Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OUTERINFO Help!

Started by teechen , Jul 31 2006 08:16 AM

  • Please log in to reply

#1
teechen
Posted 31 July 2006 - 08:16 AM

teechen

    Member

  • Member
  • PipPip
  • 12 posts
Hello, first of all, i would just like for you guys to know that this site is the greatest. I had some viruses/spyware and i used ur program links to fix it. Thank you guys so much. I am not a big computer guy so maybe someone needs to take me step through step.

My problem is that sometimes, i get these annoying pop ups by outerinfo. It use to be all the time, but when i downloaded ur programs such as CleanUp and Ad-Aware SE, it got better, meaning it was less common.

Since im kinda new to this site, i dont really know what to do, but i know that someone can help me. PLEASE HELP!!!

thanks a bunch, and i already donated to paypal.
  • 0

Advertisements

#2
Noviciate
Posted 31 July 2006 - 02:55 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download a copy of HJTsetup.exe from here and save it to your Desktop.
  • Double click HJTsetup.exe to begin installation.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the prompts from there.
  • When HJT opens, click on the Do a system scan and save a log file button.
  • When HJT has finished scanning, a window entitled "hijackthis.log" will open - when you close this window the log will be saved into the hijackthis folder.
  • Copy and paste this into your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT:
  • Click Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

  • 0

#3
teechen
Posted 31 July 2006 - 07:36 PM

teechen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi, and thank you very much for responding

Heres is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:31:44 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\THOMAS~1\MYDOCU~1\SУSTE~1\explorer.exe
C:\Documents and Settings\Thomas Chen\My Documents\?уmantec\logonui.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BCB8F79-8C21-4BF4-A687-D0D5F6104028} - C:\WINDOWS\system32\rvykpwvs.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\TBHMain.dll
O2 - BHO: (no name) - {34D435F1-1CE9-42F0-9105-2C04C7B39797} - C:\WINDOWS\system32\rvykpwvs.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\OICQ\QQIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {5FB8E1CA-5642-4490-A333-7748728C0CA8} - C:\WINDOWS\system32\rvykpwvs.dll
O2 - BHO: (no name) - {AA02B97F-77C4-036E-BC59-7B22801E18C3} - C:\WINDOWS\system32\muo.dll (file missing)
O2 - BHO: (no name) - {B9137573-EFC5-9034-B99B-E74BC66A08C3} - C:\WINDOWS\system32\mmmilmtm.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IE explorer] C:\WINDOWS\system32\IE explorer.exe
O4 - HKLM\..\Run: [á3# ?L"h't9ó?e3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R??e??Vn?DBú£ b?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [á3# ?K"h't9ó?÷3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [á3# ?è"h't9ó?T3r?3WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [R鐙e湚Vnj?蠦 b獵:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R鐙e湚Vnj?蠦 b獵C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [?? 犺"h'?訙T3r懦WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R鐙e?
?亏W?H涂Y桟:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [释耦先鵂?涤穬蔮?荟C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [ 虽P?`?噽瓠hA]抰C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Rsmt] "C:\DOCUME~1\THOMAS~1\MYDOCU~1\S§μSTE~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [Xqazfx] C:\Documents and Settings\Thomas Chen\My Documents\?§?mantec\logonui.exe
O4 - Startup: ìú??QQ.lnk
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O8 - Extra context menu item: ???QQ?? - D:\OICQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ????? - D:\OICQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - D:\OICQ\SendMMS.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\OICQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\OICQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\OICQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\OICQ\QQ.EXE
O9 - Extra 'Tools' menuitem: ¨?¨2??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\OICQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\OICQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ¨??2¨o1?è??¨??¨|¨¨?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\OICQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] QQ|ì???¤¨¤??????
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...697/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: IE explorer - IE explorer.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe






And here are my Programs








Ad-Aware SE Personal
Adobe Reader 6.0.1
Adobe? Photoshop? Album Starter Edition 3.0
AOL Instant Messenger
ArcSoft ShowBiz
Broadcom NetXtreme Ethernet Controller
CleanUp!
DeadAIM
Hijackthis 1.99.1
HijackThis 1.99.1
Intel® Extreme Graphics 2 Driver
iTunes
Java 2 Runtime Environment, SE v1.4.2
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
MEM48U
Microsoft Office XP Professional with FrontPage
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Text-to-Speech Engine 4.0 (English)
Mozilla Firefox (1.5.0.5)
MSXML 4.0 SP2 Parser and SDK
MyDVD
NJStar Communicator
Picasa 2
QQ2005 Beta2
QuickTime
Ragnarok Online
Ragnarok Sakray
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Sonic CinePlayer
Symantec AntiVirus
TaxCut 2004
TextBridge Pro Millennium
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
XviD 1.1 final uninstall
Yahoo! Internet Mail
  • 0

#4
Noviciate
Posted 01 August 2006 - 01:30 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
You may have a file, or files, on your PC that I would like to have checked.
Please go to Jotti's and click on the Browse... button at the top and navigate to the following file, if it exists, and then click on Submit:

C:\WINDOWS\system32\rvykpwvs.dll

When all the scans have been completed, please copy and paste the results into your next reply.

If this site is busy, try VirusTotal: Click the Browse ... button at the top, navigate to the file and double click it. Then click the Send button.

You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here.
* These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after you have done. *

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once i've got the results of that scan, it should be a simple task to tidy up your PC - you have a few nasties, but nothing too difficult to evict from your hard drive.
  • 0

#5
teechen
Posted 01 August 2006 - 04:25 PM

teechen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi, and thanks again for replying

Here is my virustotal scan

Complete scanning result of "rvykpwvs.dll", received in VirusTotal at 08.02.2006, 00:11:57 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 08.01.2006 ADSPY/Virtumonde.AM.82
Authentium 4.93.8 07.31.2006 no virus found
Avast 4.7.844.0 08.01.2006 Win32:Crypt-CE
BitDefender 7.2 08.01.2006 Adware.Virtumonde.AM
CAT-QuickHeal 8.00 07.31.2006 no virus found
ClamAV devel-20060426 08.01.2006 no virus found
DrWeb 4.33 08.01.2006 Trojan.Virtumod
eTrust-InoculateIT 23.72.84 08.01.2006 no virus found
eTrust-Vet 12.6.2319 08.01.2006 no virus found
Ewido 4.0 08.01.2006 Adware.Virtumonde
Fortinet 2.77.0.0 08.01.2006 suspicious
F-Prot 3.16f 07.31.2006 no virus found
F-Prot4 4.2.1.29 07.31.2006 no virus found
Ikarus 0.2.65.0 08.01.2006 no virus found
Kaspersky 4.0.2.24 08.02.2006 not-a-virus:AdWare.Win32.Virtumonde.am
McAfee 4819 08.01.2006 potentially unwanted program Adware-Virtumundo
Microsoft 1.1508 08.01.2006 no virus found
NOD32v2 1.1687 08.01.2006 no virus found
Norman 5.90.23 08.01.2006 W32/Virtumonde.HV
Panda 9.0.0.4 08.01.2006 no virus found
Sophos 4.08.0 08.01.2006 no virus found
Symantec 8.0 08.01.2006 no virus found
TheHacker 5.9.8.184 07.31.2006 no virus found
UNA 1.83 08.01.2006 no virus found
VBA32 3.11.0 08.01.2006 no virus found
VirusBuster 4.3.7:9 08.01.2006 no virus found

Aditional Information
File size: 122900 bytes
MD5: 6cdd10b6973918e723ca7c8ec3835c6c
SHA1: f1cb19786a2c056d671c057b3855d23e68f53a7c
  • 0

#6
Noviciate
Posted 01 August 2006 - 04:49 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
I'll post this in two parts as it's easier for me to do it this way. Just work through all the instructions and post accordingly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download VundoFix.exe from here and save it to your Desktop.

2) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying VundoFix will close and re-open in a minute or less - Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.*
  • Once the scan is complete, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click YES, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
* Should Vundo not re-open, reboot your PC and try again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of Ewido anti-spyware from here and save it to your Desktop.
If you already have this program installed, skip to Updating Ewido: below.

* Please note that these instructions are for the new version - Ewido anti-spyware. If you have the old version - Ewido anti-malware and it is the:
  • paid-for version - you will need to go here and obtain an updated license code before you upgrade.
  • free version - you will need to uninstall it and reboot before installing the new version.
Double click the ewido-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, Ewido anti-spyware will open.
  • Updating Ewido:

    By default Ewido is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either Ewido will update or inform you that no update was available.
  • If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed Ewido, double click ewido-signatures-full-current.exe to update it.

    Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

    Changing Recommended Actions
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close Ewido anti-spyware.

Ewido anti-spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that Ewido will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

2) You will need to know how to boot into Safe Mode.
Instructions can be found here.

3) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

4) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {0BCB8F79-8C21-4BF4-A687-D0D5F6104028} - C:\WINDOWS\system32\rvykpwvs.dll
O2 - BHO: (no name) - {34D435F1-1CE9-42F0-9105-2C04C7B39797} - C:\WINDOWS\system32\rvykpwvs.dll
O2 - BHO: (no name) - {5FB8E1CA-5642-4490-A333-7748728C0CA8} - C:\WINDOWS\system32\rvykpwvs.dll
O2 - BHO: (no name) - {AA02B97F-77C4-036E-BC59-7B22801E18C3} - C:\WINDOWS\system32\muo.dll (file missing)
O2 - BHO: (no name) - {B9137573-EFC5-9034-B99B-E74BC66A08C3} - C:\WINDOWS\system32\mmmilmtm.dll (file missing)

O4 - HKLM\..\Run: [á3# ?L"h't9ó?e3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R??e??Vn?DBú£ b?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [á3# ?K"h't9ó?÷3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [á3# ?è"h't9ó?T3r?3WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R鐙e?
?亏W?H涂Y桟:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [释耦先鵂?涤穬蔮?荟C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [ 虽P?`?噽瓠hA]抰C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKCU\..\Run: [Rsmt] "C:\DOCUME~1\THOMAS~1\MYDOCU~1\S§μSTE~1\explorer.exe" -vt ndrv
O4 - HKCU\..\Run: [Xqazfx] C:\Documents and Settings\Thomas Chen\My Documents\?§?mantec\logonui.exe

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Boot into Safe Mode.

3) Ensure that ALL open Windows / Programs / Folders are closed and then run Ewido anti-spyware.
  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that Ewido has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When Ewido has finished, it will display the message "All actions have been applied".

    Saving a report:
  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\ewido anti-spyware 4.0\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.
Close Ewido Anti-Spyware.

4) Remove any/all of the following files/folders that you can find:

Files

C:\DOCUME~1\THOMAS~1\MYDOCU~1\SУSTE~1\explorer.exe
The tilde(~) in either a file or folder name indicates that this name is longer than six characters and these have been replaced by the tilde for brevity. E.G. C:\PROGRA~1 = C:\Program Files
The first file, or folder, that uses these first six letters gets the suffix ~1, the next ~2 and so on.
Make sure that you only delete the copy of explorer.exe that is in the above folder. There are other, legitimate, files that have this name elsewhere so BE CAREFUL!

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Folders

C:\Program Files\ISTsvc
C:\Documents and Settings\Thomas Chen\My Documents\?уmantec
* This folder will have each "?" in it's name replaced by another character so you will need to be a little careful. In order to identify the right folder to delete, open each one that fits the bill and look for this file: logonui.exe. As long as there is only one folder that contains a file with this name, delete it. If there are two, or more, folders that could be the malicious one, leave them alone and get back to me.

As an example:
To delete C:\WINDOWS\system32\foldertogo
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on foldertogo and from the menu that appears, click on 'Delete'

5) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

6) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

7) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

8) Boot into Normal Mode.

Post a new HJT log, the Ewido log AND a description of how your PC is running.
  • 0

#7
teechen
Posted 01 August 2006 - 09:24 PM

teechen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi noviciate,

thanks for spending ur time with me. Unfortuantely, i have some bad news. When i downloaded Vundofix, and tried to run it, the window wouldnt pop up after i checked "run as task"

However, i did see this black box, i think its called a command prompt, and it was titled svchost or something like that. I dont know if that helps or anything, but i saw other people talking about svchost so...

Thanks again
  • 0

#8
Noviciate
Posted 02 August 2006 - 02:08 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Did you reboot the PC and try again?
  • 0

#9
teechen
Posted 02 August 2006 - 04:43 PM

teechen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i did rebott, but it still didnt work
  • 0

#10
Noviciate
Posted 02 August 2006 - 11:55 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Skip that bit for now, complete the rest of the instructions and post accordingly.
  • 0

#11
teechen
Posted 12 August 2006 - 06:29 PM

teechen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry for not being online recently.

Thanks for helping me.

I did everything u told me to however i did not find the following:

C:\DOCUME~1\THOMAS~1\MYDOCU~1\SУSTE~1\explorer.exe
C:\Program Files\ISTsvc
C:\Documents and Settings\Thomas Chen\My Documents\?уmantec

I did find the first and last folder, but it didnt not have the file you were looking for (i.e. logonui.exe)


Here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:26:38 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\Thomas Chen\Desktop\Antiviruses\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Thomas Chen\Desktop\Antiviruses\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34D435F1-1CE9-42F0-9105-2C04C7B39797} - C:\WINDOWS\system32\rvykpwvs.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\OICQ\QQIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IE explorer] C:\WINDOWS\system32\IE explorer.exe
O4 - HKLM\..\Run: [á3# ?L"h't9ó?e3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R??e??Vn?DBú£ b?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [á3# ?K"h't9ó?÷3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [á3# ?è"h't9ó?T3r?3WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [R鐙e湚Vnj?蠦 b獵:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R鐙e湚Vnj?蠦 b獵C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [?? 犺"h'?訙T3r懦WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Thomas Chen\Desktop\Antiviruses\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: ìú??QQ.lnk
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O8 - Extra context menu item: ???QQ?? - D:\OICQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ????? - D:\OICQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - D:\OICQ\SendMMS.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\OICQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\OICQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\OICQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\OICQ\QQ.EXE
O9 - Extra 'Tools' menuitem: ¨?¨2??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\OICQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\OICQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ¨??2¨o1?è??¨??¨|¨¨?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\OICQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] QQ|ì???¤¨¤??????
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...697/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll
O20 - Winlogon Notify: IE explorer - IE explorer.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Thomas Chen\Desktop\Antiviruses\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe




Here is my Ewido Scan:


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:56:46 PM 8/12/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\inst_adperform.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-299502267-115176313-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\DNS -> Adware.Shorty : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\DNS -> Adware.Shorty : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20060812-170521-758.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20060812-170522-294.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1} -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0011B921-BA06-4CB6-82A9-1061F8.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0047392F-6D26-4D4B-A4E5-DC4922.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\03A0EE9E-8AB6-437C-9ACC-8BA73E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0575342C-B51A-4065-9497-E0AC07.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0633D2D2-FB3B-4265-BEDE-A2ACC9.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\06ACA16C-886E-4298-BB3D-50DB40.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0B82EB2A-2D05-4FC7-BFF8-514BED.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0BDCA2B3-3656-4F23-AF47-B3A6DD.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\12CC76BB-428F-4B4F-B3A3-828215.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\13059739-50EF-4B88-98EC-95EAF3.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\147CFAD5-3918-4157-8032-9D7CBB.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\15DA370E-42F4-48B2-B970-D764D6.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\16D3265A-6E4C-4317-AF9B-CDDCFF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1B0E9D6D-D1F5-418A-987C-E387F6.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1BFD4894-A051-4415-A742-24B4DB.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1DA6AD5C-296F-4BDA-BE1C-7FBB14.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\212C0BF7-0E36-4692-A5EB-DE6749.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\246FA804-D1B6-48CE-83BB-EB3C49.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\24917F14-9A59-47DD-A9B9-F5A8F2.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\271AC474-2733-4105-BC94-F50776.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\27C8848E-194B-496A-A09C-4D620F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\287CA2F6-49A7-4CC4-8948-A6D06F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2ACF3EFC-F6ED-4983-AE38-7D451A.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2AD64635-4D42-4737-A34D-E7FA41.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2DA14C55-EBC6-41D2-88B4-9EA15D.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2DF1C7A2-822B-42A9-9786-A36FBF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\30D8B7F6-032D-4984-A9CA-CF9B86.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3330F339-159F-4FB6-BF5F-A549AE.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\333BCC18-1D24-4072-BEEB-1B70A0.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\33844066-3858-4BAF-B80C-6FEF12.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\36B82D22-D77B-4BEC-8AE3-8F033E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\373A0FF9-676E-4A67-9D7D-65E84F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3751D412-6200-4EDA-8606-B40E40.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\389B9750-920B-4D7D-9E92-DD3D99.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3DA19DE9-DDBB-4E4F-9BCE-BE027C.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3FC54EFC-5B69-4CE4-A338-C36B33.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\42208476-63B2-4E4B-873F-79C3F2.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\424DF2FB-0503-4201-930C-ECE724.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\42CE9410-F899-4901-89A1-BF7610.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4379B050-69CF-4817-91C8-B20520.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\44DDB942-7752-4A95-AA0B-FA7114.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\46C6ABBE-F0B5-4F78-9151-CF2172.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4E31C74D-580C-4F19-B40D-A4945D.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4F344431-1CDE-4FD5-B803-839485.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4F64EE71-00FE-48F5-8E1C-4931CD.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\55A30BFA-169A-40D1-B849-DEC75D.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\59B29D51-6301-44F2-B5CD-0AF5BE.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\59C0B18D-D690-4849-BB39-51E20F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5A3C74C6-C501-465C-BBE7-19A563.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5ABCA2D3-47F6-4E80-BBA5-C30040.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5AFC3F9E-D59B-4F62-B43D-88B947.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5C1A20B3-A3B2-4E37-BCD2-5FAF46.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5CEDBD08-AD9D-44FF-AB5D-DB5148.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5D8B8A92-0042-44BA-AEE5-13105E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5E4B6A4B-FA87-457A-8064-2BD5EC.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5E8B93E9-0002-41E2-8971-BA97EF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6194802D-B618-4A2B-A553-F3E214.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\643D41D7-2BA0-4D62-BE28-98119F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\658E62EF-9797-49D1-92DE-08D60E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6698C2BB-2FEA-4116-A8A0-D45A59.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\66A2A191-87A8-4983-A51F-E42FC0.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\686C6D46-A8F0-4E19-BC47-E4C5E6.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6ABD90FC-6F52-4ED3-8E7D-56BDDB.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6C272EF3-7152-43FF-AA10-9C64A0.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6D0A3004-C686-4508-A9D8-751C61.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6D81D4EA-C731-458D-B517-698877.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6DC1CE92-AD42-4FAE-B885-8E964B.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6F4AC22C-192D-47C3-BE25-5D9EEE.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6FEA2A58-03A0-43E9-992E-CEF2B2.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\782906CA-EA54-42A3-9399-E1362D.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7B71A303-91A3-4C21-9476-332531.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7BB0D7C2-4DD3-43B0-B711-5655C6.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7C5B4C07-7A38-4007-A165-C3EDAB.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7CBFC42E-747E-4C33-9D00-83571B.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7D36A73B-314F-4D3C-ABBE-572B53.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7DD55F7D-F152-4C39-929C-3AEC7F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7ED0AAB1-7FB4-43F9-884C-4E504D.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\80A0AC28-1609-4451-B9C0-02A2B2.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8126A570-A162-40C2-98FF-6AF82E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8159852B-9ED7-44D5-9799-8A2253.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\81FF7FA2-F9A4-4188-8CAC-689F40.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\85BFBF8C-0343-4AFA-9BA2-ACE353.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8791FCC8-75A1-4AE2-97D5-2685D1.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8AD8917A-C8C3-4F15-98EC-561D52.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8C2029B4-5376-482D-AF02-8B1974.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8D1D2AA8-5A81-4E5E-A7F5-A7340C.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8EDD0698-A195-475F-9C69-A4EDFA.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\902BE533-A9D1-46AC-9882-F68AFE.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\93621DCB-204E-40C4-B9C9-10D3A2.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\939BB936-990D-488E-B744-13FCAC.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\95BAE542-C35C-437E-971B-D3E702.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\95C003B9-9B5E-4BEE-A598-B623FF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\965BAA8B-4D32-4707-B1FF-FAFEA2.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\96860D57-1BDD-4E41-891D-C4169C.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\971430AC-D082-42CF-9547-2DE74D.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\982CAB76-3A42-4793-88D1-7A4C81.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9A7BF1A0-55B6-47CB-B6DB-2DDB6E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9C879BCC-1750-499D-B4E7-E97C60.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9D332814-2B74-40D5-B1EA-CAFAE2.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9EB4B975-87C0-4D77-A962-3A90BC.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9FF91C51-1B69-4428-B056-0BD0DD.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A12C6CD6-11B8-4D13-A268-2A0BDF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A2C2824F-961C-4A6E-B393-D35F29.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A3588F04-B8B3-4EF5-A1E6-474455.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A4250CD0-AD89-4F10-9E45-AA5134.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A45F9894-862C-4A1A-912C-837065.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A6A35D31-76FA-4B2F-9A1A-2B3123.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A71D0979-F6E6-45BE-A296-529E51.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A94E485B-0A72-4EB1-9EBA-7D9F83.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A977581E-5499-4E6A-A126-EF6093.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\AD1428FD-8B96-4D14-ACAA-7AA26C.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\AEAD0C16-8BC6-4D4D-83E2-6850C4.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\AF784CD1-F4AE-4A9A-B02E-C44989.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B33DF66F-273E-4004-929A-6FDC7D.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B4747F80-514B-4C74-8A95-3FAC97.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B4E99947-F85C-4914-A062-0F73E6.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B5D20FA8-1096-4488-9953-65F418.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B7D611D8-414C-4DDD-B934-8DF041.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B8E3C242-A2B9-448E-9040-5F90B6.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BC2B78C9-F1D9-4937-9D02-233E0E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BD3008E0-3345-472B-B615-C1E9A2.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BFCAEB25-339B-4F94-BDFC-936E94.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C0DA37F9-A68F-4D7C-B65A-969683.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C0F53B82-3C24-4FF6-8C3A-3C5B7D.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C11B7F76-8A41-4528-B71E-C235A3.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C2655EBA-4509-45BE-A43D-574205.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C7BB4E61-62AB-4749-AA0A-02D74C.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C923DA95-A262-40F8-B1F1-B9BED7.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C9C10C47-064D-4639-9107-DED299.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\CC9782DB-2DA0-4500-908D-DD3B3A.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\CD047179-9DDE-4AC3-B69F-F9FEE5.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D0262D4B-CA14-4F7D-81A8-D87BBD.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D03FE514-A20F-404B-9490-4FAE2A.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D15D0671-A048-4A0E-B463-CD3DB7.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D281A8E5-4F54-431F-BB17-17CC56.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D2B96772-FBB6-403A-9F6D-36142F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D2D39065-CE79-4B97-BE21-F14FFB.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D5072F24-D6C4-4E6B-B14A-6CDC5F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D72B1483-9E0C-44ED-BF63-9F6676.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D821BA4F-5C96-43C6-841C-8E5B62.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DA195708-C241-4B37-9D7D-2F56D5.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DAB4D148-D92F-423A-ABC5-232B6B.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DC0B7708-2D0C-4206-84F9-A9A074.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DF44E981-AAC7-4F7C-8314-1CEF26.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E2873C3B-BAD4-4BE0-85AF-E44045.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E2E954AE-D233-488A-84E7-8CBC18.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E57A86E8-A0DE-437B-8634-AD33CF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E6C95E88-9026-4E6B-80D3-4E990C.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E6FB3FB5-8DB5-4B04-90D2-496CF1.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E80FD328-02A6-4468-8114-B81C8F.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E8AE8E5B-98C1-4766-8FDF-1F7A80.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E8BF5A56-693B-4F00-9F10-CC5265.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E97D4B7E-2128-4BA3-9C0C-B465DF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\EA3B5393-8722-4CE3-8F42-CD0D89.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\ECA8A6FE-2467-4E7B-9720-D56398.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\ECAC51AF-ACFF-4E6E-BC57-D4B436.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\ED0E0556-6BF9-458F-8DA7-F39B54.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\ED53CD53-28A7-43B2-A713-902DB1.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\ED54B857-D42C-46C4-8E15-E7A73E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F0BB0182-1AC9-46AF-8F54-19E634.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F281A5EA-0B20-4478-A5D2-7F45EC.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F6F2D100-8CA7-4344-97E3-8A17DF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F70C1B33-C813-492B-A887-64ABEF.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F8E77E13-D8DC-4003-9FCD-D3D15E.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F94D7C2F-8263-4560-AFF2-63B0D3.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\FA6DE537-259C-4710-8511-5EBFB3.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\FA8FCB12-1B15-4C94-8F02-6967BC.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\FDC22725-86C6-44F1-9E6F-5CE827.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\FF3FF1EB-DABF-4467-8EAD-33C6D5.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\FF9E9EC7-0E11-4D1E-B4D1-E8D7D6.asq -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\w.exe -> Downloader.Agent.aie : Cleaned with backup (quarantined).
C:\WINDOWS\system32\awtqo.dll -> Downloader.Agent.yf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aclntoay.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\agslgjtp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bcowhxdw.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bfoqjifm.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bouxuuwp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brhdqpsk.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bsmwsgre.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\btgkukpb.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cwgkeswf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\depuqaiu.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dldyjnfj.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dolwkqpp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\duehgpdu.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\elqtnrch.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\esiivrgt.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\faublktq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fkhuhhtd.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ftdelfrh.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fxnqkqjp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gdhmsugl.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\grldjmdr.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gwpmubff.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hfignsde.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hmyuwvbe.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hvregagx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\idnxvtjp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ihpdjnwh.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iwroiuht.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jdwmorgd.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jeoviscp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jnbriibo.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jomuxwcm.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kchtwlib.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kclbqcwj.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kcldnnnm.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kygdiuen.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lbwdbtdy.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lrgutjng.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nubkjxci.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nxudltxq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nykkhjfc.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\otysiofv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pfbuculc.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pjyjyydv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qhumxokq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\raqspeta.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rbkbwvfy.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rqppxtwh.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sjgkhlio.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tpkunywo.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tqhqnbyc.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ubcltini.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ubhodrnn.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vhqlldem.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vioxggmt.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vnjuyjxa.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vvthtmqt.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxbawrgt.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\weqdtxsv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wjbxbehq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\woqvhtgu.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wvvqmqnp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xadfymai.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xebsoiih.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xjtnyrrt.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xybontjj.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ysanruin.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\Documents and Settings\Thomas Chen\Shared\Free Runescape lvl 97 account.zip/Free Runescape lvl 97 account.exe -> Logger.GhostKeyLogger.b : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\6A321E7D-0B23-4005-9CB1-61D20C\2060F14C-8A0B-4C15-B7E7-D4211D -> Logger.GhostKeyLogger.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\IE explorer.exe -> Logger.SCKeyLog.k : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.384:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.462:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.600:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\wei chen\Application Data\Mozilla\Firefox\Profiles\lzk0di3m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\wei chen\Application Data\Mozilla\Firefox\Profiles\lzk0di3m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\wei chen\Application Data\Mozilla\Firefox\Profiles\lzk0di3m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\wei chen\Application Data\Mozilla\Firefox\Profiles\lzk0di3m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\wei chen\Application Data\Mozilla\Firefox\Profiles\lzk0di3m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\wei chen\Application Data\Mozilla\Firefox\Profiles\lzk0di3m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.451:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\wei chen\Application Data\Mozilla\Firefox\Profiles\lzk0di3m.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\wei chen\Application Data\Mozilla\Firefox\Profiles\lzk0di3m.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Thomas Chen\Application Data\Mozilla\Firefox\Profiles\ibgs7lzc.thomas\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\igbns356.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (q
  • 0

#12
Noviciate
Posted 13 August 2006 - 12:20 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
I've spotted what looks like another nasty that may be on your PC that I would like checked out.

Please go to Jotti's and click on the Browse... button at the top and navigate to the following file, if it exists, and then click on Submit:

C:\WINDOWS\system32\IE explorer.exe

When all the scans have been completed, please copy and paste the results into your next reply.

If this site is busy, try VirusTotal: Click the Browse ... button at the top, navigate to the file and double click it. Then click the Send button.

You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here.
* These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after you have done. *

Will you also let me know how the PC is behaving.
  • 0

#13
teechen
Posted 13 August 2006 - 07:09 PM

teechen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I couldnt find the desired file

And no outerinfo pop ups yet
  • 0

#14
Noviciate
Posted 14 August 2006 - 01:26 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
In which case that just leaves a little tidying-up to do.

1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O2 - BHO: (no name) - {34D435F1-1CE9-42F0-9105-2C04C7B39797} - C:\WINDOWS\system32\rvykpwvs.dll (file missing)

O4 - HKLM\..\Run: [IE explorer] C:\WINDOWS\system32\IE explorer.exe
O4 - HKLM\..\Run: [á3# ?L"h't9ó?e3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R??e??Vn?DBú£ b?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [á3# ?K"h't9ó?÷3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [á3# ?è"h't9ó?T3r?3WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R鐙e湚Vnj?蠦 b獵:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [R鐙e湚Vnj?蠦 b獵C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe
O4 - HKLM\..\Run: [?? 犺"h'?訙T3r懦WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gkilp.exe

O20 - Winlogon Notify: IE explorer - IE explorer.dll (file missing)

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Remove any/all of the following files/folders that you can find:

Files

C:\WINDOWS\gkilp.exe

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You are running an old version of Sun Java which needs updating:
  • Go here and click on the Download button to the right of Java Runtime Environment (JRE) 5.0 Update 8.
  • Accept the license agreement by clicking the radio button.
  • Under Windows Platform - J2SE™ Runtime Enviroment 5.0 Update 8, click the Windows Offline Installation, Multi-language link.
  • Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Enviroment and then reboot your PC.
  • Navigate to and delete the following folder, if it exists: C:\Program Files\Java.
  • Finally double click the installation file that you downloaded earlier.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As long as you have no problems with the above, I want you to run your PC as normal for a few days. When you are happy that everything is fine, do the following:

Update your anti-virus program,
Disable System Restore,
Boot into Safe Mode,
Scan your computer for viruses.
When you get the all clear, reboot into Normal Mode.
Re-enable System Restore,
Create a Restore Point.
This will give a clean Restore Point should you need it in the future.
A tutorial for System Restore is available here.

The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP