlashGet

2008-09-28 01:49 . 2008-09-28 01:49 <DIR> d-------- C:\Program Files\Matrix-ks

2008-09-28 01:38 . 2008-09-28 01:38 <DIR> d-------- C:\_OTMoveIt

2008-09-20 23:35 . 2008-09-30 23:20 <DIR> d-------- C:\Documents and Settings\Family Computer

2008-09-20 23:23 . 2008-09-20 23:37 <DIR> d-------- C:\New Folder

2008-09-14 17:33 . 2008-09-29 08:02 <DIR> d-------- C:\WINDOWS\1367

2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\Program Files\MWGuide

2008-09-14 17:32 . 2008-09-29 08:00 415 --a------ C:\DelPI.bat

2008-09-07 13:02 . 2008-09-07 13:02 <DIR> d-------- C:\Documents and Settings\Administrator

2008-09-07 12:44 . 2008-09-07 12:47 <DIR> d-------- C:\rsit

2008-09-07 12:44 . 2008-09-07 12:45 <DIR> d-------- C:\Program Files\trend micro

2008-09-07 07:05 . 2008-09-07 07:05 153,404 --a------ C:\WINDOWS\system32\g15.exe

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-09-05 08:48 . 2008-09-05 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-02 21:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-09-02 21:22 . 2008-08-31 00:53 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe

2008-09-02 21:22 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-09-02 21:22 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-09-01 04:50 . 2008-09-01 04:50 <DIR> d-------- C:\WINDOWS\system32\windows media

2008-09-01 04:50 . 2008-09-01 04:50 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-25 02:19 --------- d-----w C:\Program Files\NOS

2008-08-24 08:21 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-08-24 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS

2008-08-24 08:20 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-20 13:35 --------- d-----w C:\Program Files\Google

.

((((((((((((((((((((((((((((( [email protected]_ 7.51.57.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-29 15:02:10 10,138 ----a-w C:\WINDOWS\1367\sub.dat

+ 2008-09-29 15:24:59 19,174 --sh--r C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll

+ 2008-09-29 15:25:34 23,118 --sh--r C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll

+ 2001-08-28 21:00:00 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys

+ 2008-02-24 07:47:48 32,768 ----a-w C:\WINDOWS\system32\iDlo07\iDlo071084.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MWGuide"="C:\Program Files\MWGuide\MWGuide.exe" [2007-04-17 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\

VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-09-29 11875648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]

2008-09-29 08:24 13587 C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe

backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIALWORKERSTARTER]

--a------ 2008-02-17 23:24 26112 C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

S1 b7a36ed3;b7a36ed3;C:\WINDOWS\system32\drivers\b7a36ed3.sys [ ]

S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

BHO-{63B25412-D802-4FBA-B26B-60836264977A} - C:\WINDOWS\system32\geBtTMec.dll

HKCU-Run-Rmru - C:\DOCUME~1\FAMILY~1\APPLIC~1\MANTEC~1\services.exe

HKLM-Run-f84b99dd - C:\WINDOWS\system32\phtwjddf.dll

MSConfigStartUp-antiviirus - C:\Program Files\antiviirus.exe

MSConfigStartUp-BMfb78aa41 - C:\WINDOWS\system32\bjgpiiab.dll

MSConfigStartUp-f84b99dd - C:\WINDOWS\system32\ivyjjoiq.dll

MSConfigStartUp-lphc7ocj0en5t - C:\WINDOWS\system32\lphc7ocj0en5t.exe

MSConfigStartUp-SMrhc3ocj0en5t - C:\Program Files\rhc3ocj0en5t\rhc3ocj0en5t.exe

MSConfigStartUp-iSecurity applet - iSecurity.cpl

.

------- Supplementary Scan -------

.

O8 -: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 -: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-30 23:22:52

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-09-30 23:25:40 - machine was rebooted [Family Computer]

ComboFix-quarantined-files.txt 2008-10-01 06:25:25

ComboFix2.txt 2008-09-29 14:53:16

Pre-Run: 75,668,791,296 bytes free

Post-Run: 75,690,057,728 bytes free

284 --- E O F --- 2008-09-19 02:52:21

Share this post


Link to post
Share on other sites

Hey sarahw

Please download Superantispyware Free and install it. Follow the prompts and reboot if required.

Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...

Configuring SuperAntispyware

• Click on Preferences.

• In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.

• Navigate to the tab Scanning Control.

• Make sure only these boxes are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)

• Click on Close.

Updating SuperAntispyware

• At the main window, click on Check for Updates....

• Wait for SuperAntispyware to be fully updated.

Scanning Time

• Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.

• Launch SuperAntispyware.

• At the main window, click on Scan your Computer....

• Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.

• Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.

• Reboot your computer.

Post A Log

• Launch SuperAntispyware

• Click on Preferences

• Navigate to the tab Statistics/Logs.

• Choose the latest scan log, and the click on View Log....

• Copy and paste the contents of the log here in your next post.

Looking good. The malware's retreating. After that, post a new HijackThis log as well.

Best Regards :D

Edit: You didn't follow completely my previous instructions. :(

Edited by cdavfrew

Share this post


Link to post
Share on other sites

I am still getting popups saying I am infected. I followed your instructions but couldn't run the scan in safe mode, I would click it and it did nothing.

There is also some half naked woman dancing on the screen, I dont want this and cannot let the kids see it :o I dont remember installing it, how do I get rid of it?

Here is the log from normal mode:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/01/2008 at 00:04 AM

Application Version : 4.21.1004

Core Rules Database Version : 3582

Trace Rules Database Version: 1570

Scan type : Complete Scan

Total Scan Time : 00:11:51

Memory items scanned : 305

Memory threats detected : 2

Registry items scanned : 2903

Registry threats detected : 41

File items scanned : 17454

File threats detected : 433

Trojan.Net-Partnership/WL-Resident

C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\PARTNERSHIP.DLL

C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\PARTNERSHIP.DLL

Trojan.Net-AVP/AVT

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\AUTORUN.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\AUTORUN.EXE

[spoolsv] C:\WINDOWS\SYSTEM32\SPOOLVS.EXE

C:\WINDOWS\SYSTEM32\SPOOLVS.EXE

C:\WINDOWS\SHELL.EXE

Trojan.Downloader-Gen/CinBroom

[Printer] C:\WINDOWS\SYSTEM32\PRINTER.EXE

C:\WINDOWS\SYSTEM32\PRINTER.EXE

Trojan.Net-Partnership/WL

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#DllName

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#Startup

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#Impersonate

HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#Asynchronous

Adware.Tracking Cookie

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt

Adware.ClickSpring/Yazzle

HKCR\YazzleSudokuGame

HKCR\YazzleSudokuGame\DefaultIcon

HKCR\YazzleSudokuGame\shell

HKCR\YazzleSudokuGame\shell\Open

HKCR\YazzleSudokuGame\shell\Open\command

HKLM\Software\Yazzle Sudoku

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku#UninstallString

C:\Documents and Settings\Family Computer\Start Menu\Programs\Yazzle Sudoku\Uninstall Yazzle Sudoku.lnk

C:\Documents and Settings\Family Computer\Start Menu\Programs\Yazzle Sudoku\Yazzle Sudoku License.lnk

C:\Documents and Settings\Family Computer\Start Menu\Programs\Yazzle Sudoku\Yazzle Sudoku.lnk

C:\Documents and Settings\Family Computer\Start Menu\Programs\Yazzle Sudoku

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\SNOWBALLWARSINSTALLER.EXE

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\SUDOKUINSTALLER.EXE

C:\NEW FOLDER\SNOWBALLWARSINSTALLER.EXE

C:\NEW FOLDER\SUDOKUINSTALLER.EXE

Unclassified.Unknown Origin

HKU\S-1-5-21-1957994488-1123561945-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run#Spoolsv [ C:\WINDOWS\system32\spoolvs.exe ]

Adware.ClickSpring/Outer Info Network

HKCR\OINCS.OINAnalytics

HKCR\OINCS.OINAnalytics\CLSID

HKCR\OINCS.OINAnalytics\CurVer

HKCR\OINCS.OINAnalytics.1

HKCR\OINCS.OINAnalytics.1\CLSID

HKCR\AppId\OINAnalytics.DLL

HKCR\AppId\OINAnalytics.DLL#AppID

HKU\S-1-5-21-1957994488-1123561945-682003330-1004\Software\OINAnalytics

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#InstallLocation

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#NoModify

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#NoRepair

C:\Program Files\OINAnalytics\OINAnalytics.dll

C:\Program Files\OINAnalytics\Uninstall.exe

C:\Program Files\OINAnalytics

Rogue.NoWayVirus

HKLM\Software\NoWayVirus

HKLM\Software\NoWayVirus#ProductCode

HKU\S-1-5-21-1957994488-1123561945-682003330-1004\Software\NoWayVirusDownloader

HKLM\Software\NoWayVirusDownloader

HKLM\Software\NoWayVirusDownloader#TotalSize

HKLM\Software\NoWayVirusDownloader#SeekPos

HKLM\Software\NoWayVirusDownloader#EulaShowed

Trojan.SecurityCenter/Fake

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\BACKUPS\BACKUP-20080930-203259-995.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002018.CPL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002020.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0003039.CPL

C:\VIRUS\ISECLIVE\ISECURITY.CPL

C:\VIRUS\VBOX--4908\123297.TMP

Adware.Vundo/Variant

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\BACKUPS\BACKUP-20080930-203300-840.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005141.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005126.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005129.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005132.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005133.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005145.DLL

Trojan.LocusSoftware/WSC-Installer

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\INSTALL_SBD_EN.EXE

C:\NEW FOLDER\INSTALL_SBD_EN.EXE

Trojan.Downloader-FuP/TMP

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\23.TMP

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\9.TMP

C:\NEW FOLDER\NEW FOLDE2\23.TMP

C:\NEW FOLDER\NEW FOLDE2\9.TMP

C:\VIRUS\!!!!\27.TMP

C:\VIRUS\4F.TMP

C:\VIRUS\F.TMP

Rogue.Ormond-Installer/A

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\INSTALL.EXE

C:\NEW FOLDER\NEW FOLDE2\INSTALL.EXE

Trojan.Malware

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDER\MW_INSTALL.EXE

C:\NEW FOLDER\NEW FOLDER\MW_INSTALL.EXE

Adware.WhenU

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDER\SETUPDTSB.EXE

C:\NEW FOLDER\NEW FOLDER\SETUPDTSB.EXE

Trojan.Downloader/Media-Codec

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\VIDEOACCESSCODECINSTALL.EXE

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\VIDEOACCESSCODECINSTALL2.EXE

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\VIDEOACCESSCODECINSTALL3.EXE

C:\NEW FOLDER\VIDEOACCESSCODECINSTALL.EXE

C:\NEW FOLDER\VIDEOACCESSCODECINSTALL2.EXE

C:\NEW FOLDER\VIDEOACCESSCODECINSTALL3.EXE

Trojan.Downloader-FindFast/Fake

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\START MENU\PROGRAMS\STARTUP\FINDFAST.EXE

Trojan.Dropper/Gen-123

C:\MMHKJ.EXE

Rogue.NetProject-Installer

C:\NEW FOLDER\COPY (2) OF SETUP.EXE

Trojan.Unclassified-Packed/Suspicious

C:\PROGRAM FILES\POINTGO\POINTGO.DLL

C:\VIRUS\ACTVTALK.DLL

C:\VIRUS\IESEARCH.DLL

C:\VIRUS\ISECLIVE\BROWSE.DLL

C:\VIRUS\JFIEHAYD.DLL

C:\VIRUS\LUAPVS.DLL

C:\VIRUS\QTALK.DLL

C:\VIRUS\VBOX--4908\JFIEHAYD.DLL

C:\VIRUS\WINSRC[1].DLL

C:\VIRUS\WSCMP[1].DLL

Adware.ClickSpring-Variant

C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\APPLICATION DATA\MANTEC~1\SERVICES.EXE.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005108.EXE

Trojan.Unclassified/FTP-Fake

C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\FTPDLL.DLL.VIR

C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\LOCALSERVICE\FTPDLL.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FTPDLL.DLL.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002009.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002010.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005095.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005111.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005114.DLL

C:\VIRUS\VBOX--4908\FTPDLL.DLL

Trojan.Unclassified/AddToKill

C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\LOCAL SETTINGS\APPLICATION DATA\CFTMON.EXE.VIR

C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\CFTMON.EXE.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\SPOOLS.EXE.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005094.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005112.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005115.EXE

C:\VIRUS\VBOX--4908\SH.EXE

C:\VIRUS\ZAE.EXE

Trojan.Unclassified/Tmp-Gen

C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TMP0.EXE.VIR

C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TMP1.EXE.VIR

C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TMP2.EXE.VIR

C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TMP3.EXE.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005116.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005117.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005118.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005119.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BLPHC7OCJ0EN5T.SCR.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005121.SCR

Trojan.Downloader-CREW

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IXIDRHEU.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JARPLATB.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JUGQEVXG.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LEKIFEWH.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NYQUPTHP.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OPEINKGY.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SDGRHUWU.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VUHNSUOF.DLL.VIR

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XTDXQHOC.DLL.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005134.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005135.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005136.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005137.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005139.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005140.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005144.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005146.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005147.DLL

Rogue.MalwareProtector/Variant

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PPHC7OCJ0EN5T.EXE.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005142.EXE

Trojan.Unclassified/IFrameStat

C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WIND32.EXE.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005099.EXE

C:\VIRUS\VBOX--4908\IFRAMESTAT.EXE

Trojan.Unclassified/Dropper

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0000009.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-1.DAT

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-2.DAT

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-3.DAT

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-4.DAT

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-5.DAT

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-6.DAT

C:\VIRUS\KTGMHS.EXE

C:\VIRUS\NYPS4.EXE

C:\VIRUS\PWHO495\NYPS4.EXE

Adware.Vundo-Variant/J

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005087.DLL

C:\VIRUS\!!!!\MGSVFLKW.DLL

C:\VIRUS\!!!!\QDNKEWFA.DLL

C:\VIRUS\FKDNRWSV.DLL

C:\VIRUS\LIVE4608\G0LD\MGSVFLKW.DLL

C:\VIRUS\LIVE4608\G0LD\QDNKEWFA.DLL

C:\VIRUS\MGSVFLKW.DLL

C:\VIRUS\OMLBPKAW.DLL

C:\VIRUS\PMSOARBF.DLL

C:\VIRUS\PWHO495\4408-2\FKDNRWSV.DLL

C:\VIRUS\PWHO495\SXFNEWQB.DLL

C:\VIRUS\QDNKEWFA.DLL

C:\VIRUS\SXFNEWQB.DLL

Trojan.Downloader-Gen/Burre

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005096.DLL

Trojan.Net-MSV/VPS-Variant

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005120.DLL

Trojan.Dropper/SVCHost-Fake

C:\VIRUS\!!!!\SVCHOST.EXE

C:\VIRUS\!!!!\1\SVCHOST.EXE

C:\VIRUS\LIVE4608\G0LD\SVCHOST.EXE

C:\VIRUS\LIVE4608\G0LD\1\SVCHOST.EXE

C:\VIRUS\LIVE4608\G0LD\3\SVCHOST.EXE

C:\VIRUS\LIVE4608\G0LD\4\SVCHOST.EXE

C:\VIRUS\LIVE4608\G0LD\6\SVCHOST.EXE

C:\VIRUS\SVCHOST.EXE

Trojan.Dropper/Gen

C:\VIRUS\!!!!\APOXQWFV.EXE

C:\VIRUS\APOXQWFV.EXE

C:\VIRUS\LIVE4608\G0LD\APOXQWFV.EXE

C:\VIRUS\PWHO495\4408-2\DWLTQNMX.EXE

C:\VIRUS\PWHO495\~.EXE

C:\VIRUS\VBOX--4908\APOXQWFV.EXE

C:\VIRUS\~.EXE

Trojan.Unclassified/Multi-Dropper

C:\VIRUS\!!!!\LMLUFOZK.EXE

C:\VIRUS\CJSZCVOB.EXE

C:\VIRUS\DGDWZQZQ.EXE

C:\VIRUS\ISECLIVE\EBIJODYF.EXE

C:\VIRUS\ISECLIVE\MZCVYVOJ.EXE

C:\VIRUS\ISECLIVE\PXSSRWNO.EXE

C:\VIRUS\ISECLIVE\UDKBGXMJ.EXE

C:\VIRUS\ISECLIVE\UHSHAZWB.EXE

C:\VIRUS\KVCVCLYF.EXE

C:\VIRUS\LIVE4608\G0LD\TWPGXYRO.EXE

C:\VIRUS\MZKPMREN.EXE

C:\VIRUS\MZWREBKP.EXE

C:\VIRUS\OPIZQPGN.EXE

C:\VIRUS\PWHO495\SPCXUZIP.EXE

C:\VIRUS\QJKPKLSJ.EXE

C:\VIRUS\REJAPSFE.EXE

C:\VIRUS\UVSPKBKB.EXE

Adware.SXGAdvisor-A

C:\VIRUS\!!!!\TEMLXOPQQWM.DLL

C:\VIRUS\LGMXVPATFBO.DLL

C:\VIRUS\LGMXVPATGBN.DLL

C:\VIRUS\LIVE4608\G0LD\TEMLXOPQFTG.DLL

C:\VIRUS\PWHO495\SVPEKGONGPV.DLL

C:\VIRUS\SVPEKGONWVX.DLL

C:\VIRUS\TEMLXOPQGDK.DLL

C:\VIRUS\TEMLXOPQMLF.DLL

C:\VIRUS\VBOX--4908\TEMLXOPQTGA.DLL

Trojan.Unclassified/UserInit-Fake

C:\VIRUS\!!!!\USERINIT.EXE

C:\VIRUS\PWHO495\USERINIT.EXE

Trojan.Unclassified/GTS

C:\VIRUS\!!!!\VNBPTXLF.DLL

C:\VIRUS\LIVE4608\G0LD\VNBPTXLF.DLL

C:\VIRUS\QTVGLPED.DLL

C:\VIRUS\STFNGDVW.DLL

C:\VIRUS\VBOX--4908\VNBPTXLF.DLL

C:\VIRUS\VNBPTXLF.DLL

Adware.ClickSpring

C:\VIRUS\!UPDATE.EXE

Trojan.Downloader-Gen/Micky

C:\VIRUS\1.DLLB

C:\VIRUS\5.DLLB

C:\VIRUS\6.DLLB

C:\VIRUS\7.DLLB

C:\VIRUS\VBOX--4908\6.DLLB

C:\VIRUS\VBOX--4908\1.DLLB

C:\VIRUS\VBOX--4908\5.DLLB

C:\VIRUS\VBOX--4908\7.DLLB

Trojan.Unclassified/GGD-Gen

C:\VIRUS\1103[1].EXE

C:\VIRUS\64[1].EXE

C:\VIRUS\BHO[1].EXE

C:\VIRUS\PSSB487.EXE

C:\VIRUS\PSSB497.EXE

C:\VIRUS\PWHO495\BHO[1].EXE

C:\VIRUS\PWHO495\PWHO427.EXE

C:\VIRUS\VBOX--4908\WCAV472.EXE

C:\VIRUS\VBOX--4908\WCAV487.EXE

C:\VIRUS\VBOX--4908\WCAV497.EXE

C:\VIRUS\WCAV472.EXE

C:\VIRUS\WCAV497.EXE

Trojan.Unclassified/Loader-Service

C:\VIRUS\191855.TMP

C:\VIRUS\3522565.TMP

C:\VIRUS\3811891.TMP

C:\VIRUS\BABKI.EXE

C:\VIRUS\LIVE4608\G0LD\1505534.TMP

C:\VIRUS\PWHO495\1207308349[1].EXE

C:\VIRUS\RUDKGSSK.EXE

C:\VIRUS\TIFS\1207703520[1].EXE

C:\VIRUS\VBOX--4908\118490.TMP

C:\VIRUS\VBOX--4908\BABKINEPAXNUT.EXE

C:\WINDOWS\INSTALLER\{D2AD16E3-FA3A-4C0B-9B24-22018764CC8B}\ZIP.DLL

Adware.E404 Helper/Variant-A

C:\VIRUS\215651\215651.DLL

C:\VIRUS\624855\624855.DLL

C:\VIRUS\SDFERW[1].HTM

Trojan.Downloader-WNSET/N

C:\VIRUS\2267877664.EXE

C:\VIRUS\VBOX--4908\2468093456.EXE

Trojan.Unknown Origin

C:\VIRUS\8.TMP

C:\VIRUS\ACPUW.EXE

C:\VIRUS\B138.EXE

C:\VIRUS\CC.LN

C:\VIRUS\HYTCI.EXE

C:\VIRUS\INST250[1].EXE

C:\VIRUS\IRTM[1].EXE

C:\VIRUS\KIS[1].EXE

C:\VIRUS\LGHT.LN

C:\VIRUS\MSNF.LN

C:\VIRUS\NTPL.BIN

C:\VIRUS\SBMF.LN

C:\VIRUS\PRYX.LN

C:\VIRUS\PSSB498.EXE

C:\VIRUS\PSSB502.EXE

C:\VIRUS\PWHO495\INST250[1].EXE

C:\VIRUS\PWHO495\PINCH2[1].EXE

C:\VIRUS\PWHO495\PWHO469.EXE

C:\VIRUS\PWHO495\PWHO476.EXE

C:\VIRUS\RAESWXXO[1].HTM

C:\VIRUS\RWHUCV.EXE

C:\VIRUS\TOR[1].EXE

C:\VIRUS\VBOX--4908\22.TMP

C:\VIRUS\VBOX--4908\75302.EXE

C:\VIRUS\VBOX--4908\B.TMP

C:\VIRUS\VBOX--4908\D.TMP

C:\VIRUS\VBOX--4908\INST250[1].EXE

C:\VIRUS\VBOX--4908\LOAD3.EXE

C:\VIRUS\VBOX--4908\PINCH2[1].EXE

C:\VIRUS\VBOX--4908\WINZL1[1].EXE

C:\VIRUS\VBOX--4908\ZEQBQWP.SYS

C:\VIRUS\VBOX--4908\ZLOI[1].EXE

C:\VIRUS\VESP486\VESP469.EXE

C:\VIRUS\WXEBXBO.EXE

C:\VIRUS\ZEQBQWP.SYS

C:\VIRUS\ZLOI[1].EXE

Adware.Dropper/BHAREBIO

C:\VIRUS\BHAREBIO01\BHAREBIO011065.EXE

Trojan.Unclassifed/A3-Dropper

C:\VIRUS\A34-TMPAOI.EXE

C:\VIRUS\TIFS\DRV32[1].DATA

Trojan.Unclassified/A3-Tmp

C:\VIRUS\A45-TMP.EXE

Trojan.Unclassified/Multi-Dropper (Packed)

C:\VIRUS\ABBCT[1].HTM

C:\VIRUS\HGFQNUXA.EXE

C:\VIRUS\VBOX--4908\WPUFQPWT\AXCZENQT.EXE

Trojan.Phake

C:\VIRUS\APCSVRA.DLL

C:\VIRUS\APCSVRA.EXE

Adware.Quantic/TargetedAds

C:\VIRUS\ATGBAN.DLL

Rootkit.TNCore-Variant/A

C:\VIRUS\ATINXBXXX.SYS

Adware.Vundo-Variant

C:\VIRUS\AWTUUVPG.DLL

C:\VIRUS\HGGAYAYR.DLL

C:\VIRUS\JKKBUTJC.DLL

C:\VIRUS\OPNNNLJG.DLL

C:\VIRUS\VBOX--4908\BYXUTUV.DLL

C:\VIRUS\VBOX--4908\QOMEBTQI.DLL

C:\VIRUS\VTUKLLLK.DLL

C:\VIRUS\XXYWXPFU.DLL

C:\VIRUS\YAYYWONM.DLL

Trojan.Downloader-Gen/Installer

C:\VIRUS\B104.EXE

Trojan.Downloader-Gen/Bundle Installer

C:\VIRUS\B116.EXE

C:\VIRUS\B153.EXE

C:\VIRUS\B155.EXE

C:\VIRUS\B156.EXE

Trojan.FakeAlert-Gen/Variant

C:\VIRUS\BAOOHY.DLL

C:\VIRUS\RKVDR.DLL

Trojan.Unclassified/Twain_32-Fake

C:\VIRUS\BIO2.EXE

C:\VIRUS\MGSVFLKW.EXE

Bugs! Screensaver

C:\VIRUS\BLACKSTER.SCR

Adware.Vundo-Variant/H

C:\VIRUS\BYXRKHBS.DLL

C:\VIRUS\DDCCVNDS.DLL

C:\VIRUS\DDCYOPHX.DLL

C:\VIRUS\JKKKBCRR.DLL

C:\VIRUS\LJJATMCV.DLL

C:\VIRUS\TUVSKIAX.DLL

C:\VIRUS\TUVVOIAR.DLL

C:\VIRUS\WVULIGDE.DLL

Trojan.Dropper/Gen-PHP

C:\VIRUS\COUNT[1].PHP

C:\VIRUS\EXE[1].PHP

C:\VIRUS\LOAD1.PHP

C:\VIRUS\LOAD2.PHP

C:\VIRUS\LOAD3.PHP

Trojan.Unclassified/Cryper

C:\VIRUS\CRYPER.DLL

Trojan.Downloader-CSRSS/Fake

C:\VIRUS\CSRSS.EXE

Trojan.Csrssc/Systemc-A

C:\VIRUS\CSRSSC.EXE

C:\VIRUS\VBOX--4908\CSRSSC.EXE

Trojan.Unclassified/CTFMONA

C:\VIRUS\CTFMONA.EXE

Trojan.Downloader-Gen/NVidia-Fake

C:\VIRUS\DLLNVRSMA

Rogue.Files-Secure/Installer

C:\VIRUS\DSAIP32B.DLL

C:\VIRUS\PWHO495\4408-2\KIASYS.DLL

Adware.Adservs

C:\VIRUS\EXTMP\BMV35GUI.EXE

Trojan.Unclassified/FileXXX-Suspicious

C:\VIRUS\FILE645.EXE

C:\VIRUS\VBOX--4908\FILE768.EXE

Trojan.Downloader-AgentDQ

C:\VIRUS\FIXMAPI.DLL

Trojan.JointMediaGroup-Component

C:\VIRUS\IVWWNF[1].HTM

Trojan.Unclassified/Network-Fake

C:\VIRUS\HEAD2.EXE

C:\VIRUS\TMPB.TMP

Trojan.DNSChanger-Codec

C:\VIRUS\HEROCODEC1176[1].EXE

C:\VIRUS\IXCODEC1176[1].EXE

C:\VIRUS\JETCODEC4531.EXE

Rootkit.TNCore-Installer

C:\VIRUS\IDE2\MDLLCOM2.EXE

Trojan.Downloader-Gen/IEUPD

C:\VIRUS\IEUPDR2.EXE

Trojan.Unclassified/IEXPiOre

C:\VIRUS\IEXPIORE.EXE

Trojan.Unclassified/SCInst-WL

C:\VIRUS\JELKRATOF.SYS

C:\VIRUS\PKJELGNAP.NLS

Trojan.Net-Kavir

C:\VIRUS\KAVIR.EXE

Trojan.Unclassified/MXKB

C:\VIRUS\KBVXXO.EXE

C:\VIRUS\MXUXC.EXE

Adware.Vundo Variant

C:\VIRUS\KOIRGUU.DLL

C:\VIRUS\ZDJ.DLL

Trojan.Downloader-Gen/Update-Suspicious

C:\VIRUS\KRAB[1].EXE

C:\VIRUS\PSSB491.EXE

C:\VIRUS\PWHO495\KRAB[1].EXE

C:\VIRUS\VBOX--4908\KRAB[1].EXE

Rogue.Multi-Dropper/Installer

C:\VIRUS\LFN.EXE

C:\VIRUS\WMSDKNS.EXE

Trojan.Backdoor-SVSHost

C:\VIRUS\LIVE4608\G0LD\2\SVCHOST.EXE

C:\VIRUS\LIVE4608\G0LD\WININET.EXE

Trojan.Downloader-SVCHost/Fake

C:\VIRUS\LIVE4608\G0LD\8\SVCHOST.EXE

Trojan.Unclassified/MSSRV32

C:\VIRUS\LIVE4608\G0LD\MSSRV32.EXE

Rootkit.DProt

C:\VIRUS\LIVE4608\GOLDDIVXRS

Trojan.MediaTubeCodec

C:\VIRUS\MEDIATUBECODEC[1].EXE

Trojan.Downloader-Gen/MROFIN

C:\VIRUS\MROFINU1000106.EXE

C:\VIRUS\MROFINU1535.EXE

C:\VIRUS\MROFINU27.EXE

C:\VIRUS\MROFINU572.EXE

C:\VIRUS\MROFINU572.EXE.TMP

C:\VIRUS\VBOX--4908\MROFINU27.EXE

C:\VIRUS\VBOX--4908\MROFINU27.EXE.TMP

Trojan.Multi-Dropper/Gen

C:\VIRUS\NPQTSRAK.EXE

C:\VIRUS\RTQMEKWG.EXE

Trojan.Unclassified/BrowserDriver

C:\VIRUS\PINZ1\CEGMGR76.EXE

C:\VIRUS\RWWNW64D.EXE

Trojan.Unclassified/CmdUtil

C:\VIRUS\PROCACT.DLL

Rootkit.BraviaX-Installer

C:\VIRUS\PWHO495\4408-2\A0008097.SYS

Trojan.Unclassified/IExplorer-Fake

C:\VIRUS\PWHO495\4408-2\IEXPIORE.EXE

Trojan.Unclassified/BloothTooth-Fake/B

C:\VIRUS\PWHO495\LIN.EXE

Adware.SellBuyTraff

C:\VIRUS\PWHO495\ORDER384145.EXE

Trojan.Unclassified/AffiliateBundle

C:\VIRUS\QOMDBUNF.DLL

Trojan.Unclassified/CSRSS-Fake

C:\VIRUS\RBILHPZZ.EXE

C:\VIRUS\VBOX--4908\11[1].EXE

C:\VIRUS\VBOX--4908\C.EXE

Rootkit.Filter-Gen

C:\VIRUS\SENT-DRIVERS

Trojan.Unclassified/SRVInfo

C:\VIRUS\STRADMSMART.DLL

C:\VIRUS\UISRV.DLL

Trojan.VXGame-Gen

C:\VIRUS\V4XD6.GAM5E

C:\VIRUS\V6XDT4.GAME

C:\VIRUS\VBOX--4908\V4XD3.GA2ME

C:\VIRUS\VBOX--4908\V4XD6.GAM5E

C:\VIRUS\VBOX--4908\V5XD4.GA2ME

C:\VIRUS\VBOX--4908\V6XDT4.GAME

C:\VIRUS\VBOX--4908\VX1DT1.GAME

C:\VIRUS\VBOX--4908\VX1DT3.GAME

C:\VIRUS\VBOX--4908\VX3DT2.GAME

Trojan.Unclassified/Users32

C:\VIRUS\USERS32.DAT

Trojan.Dropper/Gen-NV

C:\VIRUS\WIDUXNGQ.SYS

C:\VIRUS\XTNSHT.EXE

Trojan.VXGame-Variant/B

C:\VIRUS\V5XD2.G3AME

C:\VIRUS\VBOX--4908\V5XD2.G3AME

Trojan.Unclassified/CUSGI

C:\VIRUS\VBOX--4908\32DF.TMP

Trojan.Unclassified/AutoEX

C:\VIRUS\VBOX--4908\AUTOEX.DLL

Trojan.Downloader-Gen/IE_Updater

C:\VIRUS\VBOX--4908\IE_UPDATES3R.EXE

C:\VIRUS\VESP486\IE_UPDATES3R.EXE

Trojan.Unclassified/CFTMon-Fake

C:\VIRUS\VBOX--4908\CFTMON.EXE

Trojan.Unclassified/Sompotam

C:\VIRUS\VBOX--4908\DSXMM.DLL

Rootkit.QTPlugin

C:\VIRUS\VBOX--4908\HDPORT.SYS

C:\VIRUS\VBOX--4908\QTPLUGIN.EXE

C:\VIRUS\VBOX--4908\QTPROT.SYS

Dialer.Dial/Gen Variant

C:\VIRUS\VBOX--4908\MAXPAYNOWTI.GAME

Trojan.Downloader-Gen

C:\VIRUS\VBOX--4908\ISECURITY.CPL

Trojan.VXGame-Variant/C

C:\VIRUS\VBOX--4908\MAXPAYNOW.GAME

Adware.VideoAccessCodec/Gen

C:\VIRUS\VBOX--4908\QDNKEWFA.DLL

Trojan.Unclassified/WinSelf

C:\VIRUS\VBOX--4908\SYSTIME

C:\VIRUS\VBOX--4908\WINSELF.EXE

C:\VIRUS\WINSELF.EXE

Trojan.Unclassified/WCAV-Gen

C:\VIRUS\VBOX--4908\WCAV463.EXE

C:\VIRUS\VBOX--4908\WCAV469.EXE

C:\VIRUS\VBOX--4908\WCAV486.EXE

C:\VIRUS\VBOX--4908\WCAV498.EXE

C:\VIRUS\VBOX--4908\WCAV499.EXE

C:\VIRUS\VBOX--4908\WCAV500.EXE

C:\VIRUS\WCAV282.EXE

C:\VIRUS\WCAV463.EXE

C:\VIRUS\WCAV469.EXE

C:\VIRUS\WCAV486.EXE

C:\VIRUS\WCAV512.EXE

Trojan.Downloader-Gen/WinLogan-A

C:\VIRUS\VBOX--4908\WINLOGAN.EXE

Rogue.Unclassified/Mutli-Installer

C:\VIRUS\VESP486\60325CAHP25CAN.EXE

C:\VIRUS\VESP486\60325CAHP25CAR.EXE

Trojan.Downloader-Gen/Win

C:\VIRUS\VESP486\INSTALL[1]\ALT[1].EXE

Trojan.Net-SvHoster

C:\VIRUS\VESP486\SVHOST.EXE

Trojan.Unclassified/Partnership-Dropper

C:\VIRUS\VESP486\VESP472.EXE

Trojan.Unclassified/WHCSTD32

C:\VIRUS\WHCSTD32.DLL

Trojan.Downloader-Winlogon/FAS

C:\VIRUS\WINLOGON.EXE

Adware.Yazzle-Installer

C:\VIRUS\YAZZSNET.EXE

Rogue.MultiComponents/Trace

C:\WINDOWS\INSTALLER\{6A9593C3-A96F-406A-BCD6-5A547A09B58E}\ALRTSYS.DLL

Trojan.Unclassified/BhoApp

C:\WINDOWS\SYSTEM32\PAPDFIM.DLL

C:\WINDOWS\SYSTEM32\TUPDFIM.DLL

Share this post


Link to post
Share on other sites

Hey sarahw

Delete your previous version of SDFix

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer into Safe Mode by doing the following:

• Restart your computer

• After pressing the power button, repeatedly tap the F8 key.

• Instead of Windows loading as normal, the Advanced Options Menu should appear;

• Select the first option, to run Windows in Safe Mode, then press Enter.

• Choose the administrator's account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.

• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

• Press any Key and it will restart the PC.

• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

• Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum)

• Finally paste the contents of the Report.txt here.

Best Regards :D

Share this post


Link to post
Share on other sites

SDFix: Version 1.230

Run by Administrator on 2008-10-02 at 01:54

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Restoring Missing SharedAccess Service

Rebooting

Checking Files :

Trojan Files Found:

C:\A1.TMP - Deleted

C:\A2.TMP - Deleted

C:\A3.TMP - Deleted

C:\A4.TMP - Deleted

C:\AB.TMP - Deleted

C:\AF.TMP - Deleted

C:\Documents and Settings\All Users\Documents\Settings\partnership.dll - Deleted

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe - Deleted

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe - Deleted

C:\WINDOWS\shell.exe - Deleted

C:\WINDOWS\system32\printer.exe - Deleted

C:\WINDOWS\system32\spoolvs.exe - Deleted

Folder C:\Documents and Settings\All Users\Documents\Settings - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-02 02:03:30

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\Family Computer\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Family Computer\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\Family Computer\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Family Computer\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\Administrator\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Administrator\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\Family Computer\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Family Computer\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\Family Computer\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Family Computer\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\Administrator\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Administrator\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 11 Apr 2008 37,888 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005308.exe"

Fri 11 Apr 2008 37,888 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005310.exe"

Fri 11 Apr 2008 22,016 A.SH. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005339.dll"

Thu 10 Apr 2008 15,505 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005367.exe"

Thu 3 Apr 2008 46,080 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005577.exe"

Thu 3 Apr 2008 47,104 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005578.exe"

Thu 3 Apr 2008 35,840 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005581.exe"

Thu 3 Apr 2008 35,840 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005586.exe"

Wed 9 Apr 2008 30,208 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005600.exe"

Wed 9 Apr 2008 15,505 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005608.exe"

Mon 29 Sep 2008 19,174 ..SHR --- "C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll"

Mon 29 Sep 2008 23,118 ..SHR --- "C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll"

Finished!

Share this post


Link to post
Share on other sites

Hey sarahw

Please boot into safe mode and run Combo-Fix.exe from there once more. Post the ComboFix log here.

After that, try doing a scan with SuperAntispyware in safe mode again. If it still doesn't work, do it in normal mode. Post the log here.

Best Regards :D

Edited by cdavfrew

Share this post


Link to post
Share on other sites

Hi,

I feel that we are going in circles with the same stuff. Can't we actually fix it instead of running programs?

Share this post


Link to post
Share on other sites

Hey sarahw

Please note that running programs is what will fix this problem. To fix it manually will take a long time.

Just do this one more step: run SuperAntispyware in safe mode again, and then post the log here. It seems that some of the malware still remains stuck on your computer, and I need to know which. This will allow for the most thorough cleanup of your computer, instead of directly fixing using online scanners and such.

Best Regards :D

Edited by cdavfrew

Share this post


Link to post
Share on other sites

Hi,

What does it mean: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!?

Here are the Combofix and SAS logs in Safe Mode:

ComboFix 08-09-28.03 - Administrator 2008-10-04 16:33:39.10 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.854 [GMT -7:00]

Running from: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe

C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\findfast.exe

C:\WINDOWS\shell.exe

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\spoolvs.exe

.

((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))

.

2008-10-02 01:51 . 2008-10-02 01:51 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-30 23:47 . 2008-09-30 23:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\SUPERAntiSpyware.com

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-09-30 23:23 . 2008-09-30 23:23 319,488 --a------ C:\WINDOWS\drxinstp.exe

2008-09-30 21:02 . 2008-10-02 02:04 <DIR> d-------- C:\SDFix

2008-09-29 08:25 . 2008-09-29 08:25 29 --a------ C:\WINDOWS\system32\teytgohg.tmp

2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\WINDOWS\Cache

2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\Program Files\MSN Messenger

2008-09-29 08:01 . 2008-09-29 08:02 491,520 --a------ C:\WINDOWS\msado15.dll

2008-09-29 08:00 . 2008-09-29 08:00 152,920 --a------ C:\WINDOWS\system32\vghd.scr

2008-09-29 07:58 . 2008-09-29 08:02 <DIR> d-------- C:\Program Files\vghd

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\pointgo

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\Al Roker Vs. Star Jones Boxing

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\vghd

2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\WINDOWS\system32\iDlo07

2008-09-29 07:56 . 2008-09-30 23:19 <DIR> d-------- C:\Temp

2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\Program Files\OINAnalytics

2008-09-29 07:56 . 2008-09-29 07:56 13,312 --a------ C:\WINDOWS\system32\tupdfim.dll

2008-09-29 07:56 . 2008-09-29 07:56 13,312 --a------ C:\WINDOWS\system32\papdfim.dll

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\QuickTime

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iTunes

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iPod

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Bonjour

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Apple Computer

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-29 07:41 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll

2008-09-29 07:41 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Program Files\Apple Software Update

2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-09-29 07:39 . 2008-10-02 02:16 <DIR> d-------- C:\Program Files\FlashGet

2008-09-28 01:49 . 2008-09-28 01:49 <DIR> d-------- C:\Program Files\Matrix-ks

2008-09-28 01:38 . 2008-09-28 01:38 <DIR> d-------- C:\_OTMoveIt

2008-09-20 23:35 . 2008-09-30 23:20 <DIR> d-------- C:\Documents and Settings\Family Computer

2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\WINDOWS\1367

2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\Program Files\MWGuide

2008-09-14 17:32 . 2008-09-29 08:00 415 --a------ C:\DelPI.bat

2008-09-07 13:02 . 2008-10-02 01:48 <DIR> d-------- C:\Documents and Settings\Administrator

2008-09-07 12:44 . 2008-09-07 12:47 <DIR> d-------- C:\rsit

2008-09-07 12:44 . 2008-09-07 12:45 <DIR> d-------- C:\Program Files\trend micro

2008-09-07 07:05 . 2008-09-07 07:05 153,404 --a------ C:\WINDOWS\system32\g15.exe

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-09-05 08:48 . 2008-09-05 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-15 00:35 --------- d-----w C:\Program Files\InCtrl5

2008-08-31 07:53 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe

2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe

2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

2008-08-29 05:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe

2008-08-25 02:19 --------- d-----w C:\Program Files\NOS

2008-08-24 08:21 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-08-24 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS

2008-08-24 08:20 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-20 13:35 --------- d-----w C:\Program Files\Google

2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

.

((((((((((((((((((((((((((((( [email protected]_ 7.51.57.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-29 15:02:10 10,138 ----a-w C:\WINDOWS\1367\sub.dat

+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-10-02 08:51:39 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-10-02 08:51:39 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-10-02 08:51:34 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-10-02 08:51:34 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-09-29 15:24:59 19,174 --sh--r C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll

+ 2008-10-01 06:37:57 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-10-01 06:37:57 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2008-09-29 15:25:34 23,118 --sh--r C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll

+ 2001-08-28 21:00:00 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys

+ 2008-02-24 07:47:48 32,768 ----a-w C:\WINDOWS\system32\iDlo07\iDlo071084.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SMSERIALWORKERSTARTER"="C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe" [2008-02-17 26112]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\

VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-09-29 11875648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\FlashGet\\flashget.exe"=

S1 b7a36ed3;b7a36ed3;C:\WINDOWS\system32\drivers\b7a36ed3.sys [ ]

S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]

.

Contents of the 'Scheduled Tasks' folder

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-04 16:34:55

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-10-04 16:36:04

ComboFix-quarantined-files.txt 2008-10-04 23:36:01

ComboFix2.txt 2008-10-01 06:25:41

ComboFix3.txt 2008-09-29 14:53:16

Pre-Run: 75,455,602,688 bytes free

Post-Run: 75,457,363,968 bytes free

152 --- E O F --- 2008-09-19 02:52:21

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/04/2008 at 04:45 PM

Application Version : 4.21.1004

Core Rules Database Version : 3555

Trace Rules Database Version: 1543

Scan type : Quick Scan

Total Scan Time : 00:08:11

Memory items scanned : 152

Memory threats detected : 0

Registry items scanned : 250

Registry threats detected : 15

File items scanned : 2831

File threats detected : 31

Adware.Tracking Cookie

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt

C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt

Adware.ClickSpring/Yazzle

HKCR\YazzleSudokuGame

HKCR\YazzleSudokuGame\DefaultIcon

HKCR\YazzleSudokuGame\shell

HKCR\YazzleSudokuGame\shell\Open

HKCR\YazzleSudokuGame\shell\Open\command

HKLM\Software\Yazzle Sudoku

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku#UninstallString

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\SNOWBALLWARSINSTALLER.EXE

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\SUDOKUINSTALLER.EXE

Trojan.SecurityCenter/Fake

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\BACKUPS\BACKUP-20080930-203259-995.DLL

Trojan.Downloader-FuP/TMP

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\23.TMP

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\9.TMP

Trojan.Malware

C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDER\MW_INSTALL.EXE

Trojan.Unclassified/Loader-Service

C:\WINDOWS\INSTALLER\{D2AD16E3-FA3A-4C0B-9B24-22018764CC8B}\ZIP.DLL

Share this post


Link to post
Share on other sites

Wonderful. I have all the information I need. There are still a few malware files remaining on your computer, and Malwarebytes will fix them. I will answer all your questions later.

It seems that you used to have Malwarebytes. If you have already uninstalled it, please follow the instructions regarding downloading and installing it..

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.

• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

• If an update is found, it will download and install the latest version.

• Once the program has loaded, select Perform full scan, then click Scan.

• When the scan is complete, click OK, then Show Results to view the results.

• Be sure that everything is checked, and click Remove Selected. << Do Not Forget This!!

• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

• Please post contents of that file in your next reply.

Best Regards :D

PS: Sorry if I'm dragging this too long... I just wanted to be sure of the malware's behavior. As for installing the recovery console, I didn't think that was necessary.

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.28

Database version: 1227

Windows 5.1.2600 Service Pack 2

2008-10-05 08:19:45

mbam-log-2008-10-05 (08-19-45).txt

Scan type: Full Scan (C:\|)

Objects scanned: 51230

Time elapsed: 12 minute(s), 39 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 395

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\Family Computer\ftpdll.dll.vir (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\Family Computer\Application Data\printer.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\Family Computer\Start Menu\Programs\Startup\findfast.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\LocalService\ftpdll.dll.vir (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\tmp0.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\tmp1.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\tmp2.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\tmp3.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\9129837.exe.vir (Spyware.Papras) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\new_drv.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\shell.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\awtqooOG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\bjgpiiab.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\blphc7ocj0en5t.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\cjpniv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\printer.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\sdgrhuwu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\usgfbxrx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\vuhnsuof.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\wind32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\xtdxqhoc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ftpdll.dll.vir (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\geBtTMec.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ivyjjoiq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ixidrheu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\jarplatb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\jugqevxg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\lekifewh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\marwin32.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\nyqupthp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\opeinkgy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\b7a36ed3.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0000009.dll (Trojan.Qhost) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002004.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002009.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002010.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002018.cpl (Rouge.ISecurity) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002020.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0003039.cpl (Rouge.ISecurity) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005085.exe (Spyware.Papras) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005088.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005092.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005095.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005096.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005097.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005098.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005099.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005110.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005111.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005113.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005114.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005116.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005117.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005118.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005119.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005121.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005130.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005139.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-1.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-2.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-3.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-4.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-5.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-6.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005232.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005233.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005235.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005240.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005241.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005242.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005243.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005250.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005251.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005252.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005257.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005258.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005259.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005265.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005266.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005783.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005784.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005785.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005786.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005787.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005788.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005272.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005286.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005297.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005299.exe (Adware.PurityScan) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005301.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005302.exe (Proxy.Xorpix) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005231.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005249.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005303.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005321.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005339.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005393.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005411.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005429.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005447.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005465.exe (Worm.Socks) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005483.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005305.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005308.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005309.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005310.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005315.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005319.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005320.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005322.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005323.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005325.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005327.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005329.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005333.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005334.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005336.dll (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005337.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005338.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005340.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005341.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005343.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005344.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005345.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005346.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005347.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005348.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005349.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005350.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005351.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005352.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005353.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005354.scr (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005355.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005356.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005358.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005359.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005362.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005363.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005365.dll (Spyware.Delf) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005366.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005367.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005368.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005371.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005372.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005373.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005374.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005376.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005381.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005383.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005385.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005387.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005394.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005395.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005397.exe (Backdoor.PcClient) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005398.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005401.exe (Spyware.Papras) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005402.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005404.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005406.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005407.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005410.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005412.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005413.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005414.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005417.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005419.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005422.exe (Worm.Socks) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005424.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005425.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005427.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005431.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005432.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005434.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005436.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005439.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005440.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005442.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005444.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005451.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005452.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005453.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005454.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005455.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005456.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005457.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005458.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005459.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005460.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005461.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005464.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005466.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005468.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005473.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005475.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005477.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005481.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005482.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005485.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005488.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005489.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005490.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005491.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005492.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005494.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005495.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005496.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005497.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005498.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005499.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005503.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005509.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005512.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005514.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005522.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005523.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005526.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005527.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005529.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005530.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005531.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005532.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005537.exe (Proxy.Xorpix) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005539.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005540.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005541.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005542.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005544.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005547.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005549.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005551.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005553.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005555.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005556.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005558.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005560.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005561.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005562.exe (Adware.PurityScan) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005563.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005564.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005565.dll (Adware.PurityScan) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005566.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005567.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005568.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005569.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005574.exe (Adware.Trafficsol) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005575.exe (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005576.exe (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005577.exe (Spyware.Banker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005582.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005587.dll (Spyware.Finanz) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005588.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005591.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005593.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005597.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005602.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005603.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005604.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005609.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005610.dll (Spyware.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005612.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005613.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005614.sys (Rootkit.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005617.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005618.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005620.cpl (Rogue.ISecurity) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005621.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005625.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005627.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005628.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005630.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005632.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005635.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005637.sys (Rootkit.Spambot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005638.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005639.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005640.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005645.exe (Proxy.Xorpix) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005647.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005648.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005650.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005653.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005654.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005656.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005657.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005658.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005660.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005661.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005664.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005665.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005667.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005668.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005672.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005674.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005677.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005678.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005679.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005682.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005683.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005684.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005687.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005692.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005693.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005695.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005697.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005699.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005704.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005707.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005710.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005715.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005716.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005717.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005722.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005726.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005731.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005733.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005735.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005736.cpl (Rouge.ISecurity) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005737.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005738.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005740.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005741.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005743.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005744.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005745.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005746.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005747.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005748.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005751.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005752.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005753.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005754.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005755.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005756.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005757.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005759.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005764.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005828.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005829.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005830.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005831.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005536.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005554.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005608.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005644.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005662.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005732.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005750.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005778.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005836.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005837.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005838.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005842.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005843.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005844.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005845.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005852.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005853.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005891.dll (Rouge.ISecurity) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

Hey sarahw

First, I want you to enable the viewing of hidden files.

• Click Start.

• Open My Computer.

• Select the Tools menu and click Folder Options.

• Select the View Tab.

• Under the Hidden files and folders heading select Show hidden files and folders.

• Uncheck the Hide protected operating system files (recommended) option.

• Click Yes to confirm.

• Click OK.

Next, please disable all security programs, such as antiviruses, antispywares, and firewalls.

Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

File::
C:\WINDOWS\system32\tupdfim.dll
C:\WINDOWS\system32\papdfim.dll
C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe
C:\WINDOWS\system32\teytgohg.tmp
C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIALWORKERSTARTER"=-

Save this as CFScript.txt in the same folder as ComboFix.

Then drag the CFScript.txt into Combo-Fix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

After that, please locate the following files:

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\b7a36ed3.sys
C:\WINDOWS\system32\iDlo07\iDlo071084.exe
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

Upload each of these files to VirusTotal.com, and post the results here.

Also post a fresh HijackThis log.

Any more problems with your computer?

Best Regards :D

Share this post


Link to post
Share on other sites

ComboFix 08-09-27.06 - Family Computer 2008-10-05 15:03:31.11 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.734 [GMT -7:00]

Running from: C:\Documents and Settings\Family Computer\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Family Computer\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe

C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll

C:\WINDOWS\system32\papdfim.dll

C:\WINDOWS\system32\teytgohg.tmp

C:\WINDOWS\system32\tupdfim.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe

C:\WINDOWS\system32\papdfim.dll

C:\WINDOWS\system32\teytgohg.tmp

C:\WINDOWS\system32\tupdfim.dll

.

((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))

.

2008-10-04 17:45 . 2008-10-04 17:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-04 17:45 . 2008-10-04 17:45 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Malwarebytes

2008-10-04 17:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-04 17:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-04 16:33 . 2008-10-04 16:36 <DIR> d-------- C:\Combo-Fix

2008-10-02 01:51 . 2008-10-02 01:51 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-30 23:47 . 2008-09-30 23:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\SUPERAntiSpyware.com

2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-09-30 23:23 . 2008-09-30 23:23 319,488 --a------ C:\WINDOWS\drxinstp.exe

2008-09-30 21:02 . 2008-10-02 02:04 <DIR> d-------- C:\SDFix

2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\WINDOWS\Cache

2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\Program Files\MSN Messenger

2008-09-29 08:01 . 2008-09-29 08:02 491,520 --a------ C:\WINDOWS\msado15.dll

2008-09-29 08:00 . 2008-09-29 08:00 152,920 --a------ C:\WINDOWS\system32\vghd.scr

2008-09-29 07:58 . 2008-09-29 08:02 <DIR> d-------- C:\Program Files\vghd

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\pointgo

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\Al Roker Vs. Star Jones Boxing

2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\vghd

2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\WINDOWS\system32\iDlo07

2008-09-29 07:56 . 2008-09-30 23:19 <DIR> d-------- C:\Temp

2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\Program Files\OINAnalytics

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\QuickTime

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iTunes

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iPod

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Bonjour

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Apple Computer

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-29 07:41 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll

2008-09-29 07:41 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Program Files\Apple Software Update

2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-09-29 07:39 . 2008-10-05 11:30 <DIR> d-------- C:\Program Files\FlashGet

2008-09-28 01:49 . 2008-09-28 01:49 <DIR> d-------- C:\Program Files\Matrix-ks

2008-09-28 01:38 . 2008-09-28 01:38 <DIR> d-------- C:\_OTMoveIt

2008-09-20 23:35 . 2008-09-30 23:20 <DIR> d-------- C:\Documents and Settings\Family Computer

2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\WINDOWS\1367

2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\Program Files\MWGuide

2008-09-14 17:32 . 2008-09-29 08:00 415 --a------ C:\DelPI.bat

2008-09-07 13:02 . 2008-10-02 01:48 <DIR> d-------- C:\Documents and Settings\Administrator

2008-09-07 12:44 . 2008-09-07 12:47 <DIR> d-------- C:\rsit

2008-09-07 12:44 . 2008-09-07 12:45 <DIR> d-------- C:\Program Files\trend micro

2008-09-07 07:05 . 2008-09-07 07:05 153,404 --a------ C:\WINDOWS\system32\g15.exe

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-09-05 08:48 . 2008-09-05 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-15 00:35 --------- d-----w C:\Program Files\InCtrl5

2008-08-31 07:53 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe

2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe

2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

2008-08-29 05:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe

2008-08-25 02:19 --------- d-----w C:\Program Files\NOS

2008-08-24 08:21 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-08-24 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS

2008-08-24 08:20 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-20 13:35 --------- d-----w C:\Program Files\Google

2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

.

((((((((((((((((((((((((((((( [email protected]_ 7.51.57.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-29 15:02:10 10,138 ----a-w C:\WINDOWS\1367\sub.dat

+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-10-02 08:51:39 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-10-02 08:51:39 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-10-02 08:51:34 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-10-02 08:51:34 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-09-29 15:24:59 19,174 --sh--r C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll

+ 2008-10-01 06:37:57 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-10-01 06:37:57 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2001-08-28 21:00:00 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys

+ 2008-02-24 07:47:48 32,768 ----a-w C:\WINDOWS\system32\iDlo07\iDlo071084.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"MWGuide"="C:\Program Files\MWGuide\MWGuide.exe" [2007-04-17 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\

VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-09-29 11875648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\FlashGet\\flashget.exe"=

S1 b7a36ed3;b7a36ed3;C:\WINDOWS\system32\drivers\b7a36ed3.sys [ ]

S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]

.

Contents of the 'Scheduled Tasks' folder

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-05 15:04:26

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2008-10-05 15:06:07

ComboFix-quarantined-files.txt 2008-10-05 22:05:05

ComboFix2.txt 2008-10-04 23:36:05

ComboFix3.txt 2008-10-01 06:25:41

ComboFix4.txt 2008-09-29 14:53:16

Pre-Run: 75,398,590,464 bytes free

Post-Run: 75,404,148,736 bytes free

158 --- E O F --- 2008-09-19 02:52:21

Share this post


Link to post
Share on other sites

I cannot access Virustotal on this machine.

But here are the results:

iDlo071084.exe

[ scan result ]

AhnLab-V3 2008.10.3.2/20081003 found nothing

AntiVir 7.8.1.34/20081004 found [TR/Dldr.VB.ceh]

Authentium 5.1.0.4/20081004 found [W32/Downldr2.BIIB]

Avast 4.8.1248.0/20081004 found [Win32:VB-HMZ]

AVG 8.0.0.161/20081004 found [Downloader.Generic6.AKTI]

BitDefender 7.2/20081005 found [Trojan.Generic.132631]

CAT-QuickHeal 9.50/20081004 found [TrojanDownloader.VB.cgu]

ClamAV 0.93.1/20081004 found nothing

DrWeb 4.44.0.09170/20081005 found [Trojan.DownLoader.24715]

eSafe 7.0.17.0/20081002 found [Win32.VB.ceh]

eTrust-Vet 31.6.6129/20081004 found [Win32/VMalum.CCNX]

Ewido 4.0/20081004 found [Downloader.VB.ceh]

F-Prot 4.4.4.56/20081004 found [W32/Downldr2.BIIB]

F-Secure 8.0.14332.0/20081005 found [Trojan-Downloader.Win32.VB.ceh]

Fortinet 3.113.0.0/20081004 found nothing

GData 19/20081005 found [Trojan.Generic.132631]

Ikarus T3.1.1.34.0/20081005 found [Trojan-Downloader.Win32.VB.ceh]

K7AntiVirus 7.10.484/20081004 found [Trojan-Downloader.Win32.VB.ceh]

Kaspersky 7.0.0.125/20081005 found [Trojan-Downloader.Win32.VB.ceh]

McAfee 5398/20081004 found [Generic Downloader.s]

Microsoft 1.4005/20081005 found [TrojanDownloader:Win32/VB.AAF]

NOD32 3495/20081004 found [a variant of Win32/TrojanDownloader.VB.AWJ]

Norman 5.80.02/20081003 found [W32/DLoader.HPLF]

Panda 9.0.0.4/20081004 found [Trj/Downloader.PLF]

PCTools 4.4.2.0/20081004 found [Trojan.DL.VB.DZTL]

Prevx1 V2/20081005 found nothing

Rising 20.63.62.00/20080928 found [Trojan.Win32.VB.fuj]

SecureWeb-Gateway 6.7.6/20081005 found [Trojan.Dldr.VB.ceh]

Sophos 4.34.0/20081004 found [Mal/Generic-A]

Sunbelt 3.1.1675.1/20080927 found [Trojan-Downloader.VB.ceh]

Symantec 10/20081005 found [Downloader]

TheHacker 6.3.1.0.101/20081004 found nothing

TrendMicro 8.700.0.1004/20081003 found nothing

VBA32 3.12.8.6/20081004 found [Trojan-Downloader.Win32.VB.ceh]

ViRobot 2008.10.4.1406/20081004 found [Trojan.Win32.Downloader.32768.BZ]

VirusBuster 4.5.11.0/20081004 found [Trojan.DL.VB.DZTL]

IconCDDCBBF15.exe

[ scan result ]

AhnLab-V3 2008.10.3.2/20081003 found nothing

AntiVir 7.8.1.34/20081004 found nothing

Authentium 5.1.0.4/20081004 found nothing

Avast 4.8.1248.0/20081004 found nothing

AVG 8.0.0.161/20081004 found nothing

BitDefender 7.2/20081005 found nothing

CAT-QuickHeal 9.50/20081004 found nothing

ClamAV 0.93.1/20081004 found nothing

DrWeb 4.44.0.09170/20081005 found nothing

eSafe 7.0.17.0/20081002 found nothing

eTrust-Vet 31.6.6129/20081004 found nothing

Ewido 4.0/20081004 found nothing

F-Prot 4.4.4.56/20081004 found nothing

F-Secure 8.0.14332.0/20081005 found nothing

Fortinet 3.113.0.0/20081004 found nothing

GData 19/20081005 found nothing

Ikarus T3.1.1.34.0/20081005 found nothing

K7AntiVirus 7.10.484/20081004 found nothing

Kaspersky 7.0.0.125/20081005 found nothing

McAfee 5398/20081004 found nothing

Microsoft 1.4005/20081005 found nothing

NOD32 3495/20081004 found nothing

Norman 5.80.02/20081003 found nothing

Panda 9.0.0.4/20081004 found nothing

PCTools 4.4.2.0/20081004 found nothing

Prevx1 V2/20081005 found nothing

Rising 20.63.62.00/20080928 found nothing

SecureWeb-Gateway 6.7.6/20081005 found nothing

Sophos 4.34.0/20081004 found nothing

Sunbelt 3.1.1668.1/20080924 found nothing

Symantec 10/20081005 found nothing

TheHacker 6.3.1.0.101/20081004 found nothing

TrendMicro 8.700.0.1004/20081003 found nothing

VBA32 3.12.8.6/20081004 found nothing

ViRobot 2008.10.4.1406/20081004 found nothing

VirusBuster 4.5.11.0/20081004 found nothing

IconCDDCBBF13.exe

[ scan result ]

AhnLab-V3 2008.10.3.2/20081003 found nothing

AntiVir 7.8.1.34/20081004 found nothing

Authentium 5.1.0.4/20081004 found nothing

Avast 4.8.1248.0/20081004 found nothing

AVG 8.0.0.161/20081004 found nothing

BitDefender 7.2/20081005 found nothing

CAT-QuickHeal 9.50/20081004 found nothing

ClamAV 0.93.1/20081004 found nothing

DrWeb 4.44.0.09170/20081005 found nothing

eSafe 7.0.17.0/20081002 found nothing

eTrust-Vet 31.6.6129/20081004 found nothing

Ewido 4.0/20081004 found nothing

F-Prot 4.4.4.56/20081004 found nothing

F-Secure 8.0.14332.0/20081005 found nothing

Fortinet 3.113.0.0/20081004 found nothing

GData 19/20081005 found nothing

Ikarus T3.1.1.34.0/20081005 found nothing

K7AntiVirus 7.10.484/20081004 found nothing

Kaspersky 7.0.0.125/20081005 found nothing

McAfee 5398/20081004 found nothing

Microsoft 1.4005/20081005 found nothing

NOD32 3495/20081004 found nothing

Norman 5.80.02/20081003 found nothing

Panda 9.0.0.4/20081004 found nothing

PCTools 4.4.2.0/20081004 found nothing

Prevx1 V2/20081005 found nothing

Rising 20.63.62.00/20080928 found nothing

SecureWeb-Gateway 6.7.6/20081005 found nothing

Sophos 4.34.0/20081004 found nothing

Sunbelt 3.1.1668.1/20080924 found nothing

Symantec 10/20081005 found nothing

TheHacker 6.3.1.0.101/20081004 found nothing

TrendMicro 8.700.0.1004/20081003 found nothing

VBA32 3.12.8.6/20081004 found nothing

ViRobot 2008.10.4.1406/20081004 found nothing

VirusBuster 4.5.11.0/20081004 found nothing

I'm still waiting for the results on beep.sys

The others didn't exist

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now