Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trying to fix my son's computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trying to fix my son's computer

Unread postby phoebe » March 15th, 2008, 3:10 pm

Thanks again! Looks like Kaspersky found a lot of stuff!

Here's the logs:

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 15, 2008 3:05:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/03/2008
Kaspersky Anti-Virus database records: 631660
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 65847
Number of viruses found: 39
Number of infected objects: 163
Number of suspicious objects: 4
Duration of the scan process: 01:14:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle6.zip/Yazzle1670OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle6.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Zach\Application Data\Avanquest\SystemSuite\Quarantine\WinProject.dll.QUAR00 Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Documents and Settings\Zach\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83357 Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\Documents and Settings\Zach\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Zach\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/a.zip.vir/Setup.exe Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/a.zip.vir Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/b.zip.vir/Video.exe Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/b.zip.vir Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/c.zip.vir/Track_03.exe Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/c.zip.vir Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip ZIP: infected - 6 skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack\GTA San Andreas.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack\GTA San Andreas.exe SetupFactory: infected - 1 skipped
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack.zip/GTA San Andreas.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack.zip/GTA San Andreas.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Zach\My Documents\nocd crack.exe Infected: not-a-virus:Downloader.Win32.Agent.h skipped
C:\Documents and Settings\Zach\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Zach\ntuser.dat.LOG Object is locked skipped
C:\Program Files\a.zip/Setup.exe Infected: Virus.Win32.Fontra.c skipped
C:\Program Files\a.zip ZIP: infected - 1 skipped
C:\Program Files\b.zip/Video.exe Infected: Virus.Win32.Fontra.c skipped
C:\Program Files\b.zip ZIP: infected - 1 skipped
C:\Program Files\c.zip/Track_03.exe Infected: Virus.Win32.Fontra.c skipped
C:\Program Files\c.zip ZIP: infected - 1 skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D03.tmp Infected: Virus.Win32.Fontra.c skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp_ae8.VIR Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\Program Files\Windows Plus\wodep.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp\bin\nls.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\QooBox\Quarantine\C\Documents and Settings\Zach\app.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Zach\install.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\Documents and Settings\Zach\My Documents\MCROSO~1.NET\nоtepad.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\QooBox\Quarantine\C\install.exe.vir Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{388EC~1\Bar888.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{388EC~2\Bar888.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{388EC~2\Update.exe.vir Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{388EC~3\system.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\DeskAlerts\deskbar.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Messenger\bapujoc.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\NoDNS\NoDNS.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\nvcoi\nvcoi.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERInst.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bisekhfu.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB/Dxc.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB/DxcRepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir CAB: infected - 5 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\2new.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004 Infected: Trojan.Win32.VB.tg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0005/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0005 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0007 Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir NSIS: infected - 10 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\Delcom.exe.vir Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\mac.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\Yzz.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\Yzz.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\zq.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dyeiywiv.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\metahpsn.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oiieglg.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ubeflrnf.dll.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-03-10_204458.81.zip Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP252\A0386618.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP252\A0386623.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386651.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386652.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386653.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386654.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386655.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386656.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386657.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386658.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386659.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386661.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386662.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386663.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386664.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386665.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386667.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386668.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386669.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386671.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386672.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386673.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386674.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386675.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386676.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386677.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386678.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386679.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386681.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386682.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386683.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386685.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386686.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386687.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386689.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386691.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386694.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386722.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386725.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386727.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386729.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386732.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386736.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386737.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386741.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386742.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386744.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386904.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386975.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386977.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386978.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386979.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386980.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386981.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386996.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe ZIP: infected - 6 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387385.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387385.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387386.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387386.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387417.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387417.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0387521.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0387525.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388069.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388075.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388076.exe Infected: not-a-virus:AdWare.Win32.Agent.aaq skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388096.exe Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388098.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388098.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388098.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388101.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388101.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388105.exe Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388113.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388114.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388114.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388114.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388185.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389262.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389264.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389266.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389271.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389272.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389273.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0002 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0004/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0004/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0004/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0004 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0005/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0005 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0007 Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe NSIS: infected - 10 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389275.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389276.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389277.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389277.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389278.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB/Dxc.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB/DxcRepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389283.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389284.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389289.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389290.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389291.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389292.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389293.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389302.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389304.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389307.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389308.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389374.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389374.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389441.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389441.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389448.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389449.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389450.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389451.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389452.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389453.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP261\A0389475.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP261\A0389485.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP261\A0389490.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP263\change.log Object is locked skipped
C:\TTC.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A17400C6-4F0C-45D5-86D6-C1C632989239}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\msbe.dll_tobedeleted Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\WINDOWS\system32\nssE.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xtz.exe Infected: not-a-virus:PSWTool.Win32.PassView.b skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\3520 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:16 PM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomehomepage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us26/n.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8233 bytes
phoebe
Active Member
 
Posts: 10
Joined: March 6th, 2008, 12:10 am
Advertisement
Register to Remove

Re: Trying to fix my son's computer

Unread postby ndmmxiaomayi » March 16th, 2008, 9:16 am

Hi,

Please open Spybot Search & Destroy.

On the left, click on Recovery.

Click on Select all at the top, then click on Purge selected items.

Close Spybot Search & Destroy.

Next...

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all
C:\Documents and Settings\Zach\Application Data\Avanquest\SystemSuite\Quarantine\WinProject.dll.QUAR00
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack\GTA San Andreas.exe
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack.zip
C:\Documents and Settings\Zach\My Documents\nocd crack.exe
C:\Program Files\a.zip
C:\Program Files\b.zip
C:\Program Files\c.zip
C:\Program Files\Morpheus\morpheustoolbar.exe
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D03.tmp
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp.dll
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp_ae8.VIR
C:\Program Files\Windows Plus\wodep.dll
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp\bin\nls.exe
C:\TTC.dll
C:\WINDOWS\system32\msbe.dll_tobedeleted
C:\WINDOWS\system32\nssE.dll
C:\WINDOWS\system32\xtz.exe


Click on MoveIt! (2).

Click on Exit (3).

Please refer to this picture for using OTMoveIt.

Image

A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers.

Please copy and paste this log in your next reply.

Please also run another Kaspersky scan and post back the scan report.

In your next reply, please post:

  1. OTMoveIt2 log (C:\_OTMoveIt\date_time.log, where date_time are numbers)
  2. A new Kaspersky scan report
  3. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trying to fix my son's computer

Unread postby phoebe » March 16th, 2008, 3:18 pm

Thanks...here's the logs:

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 16, 2008 3:08:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/03/2008
Kaspersky Anti-Virus database records: 634014
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 66133
Number of viruses found: 38
Number of infected objects: 163
Number of suspicious objects: 0
Duration of the scan process: 01:15:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Zach\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83357 Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\Documents and Settings\Zach\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Zach\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/a.zip.vir/Setup.exe Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/a.zip.vir Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/b.zip.vir/Video.exe Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/b.zip.vir Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/c.zip.vir/Track_03.exe Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip/c.zip.vir Infected: Virus.Win32.Fontra.c skipped
C:\Documents and Settings\Zach\Desktop\[4]-Submit_2008-03-12@21.57.zip ZIP: infected - 6 skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zach\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Zach\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Avanquest\SystemSuite\checksum.dat Object is locked skipped
C:\Program Files\Avanquest\SystemSuite\MXFwIMMF.dat Object is locked skipped
C:\Program Files\Avanquest\SystemSuite\MXFwTMMF.dat Object is locked skipped
C:\Program Files\Avanquest\SystemSuite\rawpacket.log Object is locked skipped
C:\Program Files\Avanquest\SystemSuite\security.log Object is locked skipped
C:\Program Files\Avanquest\SystemSuite\traffic.log Object is locked skipped
C:\Program Files\Avanquest\SystemSuite\xacl.cfg Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Zach\app.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Zach\install.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\Documents and Settings\Zach\My Documents\MCROSO~1.NET\nоtepad.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\QooBox\Quarantine\C\install.exe.vir Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{388EC~1\Bar888.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{388EC~2\Bar888.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{388EC~2\Update.exe.vir Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\{388EC~3\system.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\QooBox\Quarantine\C\Program Files\DeskAlerts\deskbar.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Messenger\bapujoc.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\NoDNS\NoDNS.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\nvcoi\nvcoi.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERInst.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bisekhfu.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB/Dxc.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB/DxcRepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bkd.exe.vir CAB: infected - 5 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\2new.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0004 Infected: Trojan.Win32.VB.tg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0005/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0005 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir/data0007 Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir NSIS: infected - 10 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\Delcom.exe.vir Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\mac.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\Yzz.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\Yzz.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\zq.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dyeiywiv.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\metahpsn.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oiieglg.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ubeflrnf.dll.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-03-10_204458.81.zip Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP252\A0386618.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP252\A0386623.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386651.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386652.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386653.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386654.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386655.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386656.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386657.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386658.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386659.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386661.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386662.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386663.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386664.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386665.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386667.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386668.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386669.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386671.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386672.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386673.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386674.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386675.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386676.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386677.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386678.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386679.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386681.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386682.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386683.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386685.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386686.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386687.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386689.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386691.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386694.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386722.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386725.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386727.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386729.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386732.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386736.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386737.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386741.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386742.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386744.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386904.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386975.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386977.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386978.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386979.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386980.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386981.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0386996.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387171.exe ZIP: infected - 6 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387385.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387385.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387386.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387386.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387417.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP253\A0387417.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0387521.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0387525.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388069.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388075.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388076.exe Infected: not-a-virus:AdWare.Win32.Agent.aaq skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388096.exe Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388098.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388098.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388098.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388101.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388101.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388105.exe Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388113.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388114.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388114.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388114.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP255\A0388185.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389262.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389264.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389266.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ai skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389271.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389272.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389273.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0002 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0004/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0004/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0004/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0004 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0005/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0005 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe/data0007 Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389274.exe NSIS: infected - 10 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389275.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389276.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389277.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389277.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389278.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB/Dxc.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB/DxcRepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389280.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389283.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389284.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389289.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389290.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389291.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389292.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389293.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389302.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389304.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389307.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389308.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389374.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP258\A0389374.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389441.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389441.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389448.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389449.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389450.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389451.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389452.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP260\A0389453.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP261\A0389475.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP261\A0389485.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP261\A0389490.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP264\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{83D60BF1-BD12-4D2E-84D3-178443E5622E}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\3520 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Documents and Settings\Zach\Application Data\Avanquest\SystemSuite\Quarantine\WinProject.dll.QUAR00 Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack\GTA San Andreas.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack\GTA San Andreas.exe SetupFactory: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack.zip/GTA San Andreas.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack.zip/GTA San Andreas.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack.zip ZIP: infected - 2 skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Documents and Settings\Zach\My Documents\nocd crack.exe Infected: not-a-virus:Downloader.Win32.Agent.h skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\a.zip/Setup.exe Infected: Virus.Win32.Fontra.c skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\a.zip ZIP: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\b.zip/Video.exe Infected: Virus.Win32.Fontra.c skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\b.zip ZIP: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\c.zip/Track_03.exe Infected: Virus.Win32.Fontra.c skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\c.zip ZIP: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\Trend Micro\Internet Security 12\Quarantine\1D03.tmp Infected: Virus.Win32.Fontra.c skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp_ae8.VIR Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\Windows Plus\wodep.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp\bin\nls.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\TTC.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\WINDOWS\system32\msbe.dll_tobedeleted Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\WINDOWS\system32\nssE.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped
C:\_OTMoveIt\MovedFiles\03162008_133653\WINDOWS\system32\xtz.exe Infected: not-a-virus:PSWTool.Win32.PassView.b skipped

Scan process completed.

OTMoveit

C:\Documents and Settings\Zach\Application Data\Avanquest\SystemSuite\Quarantine\WinProject.dll.QUAR00 moved successfully.
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack\GTA San Andreas.exe moved successfully.
C:\Documents and Settings\Zach\My Documents\gta downloads\[PC GAME] GTA San Andreas No CD crack.zip moved successfully.
C:\Documents and Settings\Zach\My Documents\nocd crack.exe moved successfully.
C:\Program Files\a.zip moved successfully.
C:\Program Files\b.zip moved successfully.
C:\Program Files\c.zip moved successfully.
C:\Program Files\Morpheus\morpheustoolbar.exe moved successfully.
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D03.tmp moved successfully.
LoadLibrary failed for C:\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp.dll
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp.dll NOT unregistered.
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp.dll moved successfully.
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\awtsp_ae8.VIR moved successfully.
LoadLibrary failed for C:\Program Files\Windows Plus\wodep.dll
C:\Program Files\Windows Plus\wodep.dll NOT unregistered.
C:\Program Files\Windows Plus\wodep.dll moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp\bin\nls.exe moved successfully.
LoadLibrary failed for C:\TTC.dll
C:\TTC.dll NOT unregistered.
C:\TTC.dll moved successfully.
C:\WINDOWS\system32\msbe.dll_tobedeleted moved successfully.
C:\WINDOWS\system32\nssE.dll unregistered successfully.
C:\WINDOWS\system32\nssE.dll moved successfully.
C:\WINDOWS\system32\xtz.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_133653

HiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:41 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomehomepage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us26/n.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8233 bytes
phoebe
Active Member
 
Posts: 10
Joined: March 6th, 2008, 12:10 am

Re: Trying to fix my son's computer

Unread postby ndmmxiaomayi » March 17th, 2008, 12:41 am

Hi,

The logs look better now. :)

Please update these programs as they are vulnerable to exploits.

Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 5.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate J2SE Runtime Environment 5.0 Update 10 and click on Change/Remove to uninstall it.
  2. Repeat for these old versions of JRE:
    • J2SE Runtime Environment 5.0 Update 8
    • Java 2 Runtime Environment, SE v1.4.2_03
  3. Click here to visit Java's website.
  4. Scroll down to Java Runtime Environment (JRE) 6 Update 5. Click on Download.
  5. Read through the License Agreement and select Accept License Agreement radio button. The page will refresh.
  6. Click on Windows Offline Installation, Multi-language to download it. Save this to a convenient location.
  7. Run this installation to update your Java.

Update Adobe Reader

  1. Please uninstall Adobe Reader 6.0.1 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 6.0.1 and click on Change/Remove to uninstall it.
  2. Click here to download the latest version of Adobe Acrobat Reader.
  3. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

    If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  4. Close your Internet browser and open it again.

Please post back a new HijackThis log after you've updated your programs.

How's the computer performing so far? Any problems?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trying to fix my son's computer

Unread postby phoebe » March 17th, 2008, 8:17 pm

Thank you so much. I installed the new Java and Adobe. The computer is running SOOOOO much better! No popups, I'm actally able to get to the internet quickly and I don't receive all the error messages anymore from my anti-virus software! You are a life saver!

Here is the HiJackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:39 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomehomepage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/n/us26/n.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9078 bytes
phoebe
Active Member
 
Posts: 10
Joined: March 6th, 2008, 12:10 am

Re: Trying to fix my son's computer

Unread postby ndmmxiaomayi » March 18th, 2008, 12:49 am

Great! :D

Remove Combofix

Now that you are clean, you need to remove Combofix.

Click on Start > Run. Copy and paste in ComboFix /u and click OK. An image is below for reference.

Image

Please also delete these files as they are no longer needed.

  1. check.bat, which I've asked you to create earlier on
  2. C:\results.txt

Remove infected files

OTMoveIt2 has moved the infected files elsewhere, and now we need to clean it up.

Double click on OTMoveIt2.

Click on CleanUp!.

You will receive a prompt that it has finished downloaded a list. Click OK.

After this, it will prompt you to restart your computer. Please restart your computer.

After you're done with the above, you can slowly read the following to prevent another infection again. :)

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Make your Internet Explorer safer

For Internet Explorer 6

  1. Open Internet Explorer. Click on Tools > Options.
  2. Click on the Security tab.
  3. Click on the Internet icon.
  4. Click on the Custom Level button.
  5. Under Download signed ActiveX controls, select Prompt.
  6. Under Download unsigned ActiveX controls, select Disable.
  7. Under Initialize and script ActiveX controls not marked as safe, select Disable.
  8. Under Installation of desktop items, select Prompt.
  9. Under Launching programs and files in an IFRAME, select Prompt.
  10. Under Navigate sub-frames across different domains, select Prompt.
  11. Under Allow paste operations via script, select Disable.
  12. Click OK to apply these settings.
  13. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  14. Press OK to exit the Internet Properties page.

For a pictorial guide, please refer to this article.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.
  2. Spyware Blaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from Javacool.

    If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.
  3. SpywareGuard
    Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.

    You can download SpywareGuard from Javacool.

    If you need help in using SpywareGuard, you can SpywareGuard's tutorial at Bleeping Computer.
  4. IE-SPYAD
    IE-SPYAD adds over 5000 sites to your Internet Explorer restricted zone so that you will be protected if the website turns out to be a bad one. Sites that are in the restricted zone of Internet Explorer can't have any scripts ran, no downloads and cookies. However, you can still connect to these sites.

    You can download IE-SPYAD from Spyware Warrior. Be sure to read the whole website carefully for instructions on usage of IE-SPYAD.
  5. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.
  6. a-squared Free
    a-squared Free is also another program for scanning spywares and adwares. It doesn't have preventive features like Spybot Search & Destroy though.

    You can download a-squared Free from here.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.
  7. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Firefox
Opera
K-Meleon

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

Here are some more things to read about:

List of clean and infected download managers
Configuring Skype
Greater email safety
Phishing - what is it?
Configuring Outlook Express
The Unofficial Cookie FAQ
Securing your home wireless network
80 Super Security Tips
The different classes of security softwares
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trying to fix my son's computer

Unread postby Elrond » March 18th, 2008, 12:28 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware