Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Adware.Virtumonde and other problems [CLOSED]


  • This topic is locked This topic is locked

#1
EvoKhmerBoy

EvoKhmerBoy

    New Member

  • Member
  • Pip
  • 8 posts
Hello, I'm new to the computer stuff and although I had this PC for a while, all of a sudden my desktop background changed to a warning. It says that I had a spyware infection: Win32\Adware.Virtumonde and Win32\PrivacyRemover.M64
I'm hoping that this will be a small issue and can be resolved easily. Heres my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:28 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\lphc3jqj0er2p.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
O4 - HKLM\..\Run: [lphc3jqj0er2p] C:\WINDOWS\system32\lphc3jqj0er2p.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8d08452c7b8c4ddab69d4a4f4892f39b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8d08452c7b8c4ddab69d4a4f4892f39b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 8078 bytes


Thank you for your time.
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello and welcome to GTG...



Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#3
EvoKhmerBoy

EvoKhmerBoy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the reply and sorry for the ever so long delay... currently I cannot connect to any specific websites including the download you have sent me and even geekstogo.com for that matter on the infected pc. please give me another option to do. By the way, I have the recovery console but for some odd reason the administrator password that I KNOW I put is incorrect and it is not incorrect spelling or caps, so im unable to use that either.
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
If you have ComboFix in your infected PC, please delete it as we will download the latest version..


Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop. You might have to transfer it from another pc via thumbdrive or cd..

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
EvoKhmerBoy

EvoKhmerBoy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:06 PM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8d08452c7b8c4ddab69d4a4f4892f39b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8d08452c7b8c4ddab69d4a4f4892f39b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 6805 bytes
  • 0

#6
EvoKhmerBoy

EvoKhmerBoy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 2

6:14:09 PM 8/28/2008
mbam-log-08-28-2008 (18-14-09).txt

Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 333760
Time elapsed: 1 hour(s), 15 minute(s), 40 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 39
Files Infected: 938

Memory Processes Infected:
C:\WINDOWS\system32\lphc3jqj0er2p.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\blphc3jqj0er2p.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3jqj0er2p (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Common Files\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\bak (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Ipwindows (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\svhost (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\Ready (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\temp (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\Upload (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Application Data\WinAntiVirus Pro 2007\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blphc3jqj0er2p.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\New Folder\bak\retadpu2000340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\New Folder\bak\retadpu72.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\0wl.tmp (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\Bu}230E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\EvV95ED.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\GVD85B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\K]lF3DF.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\NDrv.dll (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\nOA8C8A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\oQAB43.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\par910C.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\QofBF38.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\sjJ2F82.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\sys16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\T}t842D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\uECE.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\VKO67FA.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\XJ3C1B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\X17F3.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\]OXA478.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\`BO25ED.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\w942B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\HA603.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\Hp88E0.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\E4811.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\pB9208.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\w16CD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\{r25DE.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\Q99B6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\VN135F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temporary Internet Files\Content.IE5\F7Z9J2UM\bot[1].dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temporary Internet Files\Content.IE5\TVKBVXQ6\bot[1].dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\2D.tmp (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.DAD\Local Settings\Temp\jnwf47rz.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe (Adware.WebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\~tmp143 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\MBDownloader_876919.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\rsyncini.exe (Trojan.Exitwin) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\snapsnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\vx1dt1.game (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\wavesnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temporary Internet Files\Content.IE5\6FWPCXIH\kcehc_eicooc20070702[1] (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temporary Internet Files\Content.IE5\QH6VG3WT\ctxad-555[1].0000 (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\1.dllb (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mst1C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mst23.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun10.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun14.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun15.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun7.exe (Adware.WebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun8.exe (Adware.WebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\~tmp143 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\ffor\ffora.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\ffor\fforl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\ffor\fforp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\ffor\bak\fform.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\ffor\fford\fforc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Ipwindows\ipwins.dll (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\Ipwindows\ipwins.exe (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\ffcomponent.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\Save.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\browser.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\inserv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\lsass.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\pc.exe (Trojan.Lmir) -> Quarantined and deleted successfully.
C:\WINDOWS\stub_mma2.exe (Adware.Bookedspace) -> Quarantined and deleted successfully.
C:\WINDOWS\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA7P_0001_N91M0809NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA7P_0001_N91M0809NetInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\IA\asappsrv.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mst1B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\stdrun4.exe (Adware.WebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\stdrun6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mfc71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcp71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcr71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\svhost\wr-1-0000077.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\iebyterange.xml (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\iebyterange.xml.backup (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper\Magic - The Gathering - Childhood Nightmare.jpg (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Save\===.txt (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SET45.tmp (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SET66.tmp (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\^_^.txt (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Application Data\WinAntiVirus Pro 2007\avtasks.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Application Data\WinAntiVirus Pro 2007\history.db (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Application Data\WinAntiVirus Pro 2007\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Application Data\WinAntiVirus Pro 2007\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\Program Files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\Unist1.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Uninst2.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\desktop.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3jqj0er2p.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3jqj0er2p.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll (Trojan.Sinowal) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll (Trojan.Sinowal) -> Quarantined and deleted successfully.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\System32KBRunOnce2.tm_ (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System32KBRunOnce2.t__ (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\poolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\retadpu2000219.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\retadpu2000340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\retadpu572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\retadpu72.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\snapsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hi\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\Outerinfo-1281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Green\Local Settings\Temp\xrun.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\2.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\5.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\6.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\7.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\2.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\5.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\6.dllb (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\stdrun1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\stdrun3.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\stdrun5.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\stdrun8.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun11.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun13.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun16.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun5.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun6.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun9.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun3.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun5.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun8.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ma1x1dd1v.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\v3xd1.g22me (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\v4xd3.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\v5xd2.g3ame (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\v5xd4.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\v6xdt4.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\vx1dt3.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\vx3dt2.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meas\Local Settings\Temp\v4xd6.gam5e (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1091.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr125C.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1488.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr161F.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1875.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1894.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr18B4.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr18C3.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr18D3.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr18E3.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1902.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1B92.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1C5D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1C69.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1DD4.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr1EAF.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr22D5.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr25A6.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr25C5.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr25D5.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr25F4.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2603.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2613.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2632.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2642.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2652.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr26DD.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr27C9.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr27D8.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr27E6.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2817.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2836.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2846.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2855.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr28B1.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr29EB.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr29FB.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2A68.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2A97.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2AA7.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2AC6.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2AF5.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2B05.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2B24.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2B34.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2B43.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2BDF.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2BEF.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2C0E.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2C1E.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2C2E.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2C3D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2C7C.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2C8B.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2C9B.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2CB7.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2CC6.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2CE6.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2D05.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2D08.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2D24.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2D43.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2D53.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2D63.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2D72.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2DA1.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2DB1.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2E0F.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2E1E.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2E3D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2EBA.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2EBE.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2ECA.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr2FA8.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr304E.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr3064.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr3073.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr30D1.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr30E1.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr30F0.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr3100.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr3110.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr311F.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr314E.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr315E.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr316D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr317D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr318D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr31AC.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr31BB.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr31CB.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr31DB.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr31EA.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr31FA.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr320A.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner.MEAS.000\Local Settings\Temp\opr333.tmp (Heuristics.Malware) -> Quarantined and del
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok... that's look great.. Now waiting for your ComboFix log :)
  • 0

#8
EvoKhmerBoy

EvoKhmerBoy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My ComboFix log is WAY too big to put on here unfortunately... :)
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

My ComboFix log is WAY too big to put on here unfortunately... :)


Can you attach the file?.. Please refer to the picture below.. Please use Add Reply button..

At the right-end corner at below of your reply page, you will see a picture like below.. Click it for further view..

Posted Image


Browse your ComboFix log (normally at C:\combofix.txt) and press the UPLOAD button next to it.. Wait untill the uploading attachment process is completed..

Then press Add Reply
  • 0

#10
EvoKhmerBoy

EvoKhmerBoy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I tried many times now it keeps saying "You did not select a file to upload"

Edited by EvoKhmerBoy, 28 August 2008 - 10:55 PM.

  • 0

#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. upload the log at link below:
http://www.2shared.com/

Then, after you successfully upload it, please copy/paste the link given under Here is your download link: tab..


I will be away for a few hours..
  • 0

#12
EvoKhmerBoy

EvoKhmerBoy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok hope you have a nice rest sorry to be such a bother....ComboFix

Edited by EvoKhmerBoy, 28 August 2008 - 11:31 PM.

  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders. Please visit HERE if you don't know how.
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\system32\drivers\432014f3.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.





NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\Documents and Settings\All Users\Application Data\ihkbynsd.exe
C:\Documents and Settings\Administrator\Desktop\New Folder\bak\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe
C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe

Folder::
C:\Program Files\SurfAccuracy

AWF::
C:\Documents and Settings\Administrator\Desktop\New Folder\CREATOR\bak\Remind_XP.exe
C:\Program Files\AIM\bak\aim.exe
C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe
C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\bak\RoxWatchTray.exe
C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\bak\DrgToDsc.exe
C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
C:\WINDOWS\SMINST\bak\RECGUARD.EXE
C:\WINDOWS\system\bak\hpsysdrv.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • VirScan.org or VirusTotal
  • Combofix.txt
  • A new HijackThis log.

  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP