Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

infected computer! please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

infected computer! please help!

Unread postby oxoafioxo » January 29th, 2008, 2:28 pm

I know my computer is infected with jkkjk.dll upon other things. I was able to stop jkkjk from loading on startup using msconfig (or so I thought). I've removed access to internet explorer (since I use mozilla) yet I still get internet explorer popups all day. Also, when I click on "My Computer" and look in my C: drive I have literally a thousand .tmp files that were never there before. I have AdAware, Asquared anti-malware, Spybot, Eusing Registry Cleaner, and have tried VundoFix with no luck whatsoever. Everytime anything is deleted it reappears when my computer is restarted. I really need help. Thank you in advance for any replies.

Below is my HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:25:40 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rachel Q\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {956FEA4C-E7DD-470F-9AF9-C345EB2E5EDA} - C:\WINDOWS\system32\jkkjk.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7014 bytes
oxoafioxo
Active Member
 
Posts: 10
Joined: January 29th, 2008, 2:14 pm
Advertisement
Register to Remove

Re: infected computer! please help!

Unread postby Simon V. » February 1st, 2008, 10:35 am

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

You're running an older version of HijackThis, please download the newest:

Download HJTInstall.exe to your desktop.

  • Doubleclick HJTInstall.exe to install HijackThis.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Save it to a convenient location.

Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Step 2

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.

  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.

Step 3

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix (C:\Combofix.txt) when you've accomplished that, along with a new HijackThis log and the CCleaner Uninstall List (install.txt).
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: infected computer! please help!

Unread postby oxoafioxo » February 4th, 2008, 7:37 pm

Thank you for all your help so far. I ran all three processes as you told me, and the reports are below, but i came across one pretty big problem. When I ran ComboFix it deleted a lot of things, which made me computer run noticeably faster, however, it deleted my Intel wireless internet framework. I could not connect to the internet. So I had to restore my computer to restore point ComboFix created before it ran. Is there any way I will be able to run this process, and have it delete only the bad things and not the good?

So as I said, the reports are below, but the ComboFix deletions are not valid, since I had to restore my computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:22 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc .exe
C:\WINDOWS\mrofinu572.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\mrofinu572 .exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\PPPATC~1\mshta.exe
C:\WINDOWS\PPPATC~1\mshta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [C4C6C9C4C6CAC9D0] 64666964666A69.exe
O4 - HKLM\..\Run: [20b8169e] rundll32.exe "C:\WINDOWS\system32\glkndppt.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\PPPATC~1\mshta.exe" -vt yazb
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6296 bytes



Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0.1
AIM 6
AOLIcon
Apple Mobile Device Support
Apple Software Update
a-squared Anti-Malware 3.1
ATI Catalyst Control Center
ATI Display Driver
Bluetooth HID Switch Service
Bluetooth Stack for Windows by Toshiba
Bonjour Core for Windows
Broadcom Management Programs
Canon PhotoRecord
Canon PowerShot A40 WIA Driver
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.2
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
DellSupport
Digital Content Portal
Digital Line Detect
ELIcon
Eusing Free Registry Cleaner
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
hp deskjet 3320 series (Remove only)
Intel(R) PROSet/Wireless Software
iPod for Windows 2005-09-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (2.0.0.11)
mPfMgr
mPfWiz
mProSafe
mSSO
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Synaptics Pointing Device Driver
Update Rollup 2 for Windows XP Media Center Edition 2005
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
WordPerfect Office 12




ComboFix 08-02.03.1 - Rachel Q 2008-02-04 17:57:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.522 [GMT -5:00]
Running from: C:\Documents and Settings\Rachel Q\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\nnnlkhi.dll
C:\WINDOWS\system32\qtbxnbpn.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\Rachel Q\My Documents\MBOLS~1
C:\Documents and Settings\Rachel Q\My Documents\MBOLS~1\?xplorer.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b149.exe
C:\WINDOWS\crosof~1
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\pppatc~1
C:\WINDOWS\pppatc~1\?ppPatch\
C:\WINDOWS\pppatc~1\mshta .exe
C:\WINDOWS\pppatc~1\mshta.exe
C:\WINDOWS\system32\dnd.dll
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\e9
C:\WINDOWS\system32\e9\farstadcom2.exe
C:\WINDOWS\system32\ebgxjcav.ini
C:\WINDOWS\system32\glkndppt.dll
C:\WINDOWS\system32\hkrrzmpl.dllbox
C:\WINDOWS\system32\jkkjk(2).dll
C:\WINDOWS\system32\jkkjk(3).dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jkkjk.exe
C:\WINDOWS\system32\khhmlcms.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnlkhi.dll
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pivvpjww.dllbox
C:\WINDOWS\system32\qtbxnbpn.dll
C:\WINDOWS\system32\qtbxnbpn.dllbox
C:\WINDOWS\system32\snbndygr.dll
C:\WINDOWS\system32\t8
C:\WINDOWS\system32\tppdnklg.ini
C:\WINDOWS\system32\vacjxgbe.dll
C:\WINDOWS\system32\wcpicomsv32.exe
C:\WINDOWS\system32\z4
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-04 14:51 . 2008-02-04 14:52 <DIR> d-------- C:\Program Files\CCleaner
2008-02-04 14:37 . 2008-02-04 14:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 00:12 . 2008-02-01 00:12 <DIR> d-------- C:\WINDOWS\system32\94969994969A99
2008-01-31 16:57 . 2008-02-01 10:00 368,640 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-31 16:56 . 2008-01-31 16:57 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-31 16:56 . 2008-01-31 16:56 <DIR> d-------- C:\Temp\cXzz9
2008-01-31 10:42 . 2008-01-31 10:42 330,752 --a------ C:\WINDOWS\system32\RCX1C7.tmp
2008-01-28 22:09 . 2008-02-04 18:04 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-28 21:55 . 2008-01-31 12:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-28 21:55 . 2008-01-31 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 10:56 . 2008-01-28 10:56 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-01-26 13:51 . 2008-01-28 11:03 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-24 23:30 . 2008-01-24 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-22 17:49 . 2008-01-31 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-22 14:25 . 2008-01-22 14:25 0 --a------ C:\del
2008-01-21 21:11 . 2008-01-26 15:15 <DIR> d-------- C:\VundoFix Backups
2008-01-21 20:03 . 2008-01-21 20:28 <DIR> d-------- C:\Documents and Settings\Rachel Q\Application Data\U3
2008-01-14 22:10 . 2008-01-22 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-14 14:26 . 2008-01-14 14:26 <DIR> d-------- C:\Program Files\Ashampoo
2008-01-14 13:56 . 2008-01-22 17:53 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-14 13:53 . 2008-01-14 14:16 <DIR> d--hs---- C:\WINDOWS\UmFjaGVsIFE
2008-01-14 13:52 . 2008-01-14 14:16 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-01-14 13:52 . 2008-01-14 13:52 <DIR> d-------- C:\Temp\Ryuan1
2008-01-14 13:52 . 2008-02-04 18:11 <DIR> d-------- C:\Temp
2008-01-14 13:52 . 2008-01-14 13:52 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-14 13:52 . 2008-01-14 13:52 86,016 --a------ C:\WINDOWS\system32\drivers\isapnpp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 23:04 --------- d-----w C:\Program Files\iTunes
2008-02-04 23:04 --------- d-----w C:\Program Files\DellSupport
2008-01-27 18:58 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\Move Networks
2008-01-25 20:40 --------- d-----w C:\Program Files\QuickTime
2008-01-25 20:40 --------- d-----w C:\Program Files\NetWaiting
2008-01-23 01:57 53,632 -c--a-w C:\Documents and Settings\Rachel Q\Application Data\GDIPFONTCACHEV1.DAT
2008-01-14 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-14 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-14 00:40 --------- d-----w C:\Program Files\AIM6
2007-12-14 00:40 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\acccore
2007-12-14 00:39 --------- d-----w C:\Program Files\Common Files\AOL
2006-08-23 00:42 5,118,736 ----a-w C:\Program Files\Firefox Setup 1.5.0.6.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\UmFjaGVsIFE\oAI3u3pPKIH.vbs
.
Code: Select all
<pre>
----a-w         1,816,208 2008-02-01 15:00:30  C:\Program Files\a-squared Anti-Malware\a2guard .exe
----a-w         3,251,800 2008-01-22 02:44:55  C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall .exe
----a-w            45,056 2008-01-22 22:31:33  C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
----a-w            81,920 2008-02-01 15:00:24  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           460,784 2008-02-01 15:00:36  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           602,182 2008-02-01 15:00:23  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           667,718 2008-02-01 15:00:23  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w           267,048 2008-01-28 16:00:08  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2008-01-24 17:48:10  C:\Program Files\Messenger\msmsgs .exe
----a-w           761,947 2008-02-01 15:00:24  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w            67,584 2008-01-22 01:57:56  C:\WINDOWS\ehome\ehtray .exe
----a-w           169,984 2008-01-28 20:13:57  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           127,035 2008-01-22 01:58:04  C:\WINDOWS\system32\dla\tfswctrl .exe
----a-w           188,416 2008-01-22 01:58:19  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"Aim6"="" []
"Uaol"="C:\WINDOWS\PPPATC~1\mshta.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [ ]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [ ]
"C4C6C9C4C6CAC9D0"="64666964666A69.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-29 03:24:46 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkkjk.exe

R1 isapnpp;isapnpp;C:\WINDOWS\system32\drivers\isapnpp.sys [2008-01-14 13:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de237606-c885-11dc-a0f3-0015c51ee7ed}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 17:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 18:10:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-02-04 18:12:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 23:12:28
oxoafioxo
Active Member
 
Posts: 10
Joined: January 29th, 2008, 2:14 pm

Re: infected computer! please help!

Unread postby Simon V. » February 4th, 2008, 7:54 pm

Hi :)

Why don't you have any security updates installed?

When I ran ComboFix it deleted a lot of things, which made me computer run noticeably faster, however, it deleted my Intel wireless internet framework. I could not connect to the internet.

The files related to that software were infected, and that's why Combofix deleted them. Let's do the following:

Step 1

Click on Start, then Control Panel. Double click on Add or Remove Programs.

Please remove the following program(s):

  • Java 2 Runtime Environment, SE v1.4.2_03

Then download and install Java Runtime Environment (JRE) 6 Update 4.

Step 2

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=27429&p=262363#p262363

Collect::

C:\WINDOWS\system32\drivers\isapnpp.sys

File::

C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\RCX1C7.tmp

Folder::

C:\Program Files\Dot1XCfg
C:\WINDOWS\UmFjaGVsIFE
C:\WINDOWS\system32\edcA01
C:\Temp\Ryuan1
C:\WINDOWS\system32\nGpxx01
C:\Temp\cXzz9

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
"Uaol"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

Driver::

isapnpp

DirLook::

C:\WINDOWS\system32\94969994969A99

RenV::

----a-w         1,816,208 2008-02-01 15:00:30  C:\Program Files\a-squared Anti-Malware\a2guard .exe
----a-w         3,251,800 2008-01-22 02:44:55  C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall .exe
----a-w            45,056 2008-01-22 22:31:33  C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
----a-w            81,920 2008-02-01 15:00:24  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           460,784 2008-02-01 15:00:36  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           602,182 2008-02-01 15:00:23  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           667,718 2008-02-01 15:00:23  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w           267,048 2008-01-28 16:00:08  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2008-01-24 17:48:10  C:\Program Files\Messenger\msmsgs .exe
----a-w           761,947 2008-02-01 15:00:24  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w            67,584 2008-01-22 01:57:56  C:\WINDOWS\ehome\ehtray .exe
----a-w           169,984 2008-01-28 20:13:57  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           127,035 2008-01-22 01:58:04  C:\WINDOWS\system32\dla\tfswctrl .exe
----a-w           188,416 2008-01-22 01:58:19  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe


Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Image

Referring to the picture above, drag CFScript into ComboFix.exe.
A webpage will pop up when Combofix has done its job. Please follow the instructions and upload the file asked.
It will create a log. Be sure to save it to a convenient location.

Step 3

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:

    • Click on the Malwarebytes' Anti-Malware icon to launch the program.
    • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open.

Step 4

In your next reply, please post:

  • the Combofix log (C:\Combofix.txt)
  • the Malwarebytes' Anti-Malware report
  • a new HijackThis log
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: infected computer! please help!

Unread postby oxoafioxo » February 5th, 2008, 5:31 pm

ok so i've done everything listed, but came across a few problems on the way. I was able to successfully delete Java, and install the updated version. I drug the text document over to ComboFix and ran ComboFix. While it was running it created a compressed folder on my desktop. I'm guessing it was supposed to do that because when the webpage showed up, as you said, it asked for the file name of that compressed folder. However, ComboFix deleted my internet again so I could not send the file name, and everything deleted had to be undone with system restore. MalwareBytes could not remove a few things, so it said it would try after reboot. I can't get my computer to restart though, because my "turn off" button on the start menu disappeared, the "log off" button isn't working, and ctrl+alt+del isn't bringing up the task manager. I'm sure I'll get my computer restarted somehow, I just have to think of another option. Below are my ComboFix, MalwareBytes, and HijackThis reports.

ComboFix 08-02.03.1 - Rachel Q 2008-02-05 10:15:46.1 - NTFSx86
Running from: C:\Documents and Settings\Rachel Q\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rachel Q\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\RCX1C7.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\isapnpp.sys
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\nnnlkhi.dll
C:\WINDOWS\system32\qtbxnbpn.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Temp\cXzz9
C:\Temp\Ryuan1
C:\Temp\Ryuan1\tepU.log
C:\temp\tn3
C:\WINDOWS\b149.exe
C:\WINDOWS\crosof~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\pppatc~1\?ppPatch\
C:\WINDOWS\pppatc~1\mshta.exe
C:\WINDOWS\system32\cnisymwp.ini
C:\WINDOWS\system32\dnd.dll
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\isapnpp.sys
C:\WINDOWS\system32\e9
C:\WINDOWS\system32\e9\farstadcom2.exe
C:\WINDOWS\system32\ebgxjcav.ini
C:\WINDOWS\system32\edcA01
C:\WINDOWS\system32\glkndppt.dll
C:\WINDOWS\system32\jkkjk(2).dll
C:\WINDOWS\system32\jkkjk(3).dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jkkjk.exe
C:\WINDOWS\system32\khhmlcms.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nnnlkhi.dll
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\qtbxnbpn.dll
C:\WINDOWS\system32\qtbxnbpn.dllbox
C:\WINDOWS\system32\RCX1C7.tmp
C:\WINDOWS\system32\snbndygr.dll
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\t8
C:\WINDOWS\system32\tppdnklg.ini
C:\WINDOWS\system32\wcpicomsv32.exe
C:\WINDOWS\system32\xecrxxcm.dll
C:\WINDOWS\system32\z4
C:\WINDOWS\UmFjaGVsIFE
C:\WINDOWS\UmFjaGVsIFE\oAI3u3pPKIH.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ISAPNPP
-------\LEGACY_NETWORK_MONITOR
-------\isapnpp


((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-05 09:17 . 2008-02-05 09:17 90,688 --a------ C:\WINDOWS\system32\pwmysinc.dll
2008-02-04 14:51 . 2008-02-04 14:52 <DIR> d-------- C:\Program Files\CCleaner
2008-02-04 14:37 . 2008-02-04 14:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 00:12 . 2008-02-01 00:12 <DIR> d-------- C:\WINDOWS\system32\94969994969A99
2008-01-28 22:09 . 2008-02-05 10:28 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-28 21:55 . 2008-01-31 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 15:13 . 2008-01-28 15:13 169,984 --a------ C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-28 10:56 . 2008-01-28 10:56 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-01-26 13:51 . 2008-01-28 11:03 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-24 23:30 . 2008-01-24 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-22 17:49 . 2008-01-31 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-22 14:25 . 2008-01-22 14:25 0 --a------ C:\del
2008-01-21 21:11 . 2008-02-04 18:41 <DIR> d-------- C:\VundoFix Backups
2008-01-21 20:03 . 2008-01-21 20:28 <DIR> d-------- C:\Documents and Settings\Rachel Q\Application Data\U3
2008-01-14 22:10 . 2008-01-22 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-14 13:52 . 2008-02-05 10:17 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 15:28 --------- d-----w C:\Program Files\DellSupport
2008-02-05 15:14 --------- d-----w C:\Program Files\iTunes
2008-01-30 01:09 503,296 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2008-01-28 20:13 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-01-27 18:58 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\Move Networks
2008-01-25 20:40 --------- d-----w C:\Program Files\QuickTime
2008-01-25 20:40 --------- d-----w C:\Program Files\NetWaiting
2008-01-23 01:57 53,632 -c--a-w C:\Documents and Settings\Rachel Q\Application Data\GDIPFONTCACHEV1.DAT
2008-01-14 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 19:45 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-14 00:40 --------- d-----w C:\Program Files\AIM6
2007-12-14 00:40 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\acccore
2007-12-14 00:39 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-07 01:21 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-23 00:42 5,118,736 ----a-w C:\Program Files\Firefox Setup 1.5.0.6.exe
.
Code: Select all
<pre>
----a-w           460,784 2008-02-05 00:05:32  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           602,182 2008-02-05 00:05:18  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           667,718 2008-02-05 00:05:16  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w           761,947 2008-02-05 00:05:22  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
</pre>



(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\94969994969A99 ----

2008-02-01 09:13 58 --a------ C:\WINDOWS\system32\94969994969A99\B5B7BAB5B7BBBA


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A43CBB1-5574-08A9-0262-5A00C9CD8DCE}]
C:\WINDOWS\system32\dnd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67E06734-2221-4754-AE67-D743E39245B1}]
C:\WINDOWS\system32\jkkjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"Aim6"="" []
"Uaol"="C:\WINDOWS\PPPATC~1\mshta.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"@"="" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [ ]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [ ]
"runner1"="C:\WINDOWS\mrofinu572.exe" [ ]
"C4C6C9C4C6CAC9D0"="64666964666A69.exe" []
"20b8169e"="C:\WINDOWS\system32\pwmysinc.dll" [2008-02-05 09:17 90688]
"combofix"="C:\ComboFix\kmd.exe" [2004-08-10 05:00 388608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-29 03:24:46 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkhi]
nnnlkhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qtbxnbpn]
qtbxnbpn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-28 11:00 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkkjk.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de237606-c885-11dc-a0f3-0015c51ee7ed}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 17:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 10:46:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\cnisymwp.ini 294 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\pwmysinc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-05 10:51:55 - machine was rebooted [Rachel Q]
ComboFix-quarantined-files.txt 2008-02-05 15:51:42
ComboFix2.txt 2008-02-04 23:12:31



Malwarebytes' Anti-Malware 1.02
Database version: 320

Scan type: Quick Scan
Objects scanned: 22915
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jkkjk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pwmysinc.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qtbxnbpn.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d0a0372-84c8-4e9b-a941-547dd04e9bba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3d0a0372-84c8-4e9b-a941-547dd04e9bba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98663e21-9cce-4cf6-863c-911a9523a66f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98663e21-9cce-4cf6-863c-911a9523a66f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3a43cbb1-5574-08a9-0262-5a00c9cd8dce} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a43cbb1-5574-08a9-0262-5a00c9cd8dce} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Trojan.Vundo) -> Failed to delete.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChange) -> Failed to delete.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{98663e21-9cce-4cf6-863c-911a9523a66f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Vundo) -> Data: c:\windows\system32\jkkjk.exe -> Failed to delete.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkjk -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\e9 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t8 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\glkndppt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tppdnklg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkjk.dll (Trojan.Vundo) -> Failed to delete. (Delete on reboot).
C:\WINDOWS\system32\jkkjk.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwmysinc.dll (Trojan.Vundo) -> Failed to delete. (Delete on reboot).
C:\WINDOWS\system32\cnisymwp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtbxnbpn.dll (Trojan.Vundo) -> Failed to delete. (Delete on reboot).
C:\WINDOWS\system32\qtbxnbpn.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnd.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\e9\farstadcom2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\b149.exe (Heuristics.Downloader) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {073F38A3-4BC9-4CC4-9537-DB5CFE1BB830} - C:\WINDOWS\system32\jkkjk.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\skkssixu.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [C4C6C9C4C6CAC9D0] 64666964666A69.exe
O4 - HKLM\..\Run: [20b8169e] rundll32.exe "C:\WINDOWS\system32\pwmysinc.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\PPPATC~1\mshta.exe" -vt yazb
O4 - HKUS\S-1-5-21-1656885380-3534317346-2037278705-1005\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1656885380-3534317346-2037278705-1005\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-1656885380-3534317346-2037278705-1005\..\Run: [Uaol] "C:\WINDOWS\PPPATC~1\mshta.exe" -vt yazb (User '?')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - Winlogon Notify: nnnlkhi - C:\WINDOWS\SYSTEM32\nnnlkhi.dll
O20 - Winlogon Notify: qtbxnbpn - C:\WINDOWS\SYSTEM32\qtbxnbpn.dll
O20 - Winlogon Notify: skkssixu - C:\WINDOWS\SYSTEM32\skkssixu.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7038 bytes
oxoafioxo
Active Member
 
Posts: 10
Joined: January 29th, 2008, 2:14 pm

Re: infected computer! please help!

Unread postby oxoafioxo » February 5th, 2008, 5:40 pm

I took the chance and just shut my computer down with the power button. When my computer restarted everything was back to normal.
oxoafioxo
Active Member
 
Posts: 10
Joined: January 29th, 2008, 2:14 pm

Re: infected computer! please help!

Unread postby Simon V. » February 6th, 2008, 5:47 am

Hi :)

The cleaning process won't work if you keep doing a system restore, so let's try it in a slightly different way.

Print these instructions or save them to a notepad document, as it could be that you loose your internet connection during the cleaning process.

Run Combofix again (just double-click Combofix.exe, no need for CFScript right now).

- If your internet connection is still there after Combofix has completed, post the resultant log.

- If not, do the following:

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

Code: Select all
RenV::

----a-w           460,784 2008-02-05 00:05:32  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           602,182 2008-02-05 00:05:18  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           667,718 2008-02-05 00:05:16  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w           761,947 2008-02-05 00:05:22  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe


Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Image

Referring to the picture above, drag CFScript into ComboFix.exe.
It will create a log. Be sure to save it to a convenient location.

That should restore your internet connection.

- If it did, please post the resultant log.

- If it didn't, can you try to reinstall or repair the Intel wireless internet framework software? That should bring your internet connection back.

- If all of the above doesn't work, do a System Restore and post the resultant log of the last Combofix run (C:\Combofix.txt).
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: infected computer! please help!

Unread postby oxoafioxo » February 6th, 2008, 10:25 pm

Thanks for your help and patience so far. I uninstalled Intel and will reinstall it after I post this. For whatever reason I'm able to connect to the Internet right now without it, where before I was not able to. ComboFix deleted C:\Program Files\DellSupport\DSAgnt.exe and C:\Program Files\Synaptics\SynTP\SynTPEnh.exe like before. It's not affecting my computer, but should I try and download the drivers or something if I can? Or should I do a system restore if they're extremely important? I know on my tray in the bottom right hand corner there used to be an icon for my Synaptics mousepad, which is no longer there. I'm assuming that was the latter of the two I just listed. I ran ComboFix and Malwarebytes after I uninstalled Intel. After my computer rebooted I did another HijackThis scan. All three reports are below.

ComboFix 08-02.03.1 - Rachel Q 2008-02-06 20:57:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.655 [GMT -5:00]
Running from: C:\Documents and Settings\Rachel Q\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nnnlkhi.dll
C:\WINDOWS\system32\skkssixu.dll
C:\Documents and Settings\Rachel Q\My Documents\DOBE~1
C:\Documents and Settings\Rachel Q\My Documents\DOBE~1\?dobe\
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\crosof~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\pppatc~1\?ppPatch\
C:\WINDOWS\pppatc~1\mshta .exe
C:\WINDOWS\pppatc~1\mshta.exe
C:\WINDOWS\system32\cnisymwp.ini
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\ebgxjcav.ini
C:\WINDOWS\system32\imsiegnv.ini
C:\WINDOWS\system32\jkkjk(2).dll
C:\WINDOWS\system32\jkkjk(3).dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jkkjk.exe
C:\WINDOWS\system32\khhmlcms.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\nnnlkhi.dll
C:\WINDOWS\system32\qtbxnbpn.dll
C:\WINDOWS\system32\qtbxnbpn.dll . . . . failed to delete
C:\WINDOWS\system32\rtgbiymx.dll
C:\WINDOWS\system32\skkssixu.dll
C:\WINDOWS\system32\skkssixu.dllbox
C:\WINDOWS\system32\snbndygr.dll
C:\WINDOWS\system32\vngeismi.dll
C:\WINDOWS\system32\wcpicomsv32.exe
C:\WINDOWS\system32\wtwywiad.dll
C:\WINDOWS\system32\xecrxxcm.dll
C:\WINDOWS\system32\z4

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 21:05 . 2008-02-06 21:06 134 ---hs---- C:\WINDOWS\system32\qtbxnbpn.dllbox
2008-02-06 18:57 . 2008-02-06 18:57 <DIR> d-------- C:\Intel
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-05 15:24 . 2008-02-05 15:24 <DIR> d-------- C:\Program Files\Sun
2008-02-05 15:23 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-05 12:57 . 2008-02-05 12:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 12:15 . 2008-02-05 12:15 <DIR> d--hs---- C:\WINDOWS\UmFjaGVsIFE
2008-02-05 12:15 . 2008-02-05 12:15 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-02-05 12:15 . 2008-02-05 12:15 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-02-04 14:51 . 2008-02-04 14:52 <DIR> d-------- C:\Program Files\CCleaner
2008-02-04 14:37 . 2008-02-04 14:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 12:30 . 2008-02-06 21:03 163,904 --a------ C:\WINDOWS\system32\qtbxnbpn.dll
2008-02-01 00:12 . 2008-02-01 00:12 <DIR> d-------- C:\WINDOWS\system32\94969994969A99
2008-01-28 22:09 . 2008-02-06 21:01 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-28 21:55 . 2008-01-31 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 10:56 . 2008-01-28 10:56 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-01-26 13:51 . 2008-01-28 11:03 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-24 23:30 . 2008-01-24 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-22 17:49 . 2008-01-31 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-22 14:25 . 2008-01-22 14:25 0 --a------ C:\del
2008-01-21 21:11 . 2008-02-04 18:41 <DIR> d-------- C:\VundoFix Backups
2008-01-21 20:03 . 2008-01-21 20:28 <DIR> d-------- C:\Documents and Settings\Rachel Q\Application Data\U3
2008-01-14 22:10 . 2008-01-22 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-14 13:52 . 2008-02-05 10:17 <DIR> d-------- C:\Temp
2008-01-14 13:52 . 2008-02-05 10:14 86,016 --a------ C:\WINDOWS\system32\drivers\isapnpp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 02:01 --------- d-----w C:\Program Files\iTunes
2008-02-07 02:01 --------- d-----w C:\Program Files\DellSupport
2008-02-05 20:54 --------- d-----w C:\Program Files\Java
2008-01-27 18:58 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\Move Networks
2008-01-25 20:40 --------- d-----w C:\Program Files\QuickTime
2008-01-25 20:40 --------- d-----w C:\Program Files\NetWaiting
2008-01-23 01:57 53,632 -c--a-w C:\Documents and Settings\Rachel Q\Application Data\GDIPFONTCACHEV1.DAT
2008-01-14 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-14 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-14 00:40 --------- d-----w C:\Program Files\AIM6
2007-12-14 00:40 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\acccore
2007-12-14 00:39 --------- d-----w C:\Program Files\Common Files\AOL
2006-08-23 00:42 5,118,736 ----a-w C:\Program Files\Firefox Setup 1.5.0.6.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\UmFjaGVsIFE\oAI3u3pPKIH.vbs
.
Code: Select all
<pre>
----a-w         1,816,208 2008-02-07 01:47:13  C:\Program Files\a-squared Anti-Malware\a2guard .exe
----a-w            45,056 2008-01-22 22:31:33  C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
----a-w            81,920 2008-02-07 01:47:02  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           460,784 2008-02-07 01:48:00  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           602,182 2008-02-06 22:36:49  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           667,718 2008-02-06 22:36:47  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w           267,048 2008-01-28 16:00:08  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           144,784 2008-02-07 01:47:38  C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
----a-w         1,694,208 2008-01-24 17:48:10  C:\Program Files\Messenger\msmsgs .exe
----a-w           761,947 2008-02-07 01:46:49  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w            67,584 2008-01-22 01:57:56  C:\WINDOWS\ehome\ehtray .exe
----a-w           169,984 2008-01-28 20:13:57  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           127,035 2008-01-22 01:58:04  C:\WINDOWS\system32\dla\tfswctrl .exe
----a-w           188,416 2008-01-22 01:58:19  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-06 21:03 163904 --a------ C:\WINDOWS\system32\qtbxnbpn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"Aim6"="" []
"Uaol"="C:\WINDOWS\PPPATC~1\mshta.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [ ]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [ ]
"C4C6C9C4C6CAC9D0"="64666964666A69.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-29 03:24:46 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qtbxnbpn]
qtbxnbpn.dll 2008-02-06 21:03 163904 C:\WINDOWS\system32\qtbxnbpn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkkjk.exe

S1 isapnpp;isapnpp;C:\WINDOWS\system32\drivers\isapnpp.sys [2008-02-05 10:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de237606-c885-11dc-a0f3-0015c51ee7ed}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 17:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 21:06:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\qtbxnbpn.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\qtbxnbpn.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-02-06 21:07:31 - machine was rebooted [Rachel Q]
ComboFix-quarantined-files.txt 2008-02-07 02:07:28
ComboFix2.txt 2008-02-06 22:28:23
ComboFix3.txt 2008-02-06 22:22:39
ComboFix4.txt 2008-02-06 22:19:14
ComboFix5.txt 2008-02-05 15:51:57



Malwarebytes' Anti-Malware 1.02
Database version: 320

Scan type: Quick Scan
Objects scanned: 22547
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qtbxnbpn.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qtbxnbpn.dll (Trojan.Vundo) -> Failed to delete. (Delete on reboot).
C:\WINDOWS\system32\qtbxnbpn.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel Q\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:18 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [C4C6C9C4C6CAC9D0] 64666964666A69.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\PPPATC~1\mshta.exe" -vt yazb
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - Winlogon Notify: qtbxnbpn - qtbxnbpn.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

--
End of file - 4593 bytes
oxoafioxo
Active Member
 
Posts: 10
Joined: January 29th, 2008, 2:14 pm

Re: infected computer! please help!

Unread postby Simon V. » February 7th, 2008, 7:28 am

Hi :)

It's extremely important that you follow my instructions very carfeully. The fix isn't easy, and it will fail if something isn't executed properly.

Please do another Combofix scan and post the resultant log. Nothing else.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: infected computer! please help!

Unread postby oxoafioxo » February 7th, 2008, 11:20 am

ComboFix 08-02.03.1 - Rachel Q 2008-02-07 9:50:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.434 [GMT -5:00]
Running from: C:\Documents and Settings\Rachel Q\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 21:31 . 2008-02-06 21:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-02-06 21:31 . 2008-02-06 21:31 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-02-06 21:31 . 2008-02-06 21:31 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-06 21:31 . 2008-02-06 21:31 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-02-06 21:31 . 2008-02-06 21:31 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-02-06 21:31 . 2008-02-06 21:31 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-02-06 21:30 . 2008-02-06 21:31 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-06 21:30 . 2007-08-27 11:12 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-02-06 21:30 . 2007-09-26 06:01 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-02-06 21:30 . 2007-08-27 11:12 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-02-06 18:57 . 2008-02-06 18:57 <DIR> d-------- C:\Intel
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-05 15:24 . 2008-02-05 15:24 <DIR> d-------- C:\Program Files\Sun
2008-02-05 15:23 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-05 12:57 . 2008-02-05 12:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 12:15 . 2008-02-05 12:15 <DIR> d--hs---- C:\WINDOWS\UmFjaGVsIFE
2008-02-05 12:15 . 2008-02-05 12:15 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-02-05 12:15 . 2008-02-05 12:15 <DIR> d-------- C:\WINDOWS\system32\edcA01
2008-02-04 14:51 . 2008-02-04 14:52 <DIR> d-------- C:\Program Files\CCleaner
2008-02-04 14:37 . 2008-02-04 14:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 00:12 . 2008-02-01 00:12 <DIR> d-------- C:\WINDOWS\system32\94969994969A99
2008-01-28 22:09 . 2008-02-06 22:07 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-28 21:55 . 2008-01-31 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 10:56 . 2008-01-28 10:56 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-01-26 13:51 . 2008-01-28 11:03 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-24 23:30 . 2008-01-24 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-22 17:49 . 2008-01-31 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-22 14:25 . 2008-01-22 14:25 0 --a------ C:\del
2008-01-21 21:11 . 2008-02-04 18:41 <DIR> d-------- C:\VundoFix Backups
2008-01-21 20:03 . 2008-01-21 20:28 <DIR> d-------- C:\Documents and Settings\Rachel Q\Application Data\U3
2008-01-14 22:10 . 2008-01-22 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-14 13:52 . 2008-02-05 10:17 <DIR> d-------- C:\Temp
2008-01-14 13:52 . 2008-02-05 10:14 86,016 --a------ C:\WINDOWS\system32\drivers\isapnpp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 02:36 --------- d-----w C:\Program Files\Intel
2008-02-07 02:01 --------- d-----w C:\Program Files\iTunes
2008-02-07 02:01 --------- d-----w C:\Program Files\DellSupport
2008-02-05 20:54 --------- d-----w C:\Program Files\Java
2008-01-30 01:09 503,296 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2008-01-28 20:13 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-01-27 18:58 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\Move Networks
2008-01-25 20:40 --------- d-----w C:\Program Files\QuickTime
2008-01-25 20:40 --------- d-----w C:\Program Files\NetWaiting
2008-01-23 01:57 53,632 -c--a-w C:\Documents and Settings\Rachel Q\Application Data\GDIPFONTCACHEV1.DAT
2008-01-14 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 19:45 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-14 00:40 --------- d-----w C:\Program Files\AIM6
2007-12-14 00:40 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\acccore
2007-12-14 00:39 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-07 01:21 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-23 00:42 5,118,736 ----a-w C:\Program Files\Firefox Setup 1.5.0.6.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\UmFjaGVsIFE\oAI3u3pPKIH.vbs
.
Code: Select all
<pre>
----a-w         1,816,208 2008-02-07 01:47:13  C:\Program Files\a-squared Anti-Malware\a2guard .exe
----a-w            45,056 2008-01-22 22:31:33  C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
----a-w            81,920 2008-02-07 01:47:02  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           460,784 2008-02-07 01:48:00  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           602,182 2008-02-06 22:36:49  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           667,718 2008-02-06 22:36:47  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w           267,048 2008-01-28 16:00:08  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           144,784 2008-02-07 01:47:38  C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
----a-w         1,694,208 2008-01-24 17:48:10  C:\Program Files\Messenger\msmsgs .exe
----a-w           761,947 2008-02-07 01:46:49  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w            67,584 2008-01-22 01:57:56  C:\WINDOWS\ehome\ehtray .exe
----a-w           169,984 2008-01-28 20:13:57  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           127,035 2008-01-22 01:58:04  C:\WINDOWS\system32\dla\tfswctrl .exe
----a-w           188,416 2008-01-22 01:58:19  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [ ]
"C4C6C9C4C6CAC9D0"="64666964666A69.exe" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-29 03:24:46 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qtbxnbpn]
qtbxnbpn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

S1 isapnpp;isapnpp;C:\WINDOWS\system32\drivers\isapnpp.sys [2008-02-05 10:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de237606-c885-11dc-a0f3-0015c51ee7ed}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - AEGISP
*Newly Created Service* - EVTENG
*Newly Created Service* - INTELNETPROVCREDMAN
*Newly Created Service* - REGSRVC
*Newly Created Service* - S24EVENTMONITOR
.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 17:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 09:52:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 9:52:57
ComboFix-quarantined-files.txt 2008-02-07 14:52:54
ComboFix2.txt 2008-02-07 02:07:32
ComboFix3.txt 2008-02-06 22:28:23
ComboFix4.txt 2008-02-06 22:22:39
ComboFix5.txt 2008-02-06 22:19:14
oxoafioxo
Active Member
 
Posts: 10
Joined: January 29th, 2008, 2:14 pm

Re: infected computer! please help!

Unread postby Simon V. » February 7th, 2008, 11:37 am

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: infected computer! please help!

Unread postby oxoafioxo » February 7th, 2008, 1:43 pm

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
oxoafioxo
Active Member
 
Posts: 10
Joined: January 29th, 2008, 2:14 pm

Re: infected computer! please help!

Unread postby Simon V. » February 7th, 2008, 2:29 pm

Hi :)

That's looking good; you can reboot your computer if you wish to do so.

Step 1

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

Code: Select all
File::

C:\WINDOWS\system32\drivers\isapnpp.sys
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp

Folder::

C:\WINDOWS\UmFjaGVsIFE
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\edcA01
C:\VundoFix Backups

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C4C6C9C4C6CAC9D0"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qtbxnbpn]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Driver::

isapnpp

DirLook::

C:\WINDOWS\system32\94969994969A99

RenV::

----a-w         1,816,208 2008-02-07 01:47:13  C:\Program Files\a-squared Anti-Malware\a2guard .exe
----a-w            45,056 2008-01-22 22:31:33  C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
----a-w            81,920 2008-02-07 01:47:02  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           460,784 2008-02-07 01:48:00  C:\Program Files\DellSupport\DSAgnt .exe
----a-w           602,182 2008-02-06 22:36:49  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           667,718 2008-02-06 22:36:47  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w           267,048 2008-01-28 16:00:08  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           144,784 2008-02-07 01:47:38  C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
----a-w         1,694,208 2008-01-24 17:48:10  C:\Program Files\Messenger\msmsgs .exe
----a-w           761,947 2008-02-07 01:46:49  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w            67,584 2008-01-22 01:57:56  C:\WINDOWS\ehome\ehtray .exe
----a-w           169,984 2008-01-28 20:13:57  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           127,035 2008-01-22 01:58:04  C:\WINDOWS\system32\dla\tfswctrl .exe
----a-w           188,416 2008-01-22 01:58:19  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe


Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Image

Referring to the picture above, drag CFScript into ComboFix.exe.
It will create a log. Be sure to save it to a convenient location.

Step 2

Close all programs before continuing, and try not to run anything during the scan.

Please do an online scan with Kaspersky WebScanner. (You will need to use Internet Explorer to run this scan)

On the welcome screen, click Accept.

You will be promted to install an ActiveX component from Kaspersky, click Install.

  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:

  • Scan using the following Anti-Virus database:

    Extended (if available, otherwise Standard)

  • Scan Options:

    Scan Archives
    Scan Mail Bases

  • Click OK.
  • Now under Select a Target to Scan:

    Select My Computer.

  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop.

Step 3

In your next reply, please post:

  • the Combofix log (C:\Combofix.txt)
  • the Kaspersky Online Scan report
  • a new HijackThis log
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Re: infected computer! please help!

Unread postby oxoafioxo » February 7th, 2008, 6:08 pm

ComboFix 08-02.03.1 - Rachel Q 2008-02-07 13:41:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.647 [GMT -5:00]
Running from: C:\Documents and Settings\Rachel Q\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rachel Q\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
C:\WINDOWS\system32\drivers\isapnpp.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
C:\WINDOWS\system32\drivers\isapnpp.sys
C:\WINDOWS\system32\edcA01
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\UmFjaGVsIFE
C:\WINDOWS\UmFjaGVsIFE\oAI3u3pPKIH.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ISAPNPP
-------\isapnpp


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-07 12:40 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-07 12:40 . 2008-01-28 11:01 209 --a------ C:\Boot.bak
2008-02-06 21:31 . 2008-02-06 21:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-02-06 21:31 . 2008-02-06 21:31 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-02-06 21:31 . 2008-02-06 21:31 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-06 21:31 . 2008-02-06 21:31 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-02-06 21:31 . 2008-02-06 21:31 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-02-06 21:31 . 2008-02-06 21:31 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-02-06 21:30 . 2007-08-27 11:12 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-02-06 21:30 . 2007-09-26 06:01 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-02-06 21:30 . 2007-08-27 11:12 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-02-06 18:57 . 2008-02-06 18:57 <DIR> d-------- C:\Intel
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes
2008-02-05 16:07 . 2008-02-05 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-05 15:24 . 2008-02-05 15:24 <DIR> d-------- C:\Program Files\Sun
2008-02-05 15:23 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-05 12:57 . 2008-02-05 12:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-04 14:51 . 2008-02-04 14:52 <DIR> d-------- C:\Program Files\CCleaner
2008-02-04 14:37 . 2008-02-04 14:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 00:12 . 2008-02-01 00:12 <DIR> d-------- C:\WINDOWS\system32\94969994969A99
2008-01-28 22:09 . 2008-02-07 13:41 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-28 21:55 . 2008-01-31 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 15:13 . 2008-01-28 15:13 169,984 --a------ C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-28 10:56 . 2008-01-28 10:56 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-01-26 13:51 . 2008-01-28 11:03 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-24 23:30 . 2008-01-24 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-22 17:49 . 2008-01-31 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-22 14:25 . 2008-01-22 14:25 0 --a------ C:\del
2008-01-21 20:03 . 2008-01-21 20:28 <DIR> d-------- C:\Documents and Settings\Rachel Q\Application Data\U3
2008-01-14 22:10 . 2008-01-22 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-14 13:52 . 2008-02-05 10:17 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 18:41 --------- d-----w C:\Program Files\iTunes
2008-02-07 18:41 --------- d-----w C:\Program Files\DellSupport
2008-02-07 02:36 --------- d-----w C:\Program Files\Intel
2008-02-05 20:54 --------- d-----w C:\Program Files\Java
2008-01-28 20:13 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-01-27 18:58 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\Move Networks
2008-01-25 20:40 --------- d-----w C:\Program Files\QuickTime
2008-01-25 20:40 --------- d-----w C:\Program Files\NetWaiting
2008-01-23 01:57 53,632 -c--a-w C:\Documents and Settings\Rachel Q\Application Data\GDIPFONTCACHEV1.DAT
2008-01-14 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 19:45 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-14 00:40 --------- d-----w C:\Program Files\AIM6
2007-12-14 00:40 --------- d-----w C:\Documents and Settings\Rachel Q\Application Data\acccore
2007-12-14 00:39 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-07 01:21 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-23 00:42 5,118,736 ----a-w C:\Program Files\Firefox Setup 1.5.0.6.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\94969994969A99 ----

2008-02-01 09:13 58 --a------ C:\WINDOWS\system32\94969994969A99\B5B7BAB5B7BBBA


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2008-01-21 20:58 188416]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-02-06 17:36 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-02-06 17:36 602182]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-29 03:24:46 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de237606-c885-11dc-a0f3-0015c51ee7ed}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 17:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 13:45:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-02-07 13:46:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 18:46:28
ComboFix2.txt 2008-02-07 14:52:59
ComboFix3.txt 2008-02-07 02:07:32
ComboFix4.txt 2008-02-06 22:28:23
ComboFix5.txt 2008-02-06 22:22:39




Thursday, February 07, 2008 5:05:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/02/2008
Kaspersky Anti-Virus database records: 553461
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 57822
Number of viruses found 9
Number of infected objects 395
Number of suspicious objects 0
Duration of the scan process 00:49:06

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.18663 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.30383/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.30383 NSIS: infected - 1 skipped
C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.61576/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.61576 NSIS: infected - 1 skipped
C:\Documents and Settings\Rachel Q\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.88821 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\Rachel Q\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rachel Q\Desktop\Unused Desktop Shortcuts\[4]-Submit_2008-02-05@10.14.zip/isapnpp.sys Infected: Rootkit.Win32.Agent.to skipped
C:\Documents and Settings\Rachel Q\Desktop\Unused Desktop Shortcuts\[4]-Submit_2008-02-05@10.14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Rachel Q\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rachel Q\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rachel Q\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rachel Q\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rachel Q\ntuser.dat Object is locked skipped
C:\Documents and Settings\Rachel Q\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DellSupport\DSAgnt(2).exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Intel\Wireless\Bin\ifrmewrk(2).exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc(2).exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Synaptics\SynTP\SynTPEnh(2).exe Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\a-squared Anti-Malware\a2guard.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\issch.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir Infected: Trojan.Win32.Scapur.k skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\DellSupport\DSAgnt.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Intel\Wireless\Bin\ifrmewrk.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Java\jre1.6.0_04\bin\jusched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Synaptics\SynTP\SynTPEnh.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\PPPATC~1\mshta .exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\QooBox\Quarantine\C\WINDOWS\PPPATC~1\mshta.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dnd.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\glkndppt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjk(2).dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjk(3).dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjk.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khhmlcms.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lucixvjb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qtbxnbpn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1C7.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rtgbiymx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\skkssixu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\snbndygr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vacjxgbe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vngeismi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wtwywiad.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xecrxxcm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-04_181053.54.zip/jkkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-04_181053.54.zip/nnnlkhi.dll Infected: Trojan.Win32.BHO.auf skipped
C:\QooBox\Quarantine\catchme2008-02-04_181053.54.zip/qtbxnbpn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-04_181053.54.zip ZIP: infected - 3 skipped
C:\QooBox\Quarantine\catchme2008-02-05_104545.98.zip/jkkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-05_104545.98.zip/nnnlkhi.dll Infected: Trojan.Win32.BHO.auf skipped
C:\QooBox\Quarantine\catchme2008-02-05_104545.98.zip/qtbxnbpn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-05_104545.98.zip ZIP: infected - 3 skipped
C:\QooBox\Quarantine\catchme2008-02-06_171736.07.zip/nnnlkhi.dll Infected: Trojan.Win32.BHO.auf skipped
C:\QooBox\Quarantine\catchme2008-02-06_171736.07.zip/qtbxnbpn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-06_171736.07.zip/skkssixu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-06_171736.07.zip ZIP: infected - 3 skipped
C:\QooBox\Quarantine\catchme2008-02-06_210544.90.zip/nnnlkhi.dll Infected: Trojan.Win32.BHO.auf skipped
C:\QooBox\Quarantine\catchme2008-02-06_210544.90.zip/qtbxnbpn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-06_210544.90.zip/skkssixu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-06_210544.90.zip ZIP: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0079541.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0079542.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0079545.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0079546.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0079547.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0079548.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079585.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079712.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079714.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079716.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079717.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079718.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079719.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079720.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079802.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079805.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079806.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079807.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079808.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0079809.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080771.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080772.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080774.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080775.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080776.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080777.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080778.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080798.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080800.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080802.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080803.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080804.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080806.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080814.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080830.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080832.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080833.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080834.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080835.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080840.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0080841.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0081829.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0081830.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0081832.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0081833.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0081834.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP288\A0081835.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081852.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081853.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081855.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081857.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081858.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081859.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081861.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081883.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081895.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081988.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081990.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081991.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081992.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081993.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081994.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081995.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP289\A0081996.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP290\A0082052.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP290\A0082054.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP290\A0082055.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP290\A0082056.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP290\A0082058.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP290\A0082059.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP290\A0082061.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082093.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082173.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082174.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082175.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082176.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082177.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082179.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082187.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082188.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082190.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082191.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082193.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082201.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082212.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082223.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082225.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082226.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082227.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082228.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082231.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082252.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082257.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082259.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082260.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082261.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082262.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082265.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082275.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082297.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082299.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082302.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082303.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082304.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP291\A0082312.old Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082324.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082325.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082326.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082328.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082330.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082339.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082350.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082351.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082480.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082488.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082489.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082491.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082492.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082493.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082494.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP292\A0082495.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082523.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082608.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082609.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082610.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082611.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082612.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082613.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082641.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082643.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082644.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082646.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082647.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082648.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082649.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082650.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082667.old Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082690.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082691.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082692.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082694.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082695.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082696.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082702.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082703.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP293\A0082719.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082754.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082756.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082757.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082758.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082759.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082760.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082761.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082762.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082763.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082764.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082766.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082767.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082767.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082781.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082782.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082783.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082784.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082785.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082786.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082787.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082790.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082795.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082796.dll Infected: Trojan.Win32.BHO.auf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082797.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP294\A0082801.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082868.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082872.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082873.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082874.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082876.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082877.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082878.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082879.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082880.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082881.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082890.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082894.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0082905.old Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083873.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083875.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083876.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083877.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083878.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083879.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083883.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083884.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083895.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP295\A0083898.old Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084048.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084050.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084051.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084052.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084053.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084054.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084055.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084059.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084060.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084061.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084062.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084063.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084067.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084069.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084070.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084070.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084084.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084085.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084086.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084087.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084088.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084089.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084090.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084098.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084099.dll Infected: Trojan.Win32.BHO.auf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084100.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP297\A0084105.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084175.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084177.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084178.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084179.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084180.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084181.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084182.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084183.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP298\A0084193.old Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0084203.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0084205.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0084207.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0084208.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0084209.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0084209.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0085179.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0085180.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0085181.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0085183.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0085184.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0085185.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085192.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085194.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085205.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085207.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085208.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085209.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085210.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085211.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085212.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP301\A0085213.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP302\A0085216.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP302\A0085226.old Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085242.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085243.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085251.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085254.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085255.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085257.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085259.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085260.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085261.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085262.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085263.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0085265.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085269.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085310.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085311.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085312.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085313.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085314.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085315.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085316.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085317.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085318.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085331.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085332.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085333.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085334.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085335.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085336.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085337.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085339.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085343.dll Infected: Trojan.Win32.BHO.auf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085344.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085345.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085349.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0085350.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085812.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085815.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085816.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085817.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085818.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085819.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085820.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085822.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085823.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0085826.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085829.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085832.old Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085858.rbf Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085897.rbf Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085922.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085923.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085924.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085925.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085926.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085927.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085929.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085939.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085940.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085942.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085943.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085944.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085946.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0085947.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086000.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086001.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086011.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086015.dll Infected: Trojan.Win32.BHO.auf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086017.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086066.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP309\A0086102.old Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP311\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B89D2BA9-E2A8-488F-BDF2-F23315F62CFE}.crmlog Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP311\change.log Object is locked skipped
Scan process completed.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:57 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 5009 bytes
oxoafioxo
Active Member
 
Posts: 10
Joined: January 29th, 2008, 2:14 pm

Re: infected computer! please help!

Unread postby Simon V. » February 8th, 2008, 4:41 am

Hi :)

Please copy and paste the text in the code box into Notepad (Go to Start > Run, type Notepad and hit Enter)

Code: Select all
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
"C:\Documents and Settings\Rachel Q\Desktop\Unused Desktop Shortcuts\[4]-Submit_2008-02-05@10.14.zip"
"C:\Program Files\DellSupport\DSAgnt(2).exe"
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk(2).exe"
"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc(2).exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh(2).exe"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0


Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)

Double-click on Fix.bat to run the file.

If a Notepad document pops up, please post its contents. If not, let me know how your computer is currently running.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware