Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Desktop @ all, and Can't right click or bring up Task Manager [

Started by ksanmamaril , Oct 13 2007 03:51 AM

  • This topic is locked This topic is locked

#31
ksanmamaril
Posted 20 October 2007 - 12:21 AM

ksanmamaril

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here is the Virus file submission:

File djqfhsn.dll received on 10.20.2007 08:16:06 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.10.20.0 2007.10.19 -
AntiVir 7.6.0.27 2007.10.19 TR/Crypt.Morphine.Gen
Authentium 4.93.8 2007.10.19 -
Avast 4.7.1051.0 2007.10.19 Win32:BHO-HU
AVG 7.5.0.488 2007.10.19 BHO.BIS
BitDefender 7.2 2007.10.20 -
CAT-QuickHeal 9.00 2007.10.19 -
ClamAV 0.91.2 2007.10.17 -
DrWeb 4.44.0.09170 2007.10.19 Trojan.PWS.Tanspy.775
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.19 -
FileAdvisor 1 2007.10.20 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.19 -
F-Secure 6.70.13030.0 2007.10.19 W32/BHO.QG
Ikarus T3.1.1.12 2007.10.20 Trojan.Win32.StartPage.bag
Kaspersky 7.0.0.125 2007.10.20 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.20 Trojan:Win32/Agent.ADH
NOD32v2 2604 2007.10.19 -
Norman 5.80.02 2007.10.19 W32/BHO.QG
Panda 9.0.0.4 2007.10.19 Trj/Cimuz.HC
Prevx1 V2 2007.10.20 -
Rising 19.45.50.00 2007.10.20 -
Sophos 4.22.0 2007.10.19 -
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.20 -
TheHacker 6.2.9.100 2007.10.19 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.19 -
Webwasher-Gateway 6.6.1 2007.10.19 Trojan.Crypt.Morphine.Gen

Additional information
File size: 104447 bytes
MD5: 041cd6dc52f86d0aeed00f8f566c1aaa
SHA1: 7fe3a15f58077ed49336dd4b88d17253d4423aa0
packers: Morphine, UPX
packers: Morphine


============================================================

and here is the look.bat file I created:


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

============================================================

I will paste the Kapersky results as soon as it finishes.
  • 0

Advertisements

#32
ksanmamaril
Posted 20 October 2007 - 04:05 AM

ksanmamaril

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
And here is the Kapersky Online Scan Results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 20, 2007 3:02:58 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/10/2007
Kaspersky Anti-Virus database records: 441382
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan Statistics:
Total number of scanned objects: 689563
Number of viruses found: 36
Number of infected objects: 648
Number of suspicious objects: 4
Duration of the scan process: 02:48:03

Infected Object Name / Virus Name / Last Action
C:\!KillBox\natimxl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dq skipped
C:\!KillBox\rjlgcxcg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\!KillBox\vcbyourp.dll Infected: Trojan.Win32.BHO.hj skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e9195496f0b92ff8bcf4b_31e9e7ba-5727-4e48-915f-1d92a416de0f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\489ee8c848e21e0929344511a718aa39_31e9e7ba-5727-4e48-915f-1d92a416de0f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hsperfdata_HP_Owner\5568 Object is locked skipped
C:\Documents and Settings\Kent\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Kent\Application Data\Opera\Opera\mail\indexer\indexer_64.dat Object is locked skipped
C:\Documents and Settings\Kent\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Kent\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\Kent\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kent\Desktop\Installers\profileeditorfree.exe/WISE0049.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Kent\Desktop\Installers\profileeditorfree.exe/WISE0050.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\Kent\Desktop\Installers\profileeditorfree.exe/WISE0052.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped
C:\Documents and Settings\Kent\Desktop\Installers\profileeditorfree.exe/WISE0053.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped
C:\Documents and Settings\Kent\Desktop\Installers\profileeditorfree.exe WiseSFX: infected - 4 skipped
C:\Documents and Settings\Kent\Desktop\Installers\profileeditorfree.exe WiseSFX Dropper: infected - 4 skipped
C:\Documents and Settings\Kent\Incomplete\T-282926-_better version_ missing instrumental mary 25.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Kent\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Kent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kent\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kent\Local Settings\History\History.IE5\MSHist012007101920071020\index.dat Object is locked skipped
C:\Documents and Settings\Kent\Local Settings\Temp\hsperfdata_Kent\668 Object is locked skipped
C:\Documents and Settings\Kent\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kent\ntuser.dat Object is locked skipped
C:\Documents and Settings\Kent\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kent\Shared\01 Track 1 (christina).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Kent\Shared\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Kent\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Kent\Shared\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
C:\Documents and Settings\Kent\Shared\FallenAngles presents mandobongo 56.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Kent\Shared\missing instrumental mary 17.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DAP\History\Administrator\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\History\HP_Owner\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\Updates\UpdateList.xml Object is locked skipped
C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe WiseSFX: infected - 1 skipped
C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP154\A0062607.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP154\A0062616.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0063629.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP156\A0066695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP157\A0066726.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP158\A0066825.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP158\A0066836.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP158\A0066867.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067893.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067894.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067899.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067902.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067903.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067906.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067912.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067916.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067918.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067919.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067966.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP159\A0067978.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP160\A0068076.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP160\A0068094.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP160\A0068108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP160\A0068129.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP160\A0069129.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069144.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069145.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069152.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069156.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069159.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069160.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069170.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069173.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069178.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP161\A0069181.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP163\A0069512.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP167\A0069891.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP172\A0074898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP172\A0075899.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP173\A0075918.dll Infected: Trojan.Win32.BHO.gy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP173\A0075920.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP173\A0075921.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP173\A0076072.dll Infected: Trojan-Dropper.Win32.Agent.bxm skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP173\A0076073.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP173\A0076476.dll Infected: Trojan-Dropper.Win32.Agent.bxm skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP173\A0076503.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP173\A0076633.sys Infected: Rootkit.Win32.Agent.iy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP174\A0077120.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP174\A0077169.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP174\A0077172.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP175\A0077216.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP175\A0077217.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP176\A0078230.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP176\A0078231.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP176\A0078246.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP177\A0079267.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP177\A0079268.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP177\A0079283.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP178\A0080307.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP178\A0080308.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP178\A0080323.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP180\A0080351.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP180\A0080352.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP180\A0080367.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP181\A0083567.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP181\A0083568.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP181\A0083569.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP181\A0083570.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084586.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084588.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084590.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084613.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084615.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084622.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084623.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084628.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084629.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084651.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084675.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084676.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084688.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084692.dll Infected: not-a-virus:AdWare.Win32.BHO.hw skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084693.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084695.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084735.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084736.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084775.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084776.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084789.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084790.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084875.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0084877.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088467.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088469.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088472.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088475.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088480.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088485.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088488.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088491.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088495.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088496.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088497.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088500.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088504.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088505.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088515.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088516.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088517.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088518.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088522.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088523.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088524.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088525.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088528.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088529.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088531.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088532.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088534.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088536.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088540.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088541.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088542.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088549.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088554.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088558.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088560.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088563.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088564.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088565.dll Infected: not-a-virus:AdWare.Win32.BHO.gp skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088567.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088571.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088572.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088574.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088576.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088577.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088579.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088581.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088582.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088584.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088590.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088592.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088593.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088595.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088597.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088599.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088600.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088601.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088602.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088604.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088606.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088608.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088610.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088611.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088612.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088615.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088616.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088617.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088622.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088623.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088625.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088630.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088632.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088634.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088637.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088641.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088644.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088651.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088654.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088656.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088658.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088667.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088668.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088669.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088670.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088671.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088672.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088676.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088678.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088680.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088681.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088686.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088687.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088689.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088691.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088692.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088699.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088700.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088702.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088703.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088705.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088706.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088707.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088709.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088710.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088712.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088725.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088730.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088738.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088740.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088742.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088743.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088744.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088748.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088752.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088755.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088756.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088759.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088760.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088763.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088765.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088767.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088768.dll Infected: Trojan-Spy.Win32.VBStat.j skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088774.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088775.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088776.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088779.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088780.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088781.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088783.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088785.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088787.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088788.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088789.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088791.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088793.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088797.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088798.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088800.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088806.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088813.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088814.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088815.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088817.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088822.dll Infected: Trojan.Win32.BHO.hj skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088825.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088828.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088829.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088830.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088835.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088843.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088847.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088853.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088855.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088860.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088862.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088864.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088865.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088866.dll Infected: not-a-virus:AdWare.Win32.BHO.hg skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088868.dll Infected: not-a-virus:AdWare.Win32.BHO.gp skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088870.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088872.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088875.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088876.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088878.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088879.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088883.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088887.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088891.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088892.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0088900.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dq skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0090985.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0090986.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0090988.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0090991.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0090994.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0090995.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0090997.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091000.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091001.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091004.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091005.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091007.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091011.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091012.dll Infected: Trojan.Win32.BHO.gy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091013.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091014.dll Infected: Trojan.Win32.BHO.gy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091015.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091016.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091017.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091020.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091021.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091024.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091025.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091026.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091027.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091029.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091031.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091033.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091035.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091036.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091038.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091041.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091043.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091046.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091047.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091051.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091053.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091057.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091063.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091064.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091065.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091069.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091071.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091072.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091074.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091075.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091077.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091079.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091081.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091083.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091084.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091085.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091086.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091087.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091090.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091091.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091093.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091096.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091097.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091099.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091101.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091102.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091106.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091107.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091110.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091111.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091113.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091115.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP182\A0091118.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}&
  • 0

#33
kahdah
Posted 20 October 2007 - 10:31 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Documents and Settings\Kent\Desktop\Installers\profileeditorfree.exe
C:\Documents and Settings\Kent\Incomplete\T-282926-_better version_ missing instrumental mary 25.wma 
C:\Documents and Settings\Kent\Shared\01 Track 1 (christina).wma 
C:\Documents and Settings\Kent\Shared\02 Track 2.wma
C:\Documents and Settings\Kent\Shared\06 Track 6.wma
C:\Documents and Settings\Kent\Shared\07 Track 7.wma
C:\Documents and Settings\Kent\Shared\FallenAngles presents mandobongo 56.wma
C:\Documents and Settings\Kent\Shared\missing instrumental mary 17.wma
C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe
C:\WINDOWS\system32\djqfhsn.dll
C:\WINDOWS\system32\drivers\wcassojb.sys
C:\WINDOWS\system32\guoicais.exe 
C:\WINDOWS\system32\dnqnepfw.exe 
C:\WINDOWS\system32\jfwrxtrg.exe 
C:\WINDOWS\system32\xbpaoyop.exe 
C:\WINDOWS\system32\yhcvvvim.exe 
C:\WINDOWS\system32\ipv6monl.dll 

Registry keys to delete:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0329530-48D1-4AD6-AAB6-E90338C13212}"
"HKEY_CLASSES_ROOT\CLSID\{D0329530-48D1-4AD6-AAB6-E90338C13212}"


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
3. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.
==============================
After that please run Deckards System Scanner again and post those logs as well as the Avenger log.
  • 0

#34
ksanmamaril
Posted 22 October 2007 - 03:28 AM

ksanmamaril

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hey Kahdah, here are the recent logs:


here is the avenger text:


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\CLSID\{D0329530-48D1-4AD6-AAB6-E90338C13212}


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tmxbwovj

*******************

Script file located at: \??\C:\Program Files\smsbydmx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Kent\Desktop\Installers\profileeditorfree.exe deleted successfully.
File C:\Documents and Settings\Kent\Incomplete\T-282926-_better version_ missing instrumental mary 25.wma deleted successfully.
File C:\Documents and Settings\Kent\Shared\01 Track 1 (christina).wma deleted successfully.
File C:\Documents and Settings\Kent\Shared\02 Track 2.wma deleted successfully.
File C:\Documents and Settings\Kent\Shared\06 Track 6.wma deleted successfully.
File C:\Documents and Settings\Kent\Shared\07 Track 7.wma deleted successfully.
File C:\Documents and Settings\Kent\Shared\FallenAngles presents mandobongo 56.wma deleted successfully.
File C:\Documents and Settings\Kent\Shared\missing instrumental mary 17.wma deleted successfully.
File C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe deleted successfully.


Could not open file C:\WINDOWS\system32\djqfhsn.dll for deletion
Deletion of file C:\WINDOWS\system32\djqfhsn.dll failed!

Could not process line:
C:\WINDOWS\system32\djqfhsn.dll
Status: 0xc0000022



File C:\WINDOWS\system32\drivers\wcassojb.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\wcassojb.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\wcassojb.sys
Status: 0xc0000034

File C:\WINDOWS\system32\guoicais.exe deleted successfully.


File C:\WINDOWS\system32\dnqnepfw.exe not found!
Deletion of file C:\WINDOWS\system32\dnqnepfw.exe failed!

Could not process line:
C:\WINDOWS\system32\dnqnepfw.exe
Status: 0xc0000034



File C:\WINDOWS\system32\jfwrxtrg.exe not found!
Deletion of file C:\WINDOWS\system32\jfwrxtrg.exe failed!

Could not process line:
C:\WINDOWS\system32\jfwrxtrg.exe
Status: 0xc0000034



File C:\WINDOWS\system32\xbpaoyop.exe not found!
Deletion of file C:\WINDOWS\system32\xbpaoyop.exe failed!

Could not process line:
C:\WINDOWS\system32\xbpaoyop.exe
Status: 0xc0000034



File C:\WINDOWS\system32\yhcvvvim.exe not found!
Deletion of file C:\WINDOWS\system32\yhcvvvim.exe failed!

Could not process line:
C:\WINDOWS\system32\yhcvvvim.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ipv6monl.dll not found!
Deletion of file C:\WINDOWS\system32\ipv6monl.dll failed!

Could not process line:
C:\WINDOWS\system32\ipv6monl.dll
Status: 0xc0000034



Could not open registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0329530-48D1-4AD6-AAB6-E90338C13212} for deletion
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0329530-48D1-4AD6-AAB6-E90338C13212} failed!
Status: 0xc0000022


Completed script processing.

*******************

Finished! Terminate.

=============================================================

and here is the Main.txt for the DSS.exe:

ram Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"THGuard"="C:\Program Files\TrojanHunter 4.5\THGuard.exe"
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HostManager"=C:\Program Files\Common Files\AOL\1128563132\ee\AOLSoftware.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"msci"=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\2006621212256_mcinfo.exe /insfin
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
"DeadAIM"=rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
"PrintDrive"=rundll32.exe "C:\WINDOWS\system32\svlesekg.dll",setvm
"GPLv3"=rundll32.exe "C:\WINDOWS\system32\acpbapku.dll",realset
"SecurityUpdate"=rundll32.exe C:\WINDOWS\system32\pjditur.dll,TurnOn2
"j6221430"=rundll32 C:\WINDOWS\system32\j6221430.dll sook
"SearchIndexer"=rundll32.exe "C:\WINDOWS\system32\tihcnhpr.dll",sitypnow
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
AutoRun\command- P:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-10-22 02:22:20 ------------


============================================================

Thanks for sticking around this long :)
  • 0

#35
kahdah
Posted 22 October 2007 - 07:09 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I'm not going anywhere. :)

Please open up Notepad and copy and paste the following code box in it starting with @echo off
@ECHO OFF
IF EXIST logit.txt Del logit.txt
ECHO Working .....
Reg Query "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall" /s >> Logit.txt
Reg Query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall" /s >> Logit.txt
Reg Query "HKCU\Software\Policies" /s >> Logit.txt
Reg Query "HKLM\SOFTWARE\Policies" /s >> Logit.txt
Reg Query "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Policies" /s >> logit.txt
Reg Query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Policies" /s >> logit.txt
Reg Query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /s >> logit.txt
Reg Query "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /s >> logit.txt
Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s >> logit.txt
Start logit.txt
Save this as Look2.bat,choose to save as *all files and place it on your desktop.
Doubleclick on it and notepad should open.

This log will be big so you can attach it.
====================================
After that Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish".
    You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Paste in these lines in the white boxes:
{D0329530-48D1-4AD6-AAB6-E90338C13212}
djqfhsn.dll

Then click ok and it will run and produce another log for you.
========================================
Please post back with these logs:
New Hijackthis
Look2.bat log
Registry search log

Edited by kahdah, 22 October 2007 - 07:42 PM.

  • 0

#36
ksanmamaril
Posted 23 October 2007 - 01:30 PM

ksanmamaril

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
For the registry search, do I put both objects in both boxes? or both of them on jus tthe top box?
  • 0

#37
kahdah
Posted 23 October 2007 - 01:34 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
One lin in each box.
  • 0

#38
ksanmamaril
Posted 23 October 2007 - 01:55 PM

ksanmamaril

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here is the RegSearch txt::::

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 10/23/2007 12:30:52 PM for strings:
; '{d0329530-48d1-4ad6-aab6-e90338c13212}'
; 'djqfhsn.dll'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0329530-48D1-4AD6-AAB6-E90338C13212}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0329530-48D1-4AD6-AAB6-E90338C13212}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0329530-48D1-4AD6-AAB6-E90338C13212}\InprocServer32]
@="C:\\WINDOWS\\system32\\djqfhsn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0329530-48D1-4AD6-AAB6-E90338C13212}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0329530-48D1-4AD6-AAB6-E90338C13212}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0329530-48D1-4AD6-AAB6-E90338C13212}\iexplore]

; End Of The Log...

=============================================================

And here is the New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:49 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Kent\Desktop\regsearch\regsearch.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\fixthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/itunes/download/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E80EA04-3EBA-40E2-B1C1-58D119F6518a} - C:\WINDOWS\system32\ksqsoelb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54E6D360-DCF8-4E50-92C9-8792126D2864} - C:\WINDOWS\system32\ksqsoelb.dll (file missing)
O2 - BHO: (no name) - {6B8ADCEE-02B2-475A-803C-F3ADF8B773F8} - C:\WINDOWS\system32\ksqsoelb.dll (file missing)
O2 - BHO: (no name) - {74F932E6-C714-4D49-83DA-C48F9FD61A76} - C:\WINDOWS\system32\fbiugbyy.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A91DB785-7D93-42AE-AC4C-E6F0BD0CA45D} - C:\WINDOWS\AppPatch\natimxl.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {D023390D-0F52-4437-B2FF-58561E3368A5} - C:\WINDOWS\system32\ksqsoelb.dll (file missing)
O2 - BHO: (no name) - {D0329530-48D1-4AD6-AAB6-E90338C13212} - C:\WINDOWS\system32\djqfhsn.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://titanium.full...cweb/awswax.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.ritea...PhotoOnline.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://mainstreet.f...perSetupSP1.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Remote Procedure Call (RPC) Se (RPCSEO) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://www.google.com/
O24 - Desktop Component 1: MySpace - http://www.myspace.com/

--
End of file - 10184 bytes


=============================================================

and I have just attached the Look2.bat txt you wanted me to do:
Thanks

Attached Files


  • 0

#39
kahdah
Posted 23 October 2007 - 06:49 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please reopen Hijackthis and place a check mark next to these entries below:

O2 - BHO: (no name) - {3E80EA04-3EBA-40E2-B1C1-58D119F6518a} - C:\WINDOWS\system32\ksqsoelb.dll (file missing)
O2 - BHO: (no name) - {54E6D360-DCF8-4E50-92C9-8792126D2864} - C:\WINDOWS\system32\ksqsoelb.dll (file missing)
O2 - BHO: (no name) - {6B8ADCEE-02B2-475A-803C-F3ADF8B773F8} - C:\WINDOWS\system32\ksqsoelb.dll (file missing)
O2 - BHO: (no name) - {74F932E6-C714-4D49-83DA-C48F9FD61A76} - C:\WINDOWS\system32\fbiugbyy.dll (file missing)
O2 - BHO: (no name) - {A91DB785-7D93-42AE-AC4C-E6F0BD0CA45D} - C:\WINDOWS\AppPatch\natimxl.dll (file missing)
O2 - BHO: (no name) - {D0329530-48D1-4AD6-AAB6-E90338C13212} - C:\WINDOWS\system32\djqfhsn.dll


Now click on Fix Checked and then close Hijackthis.
=============================
Next we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.
=====================================
Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.bfu.
Save it in the same folder you made earlier (c:\BFU)
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{D0329530-48D1-4AD6-AAB6-E90338C13212}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0329530-48D1-4AD6-AAB6-E90338C13212}
RegDeleteKey HKCR\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0329530-48D1-4AD6-AAB6-E90338C13212}

OptionUnloadShell
DllUnregister %SYSDIR%\djqfhsn.dll
FileDelete %SYSDIR%\djqfhsn.dll
===============================
Please disconnect from the Internet.

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select fixthis.bfu
  • Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
After reboot please post a new Hijackthis log.
  • 0

#40
kahdah
Posted 03 November 2007 - 10:22 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

#41
kahdah
Posted 03 November 2007 - 02:05 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Topic re-opened at the user's request.
  • 0

#42
ksanmamaril
Posted 04 November 2007 - 11:26 PM

ksanmamaril

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here is the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:38 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/itunes/download/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {D023390D-0F52-4437-B2FF-58561E3368A5} - C:\WINDOWS\system32\ksqsoelb.dll (file missing)
O2 - BHO: (no name) - {D0329530-48D1-4AD6-AAB6-E90338C13212} - C:\WINDOWS\system32\djqfhsn.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://titanium.full...cweb/awswax.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.ritea...PhotoOnline.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://mainstreet.f...perSetupSP1.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Remote Procedure Call (RPC) Se (RPCSEO) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.google.com/
O24 - Desktop Component 1: MySpace - http://www.myspace.com/

--
End of file - 9615 bytes



============================================================

Thanks again for reopening the post.
  • 0

#43
kahdah
Posted 05 November 2007 - 04:16 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

  • 0

#44
ksanmamaril
Posted 05 November 2007 - 12:50 PM

ksanmamaril

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
do u need me to post anything after the scan is finished?
  • 0

#45
kahdah
Posted 05 November 2007 - 12:53 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes a hijackthis log and the dr. web log please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP