Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Web hijacking & Program manager disabled

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 23rd, 2009, 12:16 pm

Morning Dan, hope you had a great weekend. Sounds like you worked a bit.

PC is running good. NO crashing, no hijacking, no keyboard hijacking.
I noticed that it takes a longer time to get to login and then to my desktop when I turn the computer on. Is that a defrag thing maybe to do when we are done since so many things have changed? Maybe I have some startup stuff I can kill. Not sure.
I removed fulltiltpoker and installed pokerstars as you suggested. I removed the one line about the button, it was there in the hjt scan only run.

ANyway thanks for all your effort and time. Things are really shaping up

Here is the HJT log, followed by the JavaRa log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:26 AM, on 3/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Jay\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3256666875
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9E74DE-34BF-43FE-AFF9-317895B44F1D}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7244 bytes

===========================================================

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Mar 23 08:22:29 2009

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: Software\JavaSoft\Java2D\1.5.0

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\JavaPlugin.150

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150000}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm
Advertisement
Register to Remove

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 23rd, 2009, 1:43 pm

Yes, we have come a long way with this log from the one you presented me with at the beginning. :)

Couple of orphaned reg entries

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (file missing)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit


Runtime Environment (JRE) 6update 12
Please update here you go

I would like to see another online scan as we had a bad infection to deal with.
This time going to use eset:


Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.


Some usefull reading here for you

post me the eset log and a fresh HJT log

dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 23rd, 2009, 11:42 pm

I deleted the missing file entries you posted. and ran the new scan...

Question - Do we need to worry about my wives login, which is seperate than mine and used more frequently? All my work has been done from my login.

Here is the HJT log followed by the ESET scan log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:19 PM, on 3/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Jay\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3256666875
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9E74DE-34BF-43FE-AFF9-317895B44F1D}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7953 bytes

ESET log============================================

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3955 (20090323)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=f12ed078d36f3345a93dd80e79b31364
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-03-23 11:11:43
# local_time=2009-03-23 04:11:43 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=731221
# found=521
# scan_time=8776
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-5df8236a.zip multiple infiltrations 054E44A774B41DCAC152F1FA7A0459B5
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-5df8236a.zip »ZIP »MagicApplet.class Java/TrojanDownloader.OpenConnection trojan 00000000000000000000000000000000
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-5df8236a.zip »ZIP »OwnClassLoader.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-5df8236a.zip »ZIP »ProxyClassLoader.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-5df8236a.zip »ZIP »Installer.class Java/TrojanDownloader.Agent.A trojan 00000000000000000000000000000000
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-505beb86-4417056b.zip Java/TrojanDownloader.OpenStream.NAB trojan 09BCE5E1BB34F7535E41DFD8CDA38FD0
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-505beb86-4417056b.zip »ZIP »OP.class Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\uagxble.exe.vir a variant of Win32/Injector.JL trojan 8E316709E31F03C053D2F75112E8CC3C
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\plugins\npclntax.dll.vir Win32/Adware.180Solutions application 716FC302E0B3948805E45DFE6DC6D0F3
C:\Qoobox\Quarantine\C\WINDOWS\addcq.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\adddw32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addez.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addfj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addgc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addhg.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addju.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addmc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addne.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addqi32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addqp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addru32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addtg.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addtr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addum.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addvw.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addwr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addxq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\addyp.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\apian.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apiar.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apiav32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apibr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan 710E9762886B7D645C413A1527B1C6E5
C:\Qoobox\Quarantine\C\WINDOWS\apika32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apime32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apint.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apioh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apipg.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apiqt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apitb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apitq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apiwr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apixf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appej.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appfk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appfs32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apphq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appjr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\appmn.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appnw32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appqk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appsa.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\apptj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appuh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appui.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appuk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appvr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appwh.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\appyh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlai.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlan32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlas.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlay.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlcg.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atldp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlee32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlgc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlhb32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\atlhu.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atljd.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlqd.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlqs32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlsw32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atluc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlue.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlvk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlwm.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlwn32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlwq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlwz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\atlxx.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\crdu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\crfz.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\crgm.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\crgv32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\crlu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\crrd32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\cruy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\crxa.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\d3bi32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\d3dr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\d3kx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\d3mf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\d3wx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\d3zx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\iean32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iefs.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iehk.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iehl32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ieia32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\ieic32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\iejy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\iekn32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iemv32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ieor32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iepp.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ierz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ietr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ieup.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iewn32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ieyt32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iezu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\ipda32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ipdx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ipfc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iphm.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ipir.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iplg.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ipnu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ipre32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iprj.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ipst.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\iptl32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ipwi32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ipzm.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javaak.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javabw32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\javacr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javacz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javadu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javaex32.dll.bak.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan 5F84F898670E4670E3BF60511A3CE202
C:\Qoobox\Quarantine\C\WINDOWS\javafc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javafg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javagv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\javajr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javamx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javaol32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javaoz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javaps.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javapv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javaqf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javaro.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\javauo32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\javavg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcac.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcbd.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcbl32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcbn.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfccm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfccu.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfccx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfccy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcdy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcfn32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcgn32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcgt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfchq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfckk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfckw.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfclc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcmh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcoz.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcpl.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcqj.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\mfctt32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcty32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mfcwp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msak32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msde32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msdw32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msfy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msid.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msig32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msiu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\msja.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msmz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msnk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msnt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mspi.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msqp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msqq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msqx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msru32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mssa.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mssm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mstb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mstp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\mstu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msul32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msun.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msuv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msvd.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan 2D39FEE5EA5C31675A16677505BD47C8
C:\Qoobox\Quarantine\C\WINDOWS\msvr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mswb32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\msyh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\mszc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netbh.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netbx.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\nethi.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netjg.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\netjh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netkn.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netls32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netmd.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\netoj.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netox.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\netpw.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netqb32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netql32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\nettz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netub32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netuo.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\netuu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netvm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netwy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netyi.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\netym32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntaj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntbs.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntcx.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntdw32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntet.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\nteu.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\nthd32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\nthv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\nthz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntip32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntla32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntqv32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\ntqy32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntst.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntxe32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntxh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntxr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntya.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntzv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\ntzz.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\n_jroudm.dat.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan 385B7A2EBDBB12024F919E1EF51E3FE9
C:\Qoobox\Quarantine\C\WINDOWS\sdklt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sdkml.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sdkoa32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sdkoq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sdkqr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sdkqt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sdkry32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sdkti32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sdkxn32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\syscp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysdj.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysfo32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysjj.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysly.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\syspp.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysqc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysqd.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysqr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysqy32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\syssu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysvl32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\sysxy32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\syszg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winer.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winfw.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winio32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winjg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winjv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winos32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\winsc.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winsv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\wintc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\wintr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winuh.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winvg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winvh.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winwc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\winyz.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addcq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addeo32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addfm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addhk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addnu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addqy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addto.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addum.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\adduo32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\adduz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addvq.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addvz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwe32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addxx.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiad.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apias.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apibw32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiij.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiiz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apijq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apikf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apikg.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apimm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apini32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apioh.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiqq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apivo.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apivz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwo.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appbq.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appca.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appdu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appep32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appiy32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appkv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appkx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\applb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appna32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appol32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appon.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appqz.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlbt32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlce32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlex32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlyn.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlzb32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlzu.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crag32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crbo32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crca32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crcp.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crel.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crer32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crev32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crgx.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crhb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\croe32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\croo32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqo32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crsk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crww32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cryp.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3kr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3mu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3nd32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3pp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3px32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qn.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3rj.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3ur32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3zf.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dduvppfq.dll.vir a variant of Win32/Adware.Virtumonde.NEJ application 536716C929668F05A54AB43E7B122E15
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hhs3ijndfd.dll.vir Win32/TrojanDownloader.Small.NTQ trojan C8658C829C52B1A5ECBC26C7E484B89B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieae.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iecs.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieeh.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iefm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieiy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iejz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ielp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iemi32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoz.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iepk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieqo32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ierf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iesv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iexc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipcu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipdg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipew32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipfu.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iphb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iphx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipip32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjb32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjf.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipll32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipok.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ippb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ippd.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipra32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipre32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iprf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipsc.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipsk.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipxa32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipxh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaaz.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javadk32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javadt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javalk.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaoe32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaoj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaqi.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaqt32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javasr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javatu.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javavx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javavz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javayb32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javazx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfccx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcds32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcej32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcgf.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcgu.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcjf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcjh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfclw.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcor32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcpk.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcrj.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcsf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcsj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfczg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfczx.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msck.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msdm.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mslp.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mslw.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msmz.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mssh.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msti.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msud32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msvh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msws.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msxr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msxv32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mszl32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netbi32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netbt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netdl32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netgq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netii32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netjo.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netks.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netkv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netnx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netpl32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netru32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettx.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netug32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netup.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netwm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netxj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntba32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntbc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntcu32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntgb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nthj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nthy32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntjm.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntkh32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntkt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntlf.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntmf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntsg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntyf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntyq32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntzb.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkaj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkar32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkat32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkfg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkgj.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkkr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkma.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdknc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkof32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkrg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkrv.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksf32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksj32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksx32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkul.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkxr.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkxs.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkys32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkyz32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysbg.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysco32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysfe32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysfv32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\syshv32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysij32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysmv32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoe.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoe32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysqc32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\systg32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysvh.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysxm32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winba32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winbr32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winby32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winga.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winhf.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winhy32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winjq.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winjy32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winki.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winll32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winmk.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winvp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winwp32.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winwu.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winyt.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan BD2E267F2F78E717337454EF17ACF6A5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winyy.dll.vir a variant of Win32/TrojanDownloader.Agent.BQ trojan FF8B3599A2A37041E71844E7FFCC699B
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe.vir Win32/TrojanDownloader.Agent.XLW trojan 095D4850B6F85C3756316F9E47A83AAB
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_UACyyqpardn_.sys.zip Win32/Olmarik.FT trojan 3DE59ECC943527E88866351583F91D23
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_UACyyqpardn_.sys.zip »ZIP »UACyyqpardn.sys Win32/Olmarik.FT trojan 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1978\A0387113.dll Win32/TrojanDownloader.Small.NTQ trojan C8658C829C52B1A5ECBC26C7E484B89B
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 24th, 2009, 5:02 am

Ok, most of what was flagged is safe. I will deal with that once I'm happy were clean.
As for your wife's account I will need to see a HJT log from her account we will call this account B, safe confusion.

Clearing Java Cache

There's some malware in your Java cache so lets clear it.
  • Press Start
  • Go to Control Panel
  • Click Java
  • Under Temporary Internet Files click Settings...
  • Now click Delete files...
  • Select both options and click OK
  • The temporary files will now be deleted.
  • When done click OK twice and close Control Panel


Please post a HJT log from account B

dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 24th, 2009, 11:52 am

OK, I cleared Java cache on account A

On e curious thing, when ever I start HJT or combofix or possibly any other executable from my or my wifes desktop, I get a window called "Open File - Security Warning" with a RUN or Cancel button. Is that OK?

Here is the HJT log from account B

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:03 AM, on 3/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Monique\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Monique\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [oqfby2zqhwe5wwlqxh567n3] C:\DOCUME~1\Monique\LOCALS~1\Temp\aokexeffdrxg.exe
O4 - HKCU\..\Run: [d9v3r42q4h8ed6wmhcrph5khazlltatz2r1euj2z] C:\DOCUME~1\Monique\LOCALS~1\Temp\zzev7lhwg3.exe
O4 - HKCU\..\Run: [use1m91mmjefaf23chzgvt8cmwzvl6] C:\DOCUME~1\Monique\LOCALS~1\Temp\tpraducawtns5.exe
O4 - HKCU\..\Run: [ighvrailyphvsecseghz20js8] C:\DOCUME~1\Monique\LOCALS~1\Temp\n0j1kfwt.exe
O4 - HKCU\..\Run: [ygebiehdkky9q3csalvdhc] C:\DOCUME~1\Monique\LOCALS~1\Temp\zh5inkt58cx6r.exe
O4 - HKCU\..\Run: [uhrigtjymbydzg] C:\DOCUME~1\Monique\LOCALS~1\Temp\zvsfokq73yfs.exe
O4 - HKCU\..\Run: [zoghs0a5y4yni7852we967r1etuog5m3ywdy2dohqwjuc] C:\DOCUME~1\Monique\LOCALS~1\Temp\clhtes3bkzkxm.exe
O4 - HKCU\..\Run: [b026hwx2jqimgmykmv7kyhj7lhuw6vm5pmi2v72px54l] C:\DOCUME~1\Monique\LOCALS~1\Temp\kalmaqs5.exe
O4 - HKCU\..\Run: [yuohc1j4rkrg94j2lbmovxv6koeb78u6hmetw7] C:\DOCUME~1\Monique\LOCALS~1\Temp\t7odxd3c.exe
O4 - HKCU\..\Run: [b3u3s2hty2avkp5pyosn9iaolkgl3rwq22f5o1ufv] C:\DOCUME~1\Monique\LOCALS~1\Temp\zbctqb1.exe
O4 - HKCU\..\Run: [o2kqxi51rhfzi8chpdyczlr7ssp5hqrrzib1sb99hl51q0sj3x] C:\DOCUME~1\Monique\LOCALS~1\Temp\u2xeif3j85ih.exe
O4 - HKCU\..\Run: [fq8bkc4og3r1zlps] C:\DOCUME~1\Monique\LOCALS~1\Temp\pi0jkgu7rx.exe
O4 - HKCU\..\Run: [f2z35lt3znexnv8g8v1dd0nrkzgrkb98ama22stlipeflhp] C:\DOCUME~1\Monique\LOCALS~1\Temp\d6jisfsfv.exe
O4 - HKCU\..\Run: [cpi1sror5b01qbkmkmpxtrancyn1jxkz5zxsszs1] C:\DOCUME~1\Monique\LOCALS~1\Temp\gl9648c3pf.exe
O4 - HKCU\..\Run: [znj4j9jdh0rjd4larzfcn6bxkbo8koj9xfu1gys0e] C:\DOCUME~1\Monique\LOCALS~1\Temp\oullo6z5h.exe
O4 - HKCU\..\Run: [u0g8ir1j0dy0nqazczbcg3tw] C:\DOCUME~1\Monique\LOCALS~1\Temp\r5dvzhq.exe
O4 - HKCU\..\Run: [tptjcvjvmd6qu0v9jmgnp1pairnpk] C:\DOCUME~1\Monique\LOCALS~1\Temp\bsfghswavi.exe
O4 - HKCU\..\Run: [b7mrbt7vmj27p8wby] C:\DOCUME~1\Monique\LOCALS~1\Temp\cyigw4ru.exe
O4 - HKCU\..\Run: [w5khlc7zua9bx] C:\DOCUME~1\Monique\LOCALS~1\Temp\p0840dqc76lw.exe
O4 - HKCU\..\Run: [mrah1ft8xymj3n0vy7oyuklxisvivm31618c0n0afj] C:\DOCUME~1\Monique\LOCALS~1\Temp\tkrmxar41.exe
O4 - HKCU\..\Run: [asqjnph6okw0fvumuphp74nkebjac3fn0] C:\DOCUME~1\Monique\LOCALS~1\Temp\jb6hpig.exe
O4 - HKCU\..\Run: [qbk4yua291hxfhmmsrp6qhfrb7am6i5n48y56w0hc3e04] C:\DOCUME~1\Monique\LOCALS~1\Temp\wjvwokuxi7k6.exe
O4 - HKCU\..\Run: [ywwty4om3ms1711hn26xchuftb8xl8b99jr6pvyvoev] C:\DOCUME~1\Monique\LOCALS~1\Temp\h32n62.exe
O4 - HKCU\..\Run: [efqhjzmj55ud50mpnrc677cdtq] C:\DOCUME~1\Monique\LOCALS~1\Temp\yekztnnby.exe
O4 - HKCU\..\Run: [lh7rbdvwnxa5oovznexgvunry25l4kzre4p] C:\DOCUME~1\Monique\LOCALS~1\Temp\hgl810.exe
O4 - HKCU\..\Run: [jh0n9kuk46ac3e7ny4hfocmncbp1c1eq5z5bc9z] C:\DOCUME~1\Monique\LOCALS~1\Temp\o5xqewpo.exe
O4 - HKCU\..\Run: [y79ci38woimbn9dzwd8kqk7dc6y5jd7h95hs275a5kf] C:\DOCUME~1\Monique\LOCALS~1\Temp\ci80eh1.exe
O4 - HKCU\..\Run: [v0bhr0ewejc0kf9067497f9ov0p7y9y967opm] C:\DOCUME~1\Monique\LOCALS~1\Temp\zed7hrvjn.exe
O4 - HKCU\..\Run: [lvyq1qfmj8e94t949ye7bxnbq2oenv14c6dgxwkpm46k38sf] C:\DOCUME~1\Monique\LOCALS~1\Temp\g3ppun8eak2.exe
O4 - HKCU\..\Run: [kc315ocpwcl8qvbwzofq1likp07axioavkl] C:\DOCUME~1\Monique\LOCALS~1\Temp\yzw9tsz5tee.exe
O4 - HKCU\..\Run: [a9b0dzpjn9q7xezq1hnypg6w6] C:\DOCUME~1\Monique\LOCALS~1\Temp\gd3s03p.exe
O4 - HKCU\..\Run: [p4ez5ol6wwpmt5mu8sirhlxdvvxohm8a] C:\DOCUME~1\Monique\LOCALS~1\Temp\n2fadz299.exe
O4 - HKCU\..\Run: [nfezwws7xllv4hyqtpiiwre5p7gsyq1dgxb65bh3] C:\DOCUME~1\Monique\LOCALS~1\Temp\lusx85a5pa37q.exe
O4 - HKCU\..\Run: [p2fljzdske3jbkic72so4ib769f12qcv07orulfjam6zg6] C:\DOCUME~1\Monique\LOCALS~1\Temp\z2knz9yax48px.exe
O4 - HKCU\..\Run: [r7rq55zlkyqvg3aacc64i3kkhlc8yvbjzw] C:\DOCUME~1\Monique\LOCALS~1\Temp\td20l9kwrac2p.exe
O4 - HKCU\..\Run: [b9rwdfoc4] C:\DOCUME~1\Monique\LOCALS~1\Temp\wnxkrp1dk.exe
O4 - HKCU\..\Run: [om3edos6eq0c9cyrvtmca] C:\DOCUME~1\Monique\LOCALS~1\Temp\pa92yucf4n.exe
O4 - HKCU\..\Run: [jt3u0pa333jtmi82fwagqtn9xru9tejtizsh69eshugfebxlk1] C:\DOCUME~1\Monique\LOCALS~1\Temp\d11spy03ch.exe
O4 - HKCU\..\Run: [rc1eqqwnjeofe5wq6ic15k63bg9wiiauld5kfxfu] C:\DOCUME~1\Monique\LOCALS~1\Temp\vjrdekw8e.exe
O4 - HKCU\..\Run: [l7np8go0zkhibeulzv9yky] C:\DOCUME~1\Monique\LOCALS~1\Temp\fidtf7k.exe
O4 - HKCU\..\Run: [o26rlk76ees5gnlqeovv7jqpuewebl7vxt7t1p81] C:\DOCUME~1\Monique\LOCALS~1\Temp\fe1yf1.exe
O4 - HKCU\..\Run: [est463bpxlf7phvrj49yce4wptjapgq92] C:\DOCUME~1\Monique\LOCALS~1\Temp\nq40319yys.exe
O4 - HKCU\..\Run: [zqg2jv8hwrtue4punpoowpauvg] C:\DOCUME~1\Monique\LOCALS~1\Temp\eiix9jquwx.exe
O4 - HKCU\..\Run: [eaei9wr1710khh6ty4huzp] C:\DOCUME~1\Monique\LOCALS~1\Temp\v4frr5w.exe
O4 - HKCU\..\Run: [vq3hd1qsn8gia] C:\DOCUME~1\Monique\LOCALS~1\Temp\slssb4r.exe
O4 - HKCU\..\Run: [bz5twrnexjhlv5] C:\DOCUME~1\Monique\LOCALS~1\Temp\p5bkfhx8rlxis.exe
O4 - HKCU\..\Run: [ku0roy67d22h90p9tbva291ntka] C:\DOCUME~1\Monique\LOCALS~1\Temp\zza3bdop.exe
O4 - HKCU\..\Run: [nymvz4qt449iofp59wptbdh2xd9xtr4zs6yjk38nyqzqw] C:\DOCUME~1\Monique\LOCALS~1\Temp\smm2izzr0.exe
O4 - HKCU\..\Run: [t2jt7h50nbqa] C:\DOCUME~1\Monique\LOCALS~1\Temp\vkt54ebumm.exe
O4 - HKCU\..\Run: [v924f6zn4qxiw1fg0d7i7qcmgyb] C:\DOCUME~1\Monique\LOCALS~1\Temp\baijdmof3ni.exe
O4 - HKCU\..\Run: [ed8qpfqf9rzfolw] C:\DOCUME~1\Monique\LOCALS~1\Temp\qei8z2gf.exe
O4 - HKCU\..\Run: [nnp48b0h9lwm7j5ci72] C:\DOCUME~1\Monique\LOCALS~1\Temp\vd2oht98.exe
O4 - HKCU\..\Run: [daozrlwnuqa8ci8tr37k48a9355yj] C:\DOCUME~1\Monique\LOCALS~1\Temp\klx8hzowadd.exe
O4 - HKCU\..\Run: [lenrkqy7d0b4b40m8n1mzp4] C:\DOCUME~1\Monique\LOCALS~1\Temp\su9rrsljrj.exe
O4 - HKCU\..\Run: [td4db3s9n0pma9w3q3xh6d3xkk2szv1fsgj3l] C:\DOCUME~1\Monique\LOCALS~1\Temp\oagandd.exe
O4 - HKCU\..\Run: [h19gw1lvvwjkk8ue3uuq] C:\DOCUME~1\Monique\LOCALS~1\Temp\yjbv2nv.exe
O4 - HKCU\..\Run: [ph558x8pqdgd1hu5t10w5dao2u6o1bfx1jtuw0tuqmzvh62] C:\DOCUME~1\Monique\LOCALS~1\Temp\dibunjsqd1.exe
O4 - HKCU\..\Run: [z6yzctif290tq6iolue6] C:\DOCUME~1\Monique\LOCALS~1\Temp\u6yvctroixkd.exe
O4 - HKCU\..\Run: [yfbloew5hjcqfi8rdkgxshhhg4l1abpqe] C:\DOCUME~1\Monique\LOCALS~1\Temp\nhtxsw742le5.exe
O4 - HKCU\..\Run: [vnc6bf2iadknnnednvgvhzlhzxqnq77em85ffcoayttiyee8] C:\DOCUME~1\Monique\LOCALS~1\Temp\qrohycol.exe
O4 - HKCU\..\Run: [urapd56y26wwltq4ke098yg8to3iuo9n6ophj4vfjhatcj] C:\DOCUME~1\Monique\LOCALS~1\Temp\qd717tt.exe
O4 - HKCU\..\Run: [bmjyjigp35irn5q37ho30j5sqx8ssk3dpqacth4r9xduq] C:\DOCUME~1\Monique\LOCALS~1\Temp\h4s75focwresh.exe
O4 - HKCU\..\Run: [y28k4knnokirhm0i2j7sna8jc7mg1jt3rfavu21b2vay2] C:\DOCUME~1\Monique\LOCALS~1\Temp\hh4xepyy1mt.exe
O4 - HKCU\..\Run: [yzpq889ub3qu9m920tbxwb8lqf3] C:\DOCUME~1\Monique\LOCALS~1\Temp\q0xum03lc.exe
O4 - HKCU\..\Run: [mzu2rjec6i2w4p9cvgc777oownshaehqg] C:\DOCUME~1\Monique\LOCALS~1\Temp\dymng3.exe
O4 - HKCU\..\Run: [uqdytuq1izu6kcqzkaea] C:\DOCUME~1\Monique\LOCALS~1\Temp\naxxn9.exe
O4 - HKCU\..\Run: [zz6pmawxmssmrjocdixhy43ngksdr7u4wtamfxu6i221g] C:\DOCUME~1\Monique\LOCALS~1\Temp\wkifiu5y7cqb0.exe
O4 - HKCU\..\Run: [mhgqlxoa2qpi82axzpj658910ogod31] C:\DOCUME~1\Monique\LOCALS~1\Temp\cbo0ab7h973hw.exe
O4 - HKCU\..\Run: [u92j4db2ng1zfxsnui51sfp3bt4enjw5cbz7j9o01porh8ybs] C:\DOCUME~1\Monique\LOCALS~1\Temp\ysgsaa5u.exe
O4 - HKCU\..\Run: [iht0afy68rjvgrm55ge] C:\DOCUME~1\Monique\LOCALS~1\Temp\h55w5qzqx.exe
O4 - HKCU\..\Run: [gj7x9n45vr043uq3ld6jhvdw2mp99rgle39y] C:\DOCUME~1\Monique\LOCALS~1\Temp\m7lhwcohq1nwy.exe
O4 - HKCU\..\Run: [dq9khfsw03f32b2669iplyfesehrsumou6xbjp] C:\DOCUME~1\Monique\LOCALS~1\Temp\vuaowc.exe
O4 - HKCU\..\Run: [pspucsuposzv4egtgijfjhep] C:\DOCUME~1\Monique\LOCALS~1\Temp\dv7i7889mq.exe
O4 - HKCU\..\Run: [l0vhv46uw] C:\DOCUME~1\Monique\LOCALS~1\Temp\qlk5i14l.exe
O4 - HKCU\..\Run: [tnxritnkvu9b80jynp] C:\DOCUME~1\Monique\LOCALS~1\Temp\tvf8oh42g392.exe
O4 - HKCU\..\Run: [z6vws7zym1kj96zgf3u6zzt04qv] C:\DOCUME~1\Monique\LOCALS~1\Temp\exyrur6ejl9ty.exe
O4 - HKCU\..\Run: [wfuhx9thqfbt7sr7j2gmlsgezvlsr] C:\DOCUME~1\Monique\LOCALS~1\Temp\l1ow3k54zg.exe
O4 - HKCU\..\Run: [p45rtk5odszhyfehuikqw3hog4xu5] C:\DOCUME~1\Monique\LOCALS~1\Temp\gzz3i22.exe
O4 - HKCU\..\Run: [lvhb45j9e5] C:\DOCUME~1\Monique\LOCALS~1\Temp\idd6emxing.exe
O4 - HKCU\..\Run: [jzuerffppasoi9zya8lcn3rd2zb3a] C:\DOCUME~1\Monique\LOCALS~1\Temp\rrqzzd0cz.exe
O4 - HKCU\..\Run: [d9z99lhtla59xj9udh1y3n5mlxfjm0] C:\DOCUME~1\Monique\LOCALS~1\Temp\bbjfgt.exe
O4 - HKCU\..\Run: [kdmhxogfslbko] C:\DOCUME~1\Monique\LOCALS~1\Temp\ezir9bzr6u1.exe
O4 - HKCU\..\Run: [oguu9v9cn9t8qgci4f] C:\DOCUME~1\Monique\LOCALS~1\Temp\qxvsn0spob.exe
O4 - HKCU\..\Run: [etkz99qd0vw6m3wltr] C:\DOCUME~1\Monique\LOCALS~1\Temp\ute88pom.exe
O4 - HKCU\..\Run: [vlywa7vlrttokgxf] C:\DOCUME~1\Monique\LOCALS~1\Temp\j6ytrttn.exe
O4 - HKCU\..\Run: [mxcv6mj28s] C:\DOCUME~1\Monique\LOCALS~1\Temp\r0tsm5moby0r.exe
O4 - HKCU\..\Run: [hfxuufu8z15dguypx7] C:\DOCUME~1\Monique\LOCALS~1\Temp\rakwc1yf.exe
O4 - HKCU\..\Run: [h1ma30hpgw55jkyrq8yanxgo5dw] C:\DOCUME~1\Monique\LOCALS~1\Temp\dprcnyiv7m.exe
O4 - HKCU\..\Run: [u63sio87dl1kfqhq6b61v4dl6mfcdq1g57k68] C:\DOCUME~1\Monique\LOCALS~1\Temp\ry7tqaoug18.exe
O4 - HKCU\..\Run: [kb1dkdsz2] C:\DOCUME~1\Monique\LOCALS~1\Temp\y0i09hggx8g.exe
O4 - HKCU\..\Run: [hiowi4d2nr5supqwlkah37] C:\DOCUME~1\Monique\LOCALS~1\Temp\n5ywjszpas.exe
O4 - HKCU\..\Run: [anizfvms84est] C:\DOCUME~1\Monique\LOCALS~1\Temp\davxbogx8cg1b.exe
O4 - HKCU\..\Run: [zf4ykvejh6irc00] C:\DOCUME~1\Monique\LOCALS~1\Temp\gpy1h2.exe
O4 - HKCU\..\Run: [scnxpb2xbscud] C:\DOCUME~1\Monique\LOCALS~1\Temp\zkj4ybyvq6.exe
O4 - HKCU\..\Run: [gutw4qny54b21xyxua3m4b3a9rwzmx546292gfpgj5dl5mth] C:\DOCUME~1\Monique\LOCALS~1\Temp\kwh6pyj.exe
O4 - HKCU\..\Run: [rohw9yhv81y9maad3jibu9kfey1wd7rx747bhpd] C:\DOCUME~1\Monique\LOCALS~1\Temp\jknbmvfh.exe
O4 - HKCU\..\Run: [sc9rkahrbar0z1fetowygcuethb6xk1cs] C:\DOCUME~1\Monique\LOCALS~1\Temp\oafvu1319wd4.exe
O4 - HKCU\..\Run: [aru0v5gbc9fe9x1abxutmnxeee3mzy] C:\DOCUME~1\Monique\LOCALS~1\Temp\j1o04c36.exe
O4 - HKCU\..\Run: [jj87oiywyx1x7wadllsxgsd4fpjzzxbze2yeffdcrp1pwyda7j] C:\DOCUME~1\Monique\LOCALS~1\Temp\orgkczrqvhgh.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Monique\Local Settings\Temp\{413483A4-7BE2-434B-920F-D2E8D0D63A19}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3256666875
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9E74DE-34BF-43FE-AFF9-317895B44F1D}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 17905 bytes
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 24th, 2009, 1:31 pm

From account B

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

-----------------------------



Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit




Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Post a fresh HJT log and the kaspersky report
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 25th, 2009, 5:35 am

Hey Dan, for account B:

Here is the latest HJT log followed by Kaspersky...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:36 AM, on 3/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\Monique\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Monique\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [oqfby2zqhwe5wwlqxh567n3] C:\DOCUME~1\Monique\LOCALS~1\Temp\aokexeffdrxg.exe
O4 - HKCU\..\Run: [d9v3r42q4h8ed6wmhcrph5khazlltatz2r1euj2z] C:\DOCUME~1\Monique\LOCALS~1\Temp\zzev7lhwg3.exe
O4 - HKCU\..\Run: [use1m91mmjefaf23chzgvt8cmwzvl6] C:\DOCUME~1\Monique\LOCALS~1\Temp\tpraducawtns5.exe
O4 - HKCU\..\Run: [ighvrailyphvsecseghz20js8] C:\DOCUME~1\Monique\LOCALS~1\Temp\n0j1kfwt.exe
O4 - HKCU\..\Run: [ygebiehdkky9q3csalvdhc] C:\DOCUME~1\Monique\LOCALS~1\Temp\zh5inkt58cx6r.exe
O4 - HKCU\..\Run: [uhrigtjymbydzg] C:\DOCUME~1\Monique\LOCALS~1\Temp\zvsfokq73yfs.exe
O4 - HKCU\..\Run: [zoghs0a5y4yni7852we967r1etuog5m3ywdy2dohqwjuc] C:\DOCUME~1\Monique\LOCALS~1\Temp\clhtes3bkzkxm.exe
O4 - HKCU\..\Run: [b026hwx2jqimgmykmv7kyhj7lhuw6vm5pmi2v72px54l] C:\DOCUME~1\Monique\LOCALS~1\Temp\kalmaqs5.exe
O4 - HKCU\..\Run: [yuohc1j4rkrg94j2lbmovxv6koeb78u6hmetw7] C:\DOCUME~1\Monique\LOCALS~1\Temp\t7odxd3c.exe
O4 - HKCU\..\Run: [b3u3s2hty2avkp5pyosn9iaolkgl3rwq22f5o1ufv] C:\DOCUME~1\Monique\LOCALS~1\Temp\zbctqb1.exe
O4 - HKCU\..\Run: [o2kqxi51rhfzi8chpdyczlr7ssp5hqrrzib1sb99hl51q0sj3x] C:\DOCUME~1\Monique\LOCALS~1\Temp\u2xeif3j85ih.exe
O4 - HKCU\..\Run: [fq8bkc4og3r1zlps] C:\DOCUME~1\Monique\LOCALS~1\Temp\pi0jkgu7rx.exe
O4 - HKCU\..\Run: [f2z35lt3znexnv8g8v1dd0nrkzgrkb98ama22stlipeflhp] C:\DOCUME~1\Monique\LOCALS~1\Temp\d6jisfsfv.exe
O4 - HKCU\..\Run: [cpi1sror5b01qbkmkmpxtrancyn1jxkz5zxsszs1] C:\DOCUME~1\Monique\LOCALS~1\Temp\gl9648c3pf.exe
O4 - HKCU\..\Run: [znj4j9jdh0rjd4larzfcn6bxkbo8koj9xfu1gys0e] C:\DOCUME~1\Monique\LOCALS~1\Temp\oullo6z5h.exe
O4 - HKCU\..\Run: [u0g8ir1j0dy0nqazczbcg3tw] C:\DOCUME~1\Monique\LOCALS~1\Temp\r5dvzhq.exe
O4 - HKCU\..\Run: [tptjcvjvmd6qu0v9jmgnp1pairnpk] C:\DOCUME~1\Monique\LOCALS~1\Temp\bsfghswavi.exe
O4 - HKCU\..\Run: [b7mrbt7vmj27p8wby] C:\DOCUME~1\Monique\LOCALS~1\Temp\cyigw4ru.exe
O4 - HKCU\..\Run: [w5khlc7zua9bx] C:\DOCUME~1\Monique\LOCALS~1\Temp\p0840dqc76lw.exe
O4 - HKCU\..\Run: [mrah1ft8xymj3n0vy7oyuklxisvivm31618c0n0afj] C:\DOCUME~1\Monique\LOCALS~1\Temp\tkrmxar41.exe
O4 - HKCU\..\Run: [asqjnph6okw0fvumuphp74nkebjac3fn0] C:\DOCUME~1\Monique\LOCALS~1\Temp\jb6hpig.exe
O4 - HKCU\..\Run: [qbk4yua291hxfhmmsrp6qhfrb7am6i5n48y56w0hc3e04] C:\DOCUME~1\Monique\LOCALS~1\Temp\wjvwokuxi7k6.exe
O4 - HKCU\..\Run: [ywwty4om3ms1711hn26xchuftb8xl8b99jr6pvyvoev] C:\DOCUME~1\Monique\LOCALS~1\Temp\h32n62.exe
O4 - HKCU\..\Run: [efqhjzmj55ud50mpnrc677cdtq] C:\DOCUME~1\Monique\LOCALS~1\Temp\yekztnnby.exe
O4 - HKCU\..\Run: [lh7rbdvwnxa5oovznexgvunry25l4kzre4p] C:\DOCUME~1\Monique\LOCALS~1\Temp\hgl810.exe
O4 - HKCU\..\Run: [jh0n9kuk46ac3e7ny4hfocmncbp1c1eq5z5bc9z] C:\DOCUME~1\Monique\LOCALS~1\Temp\o5xqewpo.exe
O4 - HKCU\..\Run: [y79ci38woimbn9dzwd8kqk7dc6y5jd7h95hs275a5kf] C:\DOCUME~1\Monique\LOCALS~1\Temp\ci80eh1.exe
O4 - HKCU\..\Run: [v0bhr0ewejc0kf9067497f9ov0p7y9y967opm] C:\DOCUME~1\Monique\LOCALS~1\Temp\zed7hrvjn.exe
O4 - HKCU\..\Run: [lvyq1qfmj8e94t949ye7bxnbq2oenv14c6dgxwkpm46k38sf] C:\DOCUME~1\Monique\LOCALS~1\Temp\g3ppun8eak2.exe
O4 - HKCU\..\Run: [kc315ocpwcl8qvbwzofq1likp07axioavkl] C:\DOCUME~1\Monique\LOCALS~1\Temp\yzw9tsz5tee.exe
O4 - HKCU\..\Run: [a9b0dzpjn9q7xezq1hnypg6w6] C:\DOCUME~1\Monique\LOCALS~1\Temp\gd3s03p.exe
O4 - HKCU\..\Run: [p4ez5ol6wwpmt5mu8sirhlxdvvxohm8a] C:\DOCUME~1\Monique\LOCALS~1\Temp\n2fadz299.exe
O4 - HKCU\..\Run: [nfezwws7xllv4hyqtpiiwre5p7gsyq1dgxb65bh3] C:\DOCUME~1\Monique\LOCALS~1\Temp\lusx85a5pa37q.exe
O4 - HKCU\..\Run: [p2fljzdske3jbkic72so4ib769f12qcv07orulfjam6zg6] C:\DOCUME~1\Monique\LOCALS~1\Temp\z2knz9yax48px.exe
O4 - HKCU\..\Run: [r7rq55zlkyqvg3aacc64i3kkhlc8yvbjzw] C:\DOCUME~1\Monique\LOCALS~1\Temp\td20l9kwrac2p.exe
O4 - HKCU\..\Run: [b9rwdfoc4] C:\DOCUME~1\Monique\LOCALS~1\Temp\wnxkrp1dk.exe
O4 - HKCU\..\Run: [om3edos6eq0c9cyrvtmca] C:\DOCUME~1\Monique\LOCALS~1\Temp\pa92yucf4n.exe
O4 - HKCU\..\Run: [jt3u0pa333jtmi82fwagqtn9xru9tejtizsh69eshugfebxlk1] C:\DOCUME~1\Monique\LOCALS~1\Temp\d11spy03ch.exe
O4 - HKCU\..\Run: [rc1eqqwnjeofe5wq6ic15k63bg9wiiauld5kfxfu] C:\DOCUME~1\Monique\LOCALS~1\Temp\vjrdekw8e.exe
O4 - HKCU\..\Run: [l7np8go0zkhibeulzv9yky] C:\DOCUME~1\Monique\LOCALS~1\Temp\fidtf7k.exe
O4 - HKCU\..\Run: [o26rlk76ees5gnlqeovv7jqpuewebl7vxt7t1p81] C:\DOCUME~1\Monique\LOCALS~1\Temp\fe1yf1.exe
O4 - HKCU\..\Run: [est463bpxlf7phvrj49yce4wptjapgq92] C:\DOCUME~1\Monique\LOCALS~1\Temp\nq40319yys.exe
O4 - HKCU\..\Run: [zqg2jv8hwrtue4punpoowpauvg] C:\DOCUME~1\Monique\LOCALS~1\Temp\eiix9jquwx.exe
O4 - HKCU\..\Run: [eaei9wr1710khh6ty4huzp] C:\DOCUME~1\Monique\LOCALS~1\Temp\v4frr5w.exe
O4 - HKCU\..\Run: [vq3hd1qsn8gia] C:\DOCUME~1\Monique\LOCALS~1\Temp\slssb4r.exe
O4 - HKCU\..\Run: [bz5twrnexjhlv5] C:\DOCUME~1\Monique\LOCALS~1\Temp\p5bkfhx8rlxis.exe
O4 - HKCU\..\Run: [ku0roy67d22h90p9tbva291ntka] C:\DOCUME~1\Monique\LOCALS~1\Temp\zza3bdop.exe
O4 - HKCU\..\Run: [nymvz4qt449iofp59wptbdh2xd9xtr4zs6yjk38nyqzqw] C:\DOCUME~1\Monique\LOCALS~1\Temp\smm2izzr0.exe
O4 - HKCU\..\Run: [t2jt7h50nbqa] C:\DOCUME~1\Monique\LOCALS~1\Temp\vkt54ebumm.exe
O4 - HKCU\..\Run: [v924f6zn4qxiw1fg0d7i7qcmgyb] C:\DOCUME~1\Monique\LOCALS~1\Temp\baijdmof3ni.exe
O4 - HKCU\..\Run: [ed8qpfqf9rzfolw] C:\DOCUME~1\Monique\LOCALS~1\Temp\qei8z2gf.exe
O4 - HKCU\..\Run: [nnp48b0h9lwm7j5ci72] C:\DOCUME~1\Monique\LOCALS~1\Temp\vd2oht98.exe
O4 - HKCU\..\Run: [daozrlwnuqa8ci8tr37k48a9355yj] C:\DOCUME~1\Monique\LOCALS~1\Temp\klx8hzowadd.exe
O4 - HKCU\..\Run: [lenrkqy7d0b4b40m8n1mzp4] C:\DOCUME~1\Monique\LOCALS~1\Temp\su9rrsljrj.exe
O4 - HKCU\..\Run: [td4db3s9n0pma9w3q3xh6d3xkk2szv1fsgj3l] C:\DOCUME~1\Monique\LOCALS~1\Temp\oagandd.exe
O4 - HKCU\..\Run: [h19gw1lvvwjkk8ue3uuq] C:\DOCUME~1\Monique\LOCALS~1\Temp\yjbv2nv.exe
O4 - HKCU\..\Run: [ph558x8pqdgd1hu5t10w5dao2u6o1bfx1jtuw0tuqmzvh62] C:\DOCUME~1\Monique\LOCALS~1\Temp\dibunjsqd1.exe
O4 - HKCU\..\Run: [z6yzctif290tq6iolue6] C:\DOCUME~1\Monique\LOCALS~1\Temp\u6yvctroixkd.exe
O4 - HKCU\..\Run: [yfbloew5hjcqfi8rdkgxshhhg4l1abpqe] C:\DOCUME~1\Monique\LOCALS~1\Temp\nhtxsw742le5.exe
O4 - HKCU\..\Run: [vnc6bf2iadknnnednvgvhzlhzxqnq77em85ffcoayttiyee8] C:\DOCUME~1\Monique\LOCALS~1\Temp\qrohycol.exe
O4 - HKCU\..\Run: [urapd56y26wwltq4ke098yg8to3iuo9n6ophj4vfjhatcj] C:\DOCUME~1\Monique\LOCALS~1\Temp\qd717tt.exe
O4 - HKCU\..\Run: [bmjyjigp35irn5q37ho30j5sqx8ssk3dpqacth4r9xduq] C:\DOCUME~1\Monique\LOCALS~1\Temp\h4s75focwresh.exe
O4 - HKCU\..\Run: [y28k4knnokirhm0i2j7sna8jc7mg1jt3rfavu21b2vay2] C:\DOCUME~1\Monique\LOCALS~1\Temp\hh4xepyy1mt.exe
O4 - HKCU\..\Run: [yzpq889ub3qu9m920tbxwb8lqf3] C:\DOCUME~1\Monique\LOCALS~1\Temp\q0xum03lc.exe
O4 - HKCU\..\Run: [mzu2rjec6i2w4p9cvgc777oownshaehqg] C:\DOCUME~1\Monique\LOCALS~1\Temp\dymng3.exe
O4 - HKCU\..\Run: [uqdytuq1izu6kcqzkaea] C:\DOCUME~1\Monique\LOCALS~1\Temp\naxxn9.exe
O4 - HKCU\..\Run: [zz6pmawxmssmrjocdixhy43ngksdr7u4wtamfxu6i221g] C:\DOCUME~1\Monique\LOCALS~1\Temp\wkifiu5y7cqb0.exe
O4 - HKCU\..\Run: [mhgqlxoa2qpi82axzpj658910ogod31] C:\DOCUME~1\Monique\LOCALS~1\Temp\cbo0ab7h973hw.exe
O4 - HKCU\..\Run: [u92j4db2ng1zfxsnui51sfp3bt4enjw5cbz7j9o01porh8ybs] C:\DOCUME~1\Monique\LOCALS~1\Temp\ysgsaa5u.exe
O4 - HKCU\..\Run: [iht0afy68rjvgrm55ge] C:\DOCUME~1\Monique\LOCALS~1\Temp\h55w5qzqx.exe
O4 - HKCU\..\Run: [gj7x9n45vr043uq3ld6jhvdw2mp99rgle39y] C:\DOCUME~1\Monique\LOCALS~1\Temp\m7lhwcohq1nwy.exe
O4 - HKCU\..\Run: [dq9khfsw03f32b2669iplyfesehrsumou6xbjp] C:\DOCUME~1\Monique\LOCALS~1\Temp\vuaowc.exe
O4 - HKCU\..\Run: [pspucsuposzv4egtgijfjhep] C:\DOCUME~1\Monique\LOCALS~1\Temp\dv7i7889mq.exe
O4 - HKCU\..\Run: [l0vhv46uw] C:\DOCUME~1\Monique\LOCALS~1\Temp\qlk5i14l.exe
O4 - HKCU\..\Run: [tnxritnkvu9b80jynp] C:\DOCUME~1\Monique\LOCALS~1\Temp\tvf8oh42g392.exe
O4 - HKCU\..\Run: [z6vws7zym1kj96zgf3u6zzt04qv] C:\DOCUME~1\Monique\LOCALS~1\Temp\exyrur6ejl9ty.exe
O4 - HKCU\..\Run: [wfuhx9thqfbt7sr7j2gmlsgezvlsr] C:\DOCUME~1\Monique\LOCALS~1\Temp\l1ow3k54zg.exe
O4 - HKCU\..\Run: [p45rtk5odszhyfehuikqw3hog4xu5] C:\DOCUME~1\Monique\LOCALS~1\Temp\gzz3i22.exe
O4 - HKCU\..\Run: [lvhb45j9e5] C:\DOCUME~1\Monique\LOCALS~1\Temp\idd6emxing.exe
O4 - HKCU\..\Run: [jzuerffppasoi9zya8lcn3rd2zb3a] C:\DOCUME~1\Monique\LOCALS~1\Temp\rrqzzd0cz.exe
O4 - HKCU\..\Run: [d9z99lhtla59xj9udh1y3n5mlxfjm0] C:\DOCUME~1\Monique\LOCALS~1\Temp\bbjfgt.exe
O4 - HKCU\..\Run: [kdmhxogfslbko] C:\DOCUME~1\Monique\LOCALS~1\Temp\ezir9bzr6u1.exe
O4 - HKCU\..\Run: [oguu9v9cn9t8qgci4f] C:\DOCUME~1\Monique\LOCALS~1\Temp\qxvsn0spob.exe
O4 - HKCU\..\Run: [etkz99qd0vw6m3wltr] C:\DOCUME~1\Monique\LOCALS~1\Temp\ute88pom.exe
O4 - HKCU\..\Run: [vlywa7vlrttokgxf] C:\DOCUME~1\Monique\LOCALS~1\Temp\j6ytrttn.exe
O4 - HKCU\..\Run: [mxcv6mj28s] C:\DOCUME~1\Monique\LOCALS~1\Temp\r0tsm5moby0r.exe
O4 - HKCU\..\Run: [hfxuufu8z15dguypx7] C:\DOCUME~1\Monique\LOCALS~1\Temp\rakwc1yf.exe
O4 - HKCU\..\Run: [h1ma30hpgw55jkyrq8yanxgo5dw] C:\DOCUME~1\Monique\LOCALS~1\Temp\dprcnyiv7m.exe
O4 - HKCU\..\Run: [u63sio87dl1kfqhq6b61v4dl6mfcdq1g57k68] C:\DOCUME~1\Monique\LOCALS~1\Temp\ry7tqaoug18.exe
O4 - HKCU\..\Run: [kb1dkdsz2] C:\DOCUME~1\Monique\LOCALS~1\Temp\y0i09hggx8g.exe
O4 - HKCU\..\Run: [hiowi4d2nr5supqwlkah37] C:\DOCUME~1\Monique\LOCALS~1\Temp\n5ywjszpas.exe
O4 - HKCU\..\Run: [anizfvms84est] C:\DOCUME~1\Monique\LOCALS~1\Temp\davxbogx8cg1b.exe
O4 - HKCU\..\Run: [zf4ykvejh6irc00] C:\DOCUME~1\Monique\LOCALS~1\Temp\gpy1h2.exe
O4 - HKCU\..\Run: [scnxpb2xbscud] C:\DOCUME~1\Monique\LOCALS~1\Temp\zkj4ybyvq6.exe
O4 - HKCU\..\Run: [gutw4qny54b21xyxua3m4b3a9rwzmx546292gfpgj5dl5mth] C:\DOCUME~1\Monique\LOCALS~1\Temp\kwh6pyj.exe
O4 - HKCU\..\Run: [rohw9yhv81y9maad3jibu9kfey1wd7rx747bhpd] C:\DOCUME~1\Monique\LOCALS~1\Temp\jknbmvfh.exe
O4 - HKCU\..\Run: [sc9rkahrbar0z1fetowygcuethb6xk1cs] C:\DOCUME~1\Monique\LOCALS~1\Temp\oafvu1319wd4.exe
O4 - HKCU\..\Run: [aru0v5gbc9fe9x1abxutmnxeee3mzy] C:\DOCUME~1\Monique\LOCALS~1\Temp\j1o04c36.exe
O4 - HKCU\..\Run: [jj87oiywyx1x7wadllsxgsd4fpjzzxbze2yeffdcrp1pwyda7j] C:\DOCUME~1\Monique\LOCALS~1\Temp\orgkczrqvhgh.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Monique\Local Settings\Temp\{413483A4-7BE2-434B-920F-D2E8D0D63A19}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3256666875
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9E74DE-34BF-43FE-AFF9-317895B44F1D}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 17710 bytes

====================================================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, March 25, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 25, 2009 00:35:05
Records in database: 1964820
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 136679
Threat name: 10
Infected objects: 518
Suspicious objects: 0
Duration of the scan: 05:04:54


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\uagxble.exe.vir Infected: Trojan-Downloader.Win32.Agent.bjge 1
C:\Qoobox\Quarantine\C\WINDOWS\addcq.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\adddw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addez.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addfj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addgc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addhg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addju.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addmc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addne.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addqi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addqp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addru32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addtg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addtr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addum.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addvw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addwr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addxq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\addyp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apian.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apiar.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apiav32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apibr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apika32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apime32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apint.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apioh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apipg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apiqt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apitb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apitq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apiwr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apixf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appej.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appfk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appfs32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apphq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appjr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appmn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appnw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appqk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appsa.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\apptj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appuh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appui.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appuk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appvr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appwh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\appyh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlai.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlan32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlas.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlay.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlcg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atldp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlee32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlgc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlhb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlhu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atljd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlqd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlqs32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlsw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atluc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlue.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlvk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlwm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlwn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlwq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlwz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\atlxx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crdu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crfz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crgm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crgv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crlu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crrd32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\cruy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\crxa.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3bi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3dr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3kx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3mf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3wx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\d3zx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iean32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iefs.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iehk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iehl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieia32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieic32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iejy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iekn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iemv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieor32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iepp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ierz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ietr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieup.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iewn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ieyt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iezu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipda32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipdx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipfc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iphm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipir.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iplg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipnu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipre32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iprj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipst.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\iptl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipwi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ipzm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaak.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javabw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javacr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javacz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javadu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaex32.dll.bak.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javafc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javafg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javagv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javajr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javamx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaol32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaoz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaps.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javapv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaqf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javaro.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javauo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\javavg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcac.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcbd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcbl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcbn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfccm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfccu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfccx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfccy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcdy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcfn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcgn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcgt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfchq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfckk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfckw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfclc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcmh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcoz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcpl.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcqj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfctt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcty32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mfcwp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msak32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msde32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msdw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msfy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msid.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msig32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msiu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msja.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msmz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msnk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msnt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mspi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msqp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msqq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msqx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msru32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mssa.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mssm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mstb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mstp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mstu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msul32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msun.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msuv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msvd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msvr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mswb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\msyh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\mszc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netbh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netbx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nethi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netjg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netjh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netkn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netls32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netmd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netoj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netox.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netpw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netqb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netql32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nettz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netub32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netuo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netuu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netvm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netwy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netyi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\netym32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntaj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntbs.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntcx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntdw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntet.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nteu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nthd32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nthv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\nthz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntip32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntla32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntqv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntqy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntst.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntxe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntxh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntxr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntya.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntzv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\ntzz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\n_jroudm.dat.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdklt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkml.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkoa32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkoq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkqr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkqt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkry32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkti32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sdkxn32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\syscp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysdj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysfo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysjj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysly.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\syspp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysqc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysqd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysqr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysqy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\syssu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addcq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addeo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addfm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addhk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addnu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addqy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addto.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addum.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\adduo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\adduz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addvq.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addvz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addwr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\addxx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiad.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apias.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apibw32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiij.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiiz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apijq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apikf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apikg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apimm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apini32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apioh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiqq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apivo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apivz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apiwy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appbq.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appca.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appdu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appep32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appiy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appkv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appkx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\applb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appna32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appol32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appon.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\appqz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlbt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlce32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlex32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlyn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlzb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\atlzu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe.vir Infected: Backdoor.Win32.KeyStart.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crag32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crbo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crca32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crcp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crel.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crer32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crev32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crgx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crhb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\croe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\croo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crqr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crsk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crww32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cryp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3kr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3mu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3nd32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3pp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3px32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qn.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3qv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3rj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3ur32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\d3zf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dduvppfq.dll.vir Infected: Trojan.Win32.Monder.baux 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_75f1e42e_.sys.zip Infected: Rootkit.Win32.Agent.hta 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_UACyyqpardn_.sys.zip Infected: Rootkit.Win32.TDSS.gwh 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hhs3ijndfd.dll.vir Infected: Trojan-Dropper.Win32.Small.cun 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieae.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iecs.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieeh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iefm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieiy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iejz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ielp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iemi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieoz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iepk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ieqo32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ierf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iesv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iexc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipcu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipdg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipew32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipfu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iphb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iphx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipip32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipjj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipll32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipok.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ippb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ippd.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipra32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipre32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iprf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipsc.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipsk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipxa32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ipxh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaaz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javadk32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javadt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javalk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaoe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaoj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaqi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javaqt32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javasr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javatu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javavx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javavz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javayb32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\javazx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfccx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcds32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcej32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcgf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcgu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcjf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcjh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfclw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcor32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcpk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcrj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcsf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfcsj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfczg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfczx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msck.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msdm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mslp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mslw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msmz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mssh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msti.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msud32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msvh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msws.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msxr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msxv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mszl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netbi32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netbt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netdl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netgq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netii32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netjo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netks.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netkv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netnx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netpl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netru32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nettx.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netug32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netup.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netwm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\netxj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntba32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntbc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntcu32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntgb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nthj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nthy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntjm.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntkh32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntkt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntlf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntmf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntsg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntyf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntyq32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ntzb.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nvcilsgl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jly 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ruynon.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jly 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkaj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkar32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkat32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkfg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkgj.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkkr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkma.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdknc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkof32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkrg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkrv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksf32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksj32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdksx32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkul.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkxr.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkxs.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkys32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sdkyz32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\svoswo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jza 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysbg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysco32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysfe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysfv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\syshv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysij32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysmv32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoe.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoe32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysoy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysqc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\systg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysvh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sysxm32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winba32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winbr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winby32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winga.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winhf.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winhy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winjq.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winjy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winki.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winll32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winmk.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winvp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winwp32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winwu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winyt.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winyy.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ygimtlrm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jza 1
C:\Qoobox\Quarantine\C\WINDOWS\sysvl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\sysxy32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\syszg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winer.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winfw.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winio32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winjg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winjv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winos32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winsc.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winsv.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\wintc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\wintr32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winuh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winvg32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winvh.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winwc32.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\Qoobox\Quarantine\C\WINDOWS\winyz.dll.vir Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1983\A0387700.INI Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1983\A0387700.INI Infected: Trojan-Downloader.Win32.Agent.bc 1

The selected area was scanned.
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 25th, 2009, 7:04 am

Most of what are flagged will be taken care of when I give you a script to delete combo fix.

From account B

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

post report.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 25th, 2009, 11:29 am

Hey Dan, next task is competed...
FYI... On this account the program manager still has message "Task Manager has been disabled by your administrator".

Here is the Account B system look scan log

SystemLook v1.0 by jpshortstuff (02.03.09)
Log created at 08:26 on 25/03/2009 by Monique (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"=""C:\Program Files\Tall Emu\Online Armor\oaui.exe""
"Adobe Photo Downloader"=""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe""
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe"
"iTunesHelper"=""C:\Program Files\iTunes\iTunesHelper.exe""
"QuickTime Task"=""C:\Program Files\QuickTime\qttask.exe" -atboottime"
"S4F"="C:\Program Files\S4F\Filter7.exe"
"SunJavaUpdateSched"=""C:\Program Files\Java\jre6\bin\jusched.exe""
"TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


-=End Of File=-
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 25th, 2009, 1:11 pm

Can you try this have added a switch to see a little more. :)

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 25th, 2009, 9:30 pm

Here you go.....

Account b w/new system look

SystemLook v1.0 by jpshortstuff (02.03.09)
Log created at 18:27 on 25/03/2009 by Monique (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"=""C:\Program Files\Tall Emu\Online Armor\oaui.exe""
"Adobe Photo Downloader"=""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe""
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe"
"iTunesHelper"=""C:\Program Files\iTunes\iTunesHelper.exe""
"QuickTime Task"=""C:\Program Files\QuickTime\qttask.exe" -atboottime"
"S4F"="C:\Program Files\S4F\Filter7.exe"
"SunJavaUpdateSched"=""C:\Program Files\Java\jre6\bin\jusched.exe""
"TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


-=End Of File=-
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 26th, 2009, 4:00 am

Account B

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Monique\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [oqfby2zqhwe5wwlqxh567n3] C:\DOCUME~1\Monique\LOCALS~1\Temp\aokexeffdrxg.exe
O4 - HKCU\..\Run: [d9v3r42q4h8ed6wmhcrph5khazlltatz2r1euj2z] C:\DOCUME~1\Monique\LOCALS~1\Temp\zzev7lhwg3.exe
O4 - HKCU\..\Run: [use1m91mmjefaf23chzgvt8cmwzvl6] C:\DOCUME~1\Monique\LOCALS~1\Temp\tpraducawtns5.exe
O4 - HKCU\..\Run: [ighvrailyphvsecseghz20js8] C:\DOCUME~1\Monique\LOCALS~1\Temp\n0j1kfwt.exe
O4 - HKCU\..\Run: [ygebiehdkky9q3csalvdhc] C:\DOCUME~1\Monique\LOCALS~1\Temp\zh5inkt58cx6r.exe
O4 - HKCU\..\Run: [uhrigtjymbydzg] C:\DOCUME~1\Monique\LOCALS~1\Temp\zvsfokq73yfs.exe
O4 - HKCU\..\Run: [zoghs0a5y4yni7852we967r1etuog5m3ywdy2dohqwjuc] C:\DOCUME~1\Monique\LOCALS~1\Temp\clhtes3bkzkxm.exe
O4 - HKCU\..\Run: [b026hwx2jqimgmykmv7kyhj7lhuw6vm5pmi2v72px54l] C:\DOCUME~1\Monique\LOCALS~1\Temp\kalmaqs5.exe
O4 - HKCU\..\Run: [yuohc1j4rkrg94j2lbmovxv6koeb78u6hmetw7] C:\DOCUME~1\Monique\LOCALS~1\Temp\t7odxd3c.exe
O4 - HKCU\..\Run: [b3u3s2hty2avkp5pyosn9iaolkgl3rwq22f5o1ufv] C:\DOCUME~1\Monique\LOCALS~1\Temp\zbctqb1.exe
O4 - HKCU\..\Run: [o2kqxi51rhfzi8chpdyczlr7ssp5hqrrzib1sb99hl51q0sj3x] C:\DOCUME~1\Monique\LOCALS~1\Temp\u2xeif3j85ih.exe
O4 - HKCU\..\Run: [fq8bkc4og3r1zlps] C:\DOCUME~1\Monique\LOCALS~1\Temp\pi0jkgu7rx.exe
O4 - HKCU\..\Run: [f2z35lt3znexnv8g8v1dd0nrkzgrkb98ama22stlipeflhp] C:\DOCUME~1\Monique\LOCALS~1\Temp\d6jisfsfv.exe
O4 - HKCU\..\Run: [cpi1sror5b01qbkmkmpxtrancyn1jxkz5zxsszs1] C:\DOCUME~1\Monique\LOCALS~1\Temp\gl9648c3pf.exe
O4 - HKCU\..\Run: [znj4j9jdh0rjd4larzfcn6bxkbo8koj9xfu1gys0e] C:\DOCUME~1\Monique\LOCALS~1\Temp\oullo6z5h.exe
O4 - HKCU\..\Run: [u0g8ir1j0dy0nqazczbcg3tw] C:\DOCUME~1\Monique\LOCALS~1\Temp\r5dvzhq.exe
O4 - HKCU\..\Run: [tptjcvjvmd6qu0v9jmgnp1pairnpk] C:\DOCUME~1\Monique\LOCALS~1\Temp\bsfghswavi.exe
O4 - HKCU\..\Run: [b7mrbt7vmj27p8wby] C:\DOCUME~1\Monique\LOCALS~1\Temp\cyigw4ru.exe
O4 - HKCU\..\Run: [w5khlc7zua9bx] C:\DOCUME~1\Monique\LOCALS~1\Temp\p0840dqc76lw.exe
O4 - HKCU\..\Run: [mrah1ft8xymj3n0vy7oyuklxisvivm31618c0n0afj] C:\DOCUME~1\Monique\LOCALS~1\Temp\tkrmxar41.exe
O4 - HKCU\..\Run: [asqjnph6okw0fvumuphp74nkebjac3fn0] C:\DOCUME~1\Monique\LOCALS~1\Temp\jb6hpig.exe
O4 - HKCU\..\Run: [qbk4yua291hxfhmmsrp6qhfrb7am6i5n48y56w0hc3e04] C:\DOCUME~1\Monique\LOCALS~1\Temp\wjvwokuxi7k6.exe
O4 - HKCU\..\Run: [ywwty4om3ms1711hn26xchuftb8xl8b99jr6pvyvoev] C:\DOCUME~1\Monique\LOCALS~1\Temp\h32n62.exe
O4 - HKCU\..\Run: [efqhjzmj55ud50mpnrc677cdtq] C:\DOCUME~1\Monique\LOCALS~1\Temp\yekztnnby.exe
O4 - HKCU\..\Run: [lh7rbdvwnxa5oovznexgvunry25l4kzre4p] C:\DOCUME~1\Monique\LOCALS~1\Temp\hgl810.exe
O4 - HKCU\..\Run: [jh0n9kuk46ac3e7ny4hfocmncbp1c1eq5z5bc9z] C:\DOCUME~1\Monique\LOCALS~1\Temp\o5xqewpo.exe
O4 - HKCU\..\Run: [y79ci38woimbn9dzwd8kqk7dc6y5jd7h95hs275a5kf] C:\DOCUME~1\Monique\LOCALS~1\Temp\ci80eh1.exe
O4 - HKCU\..\Run: [v0bhr0ewejc0kf9067497f9ov0p7y9y967opm] C:\DOCUME~1\Monique\LOCALS~1\Temp\zed7hrvjn.exe
O4 - HKCU\..\Run: [lvyq1qfmj8e94t949ye7bxnbq2oenv14c6dgxwkpm46k38sf] C:\DOCUME~1\Monique\LOCALS~1\Temp\g3ppun8eak2.exe
O4 - HKCU\..\Run: [kc315ocpwcl8qvbwzofq1likp07axioavkl] C:\DOCUME~1\Monique\LOCALS~1\Temp\yzw9tsz5tee.exe
O4 - HKCU\..\Run: [a9b0dzpjn9q7xezq1hnypg6w6] C:\DOCUME~1\Monique\LOCALS~1\Temp\gd3s03p.exe
O4 - HKCU\..\Run: [p4ez5ol6wwpmt5mu8sirhlxdvvxohm8a] C:\DOCUME~1\Monique\LOCALS~1\Temp\n2fadz299.exe
O4 - HKCU\..\Run: [nfezwws7xllv4hyqtpiiwre5p7gsyq1dgxb65bh3] C:\DOCUME~1\Monique\LOCALS~1\Temp\lusx85a5pa37q.exe
O4 - HKCU\..\Run: [p2fljzdske3jbkic72so4ib769f12qcv07orulfjam6zg6] C:\DOCUME~1\Monique\LOCALS~1\Temp\z2knz9yax48px.exe
O4 - HKCU\..\Run: [r7rq55zlkyqvg3aacc64i3kkhlc8yvbjzw] C:\DOCUME~1\Monique\LOCALS~1\Temp\td20l9kwrac2p.exe
O4 - HKCU\..\Run: [b9rwdfoc4] C:\DOCUME~1\Monique\LOCALS~1\Temp\wnxkrp1dk.exe
O4 - HKCU\..\Run: [om3edos6eq0c9cyrvtmca] C:\DOCUME~1\Monique\LOCALS~1\Temp\pa92yucf4n.exe
O4 - HKCU\..\Run: [jt3u0pa333jtmi82fwagqtn9xru9tejtizsh69eshugfebxlk1] C:\DOCUME~1\Monique\LOCALS~1\Temp\d11spy03ch.exe
O4 - HKCU\..\Run: [rc1eqqwnjeofe5wq6ic15k63bg9wiiauld5kfxfu] C:\DOCUME~1\Monique\LOCALS~1\Temp\vjrdekw8e.exe
O4 - HKCU\..\Run: [l7np8go0zkhibeulzv9yky] C:\DOCUME~1\Monique\LOCALS~1\Temp\fidtf7k.exe
O4 - HKCU\..\Run: [o26rlk76ees5gnlqeovv7jqpuewebl7vxt7t1p81] C:\DOCUME~1\Monique\LOCALS~1\Temp\fe1yf1.exe
O4 - HKCU\..\Run: [est463bpxlf7phvrj49yce4wptjapgq92] C:\DOCUME~1\Monique\LOCALS~1\Temp\nq40319yys.exe
O4 - HKCU\..\Run: [zqg2jv8hwrtue4punpoowpauvg] C:\DOCUME~1\Monique\LOCALS~1\Temp\eiix9jquwx.exe
O4 - HKCU\..\Run: [eaei9wr1710khh6ty4huzp] C:\DOCUME~1\Monique\LOCALS~1\Temp\v4frr5w.exe
O4 - HKCU\..\Run: [vq3hd1qsn8gia] C:\DOCUME~1\Monique\LOCALS~1\Temp\slssb4r.exe
O4 - HKCU\..\Run: [bz5twrnexjhlv5] C:\DOCUME~1\Monique\LOCALS~1\Temp\p5bkfhx8rlxis.exe
O4 - HKCU\..\Run: [ku0roy67d22h90p9tbva291ntka] C:\DOCUME~1\Monique\LOCALS~1\Temp\zza3bdop.exe
O4 - HKCU\..\Run: [nymvz4qt449iofp59wptbdh2xd9xtr4zs6yjk38nyqzqw] C:\DOCUME~1\Monique\LOCALS~1\Temp\smm2izzr0.exe
O4 - HKCU\..\Run: [t2jt7h50nbqa] C:\DOCUME~1\Monique\LOCALS~1\Temp\vkt54ebumm.exe
O4 - HKCU\..\Run: [v924f6zn4qxiw1fg0d7i7qcmgyb] C:\DOCUME~1\Monique\LOCALS~1\Temp\baijdmof3ni.exe
O4 - HKCU\..\Run: [ed8qpfqf9rzfolw] C:\DOCUME~1\Monique\LOCALS~1\Temp\qei8z2gf.exe
O4 - HKCU\..\Run: [nnp48b0h9lwm7j5ci72] C:\DOCUME~1\Monique\LOCALS~1\Temp\vd2oht98.exe
O4 - HKCU\..\Run: [daozrlwnuqa8ci8tr37k48a9355yj] C:\DOCUME~1\Monique\LOCALS~1\Temp\klx8hzowadd.exe
O4 - HKCU\..\Run: [lenrkqy7d0b4b40m8n1mzp4] C:\DOCUME~1\Monique\LOCALS~1\Temp\su9rrsljrj.exe
O4 - HKCU\..\Run: [td4db3s9n0pma9w3q3xh6d3xkk2szv1fsgj3l] C:\DOCUME~1\Monique\LOCALS~1\Temp\oagandd.exe
O4 - HKCU\..\Run: [h19gw1lvvwjkk8ue3uuq] C:\DOCUME~1\Monique\LOCALS~1\Temp\yjbv2nv.exe
O4 - HKCU\..\Run: [ph558x8pqdgd1hu5t10w5dao2u6o1bfx1jtuw0tuqmzvh62] C:\DOCUME~1\Monique\LOCALS~1\Temp\dibunjsqd1.exe
O4 - HKCU\..\Run: [z6yzctif290tq6iolue6] C:\DOCUME~1\Monique\LOCALS~1\Temp\u6yvctroixkd.exe
O4 - HKCU\..\Run: [yfbloew5hjcqfi8rdkgxshhhg4l1abpqe] C:\DOCUME~1\Monique\LOCALS~1\Temp\nhtxsw742le5.exe
O4 - HKCU\..\Run: [vnc6bf2iadknnnednvgvhzlhzxqnq77em85ffcoayttiyee8] C:\DOCUME~1\Monique\LOCALS~1\Temp\qrohycol.exe
O4 - HKCU\..\Run: [urapd56y26wwltq4ke098yg8to3iuo9n6ophj4vfjhatcj] C:\DOCUME~1\Monique\LOCALS~1\Temp\qd717tt.exe
O4 - HKCU\..\Run: [bmjyjigp35irn5q37ho30j5sqx8ssk3dpqacth4r9xduq] C:\DOCUME~1\Monique\LOCALS~1\Temp\h4s75focwresh.exe
O4 - HKCU\..\Run: [y28k4knnokirhm0i2j7sna8jc7mg1jt3rfavu21b2vay2] C:\DOCUME~1\Monique\LOCALS~1\Temp\hh4xepyy1mt.exe
O4 - HKCU\..\Run: [yzpq889ub3qu9m920tbxwb8lqf3] C:\DOCUME~1\Monique\LOCALS~1\Temp\q0xum03lc.exe
O4 - HKCU\..\Run: [mzu2rjec6i2w4p9cvgc777oownshaehqg] C:\DOCUME~1\Monique\LOCALS~1\Temp\dymng3.exe
O4 - HKCU\..\Run: [uqdytuq1izu6kcqzkaea] C:\DOCUME~1\Monique\LOCALS~1\Temp\naxxn9.exe
O4 - HKCU\..\Run: [zz6pmawxmssmrjocdixhy43ngksdr7u4wtamfxu6i221g] C:\DOCUME~1\Monique\LOCALS~1\Temp\wkifiu5y7cqb0.exe
O4 - HKCU\..\Run: [mhgqlxoa2qpi82axzpj658910ogod31] C:\DOCUME~1\Monique\LOCALS~1\Temp\cbo0ab7h973hw.exe
O4 - HKCU\..\Run: [u92j4db2ng1zfxsnui51sfp3bt4enjw5cbz7j9o01porh8ybs] C:\DOCUME~1\Monique\LOCALS~1\Temp\ysgsaa5u.exe
O4 - HKCU\..\Run: [iht0afy68rjvgrm55ge] C:\DOCUME~1\Monique\LOCALS~1\Temp\h55w5qzqx.exe
O4 - HKCU\..\Run: [gj7x9n45vr043uq3ld6jhvdw2mp99rgle39y] C:\DOCUME~1\Monique\LOCALS~1\Temp\m7lhwcohq1nwy.exe
O4 - HKCU\..\Run: [dq9khfsw03f32b2669iplyfesehrsumou6xbjp] C:\DOCUME~1\Monique\LOCALS~1\Temp\vuaowc.exe
O4 - HKCU\..\Run: [pspucsuposzv4egtgijfjhep] C:\DOCUME~1\Monique\LOCALS~1\Temp\dv7i7889mq.exe
O4 - HKCU\..\Run: [l0vhv46uw] C:\DOCUME~1\Monique\LOCALS~1\Temp\qlk5i14l.exe
O4 - HKCU\..\Run: [tnxritnkvu9b80jynp] C:\DOCUME~1\Monique\LOCALS~1\Temp\tvf8oh42g392.exe
O4 - HKCU\..\Run: [z6vws7zym1kj96zgf3u6zzt04qv] C:\DOCUME~1\Monique\LOCALS~1\Temp\exyrur6ejl9ty.exe
O4 - HKCU\..\Run: [wfuhx9thqfbt7sr7j2gmlsgezvlsr] C:\DOCUME~1\Monique\LOCALS~1\Temp\l1ow3k54zg.exe
O4 - HKCU\..\Run: [p45rtk5odszhyfehuikqw3hog4xu5] C:\DOCUME~1\Monique\LOCALS~1\Temp\gzz3i22.exe
O4 - HKCU\..\Run: [lvhb45j9e5] C:\DOCUME~1\Monique\LOCALS~1\Temp\idd6emxing.exe
O4 - HKCU\..\Run: [jzuerffppasoi9zya8lcn3rd2zb3a] C:\DOCUME~1\Monique\LOCALS~1\Temp\rrqzzd0cz.exe
O4 - HKCU\..\Run: [d9z99lhtla59xj9udh1y3n5mlxfjm0] C:\DOCUME~1\Monique\LOCALS~1\Temp\bbjfgt.exe
O4 - HKCU\..\Run: [kdmhxogfslbko] C:\DOCUME~1\Monique\LOCALS~1\Temp\ezir9bzr6u1.exe
O4 - HKCU\..\Run: [oguu9v9cn9t8qgci4f] C:\DOCUME~1\Monique\LOCALS~1\Temp\qxvsn0spob.exe
O4 - HKCU\..\Run: [etkz99qd0vw6m3wltr] C:\DOCUME~1\Monique\LOCALS~1\Temp\ute88pom.exe
O4 - HKCU\..\Run: [vlywa7vlrttokgxf] C:\DOCUME~1\Monique\LOCALS~1\Temp\j6ytrttn.exe
O4 - HKCU\..\Run: [mxcv6mj28s] C:\DOCUME~1\Monique\LOCALS~1\Temp\r0tsm5moby0r.exe
O4 - HKCU\..\Run: [hfxuufu8z15dguypx7] C:\DOCUME~1\Monique\LOCALS~1\Temp\rakwc1yf.exe
O4 - HKCU\..\Run: [h1ma30hpgw55jkyrq8yanxgo5dw] C:\DOCUME~1\Monique\LOCALS~1\Temp\dprcnyiv7m.exe
O4 - HKCU\..\Run: [u63sio87dl1kfqhq6b61v4dl6mfcdq1g57k68] C:\DOCUME~1\Monique\LOCALS~1\Temp\ry7tqaoug18.exe
O4 - HKCU\..\Run: [kb1dkdsz2] C:\DOCUME~1\Monique\LOCALS~1\Temp\y0i09hggx8g.exe
O4 - HKCU\..\Run: [hiowi4d2nr5supqwlkah37] C:\DOCUME~1\Monique\LOCALS~1\Temp\n5ywjszpas.exe
O4 - HKCU\..\Run: [anizfvms84est] C:\DOCUME~1\Monique\LOCALS~1\Temp\davxbogx8cg1b.exe
O4 - HKCU\..\Run: [zf4ykvejh6irc00] C:\DOCUME~1\Monique\LOCALS~1\Temp\gpy1h2.exe
O4 - HKCU\..\Run: [scnxpb2xbscud] C:\DOCUME~1\Monique\LOCALS~1\Temp\zkj4ybyvq6.exe
O4 - HKCU\..\Run: [gutw4qny54b21xyxua3m4b3a9rwzmx546292gfpgj5dl5mth] C:\DOCUME~1\Monique\LOCALS~1\Temp\kwh6pyj.exe
O4 - HKCU\..\Run: [rohw9yhv81y9maad3jibu9kfey1wd7rx747bhpd] C:\DOCUME~1\Monique\LOCALS~1\Temp\jknbmvfh.exe
O4 - HKCU\..\Run: [sc9rkahrbar0z1fetowygcuethb6xk1cs] C:\DOCUME~1\Monique\LOCALS~1\Temp\oafvu1319wd4.exe
O4 - HKCU\..\Run: [aru0v5gbc9fe9x1abxutmnxeee3mzy] C:\DOCUME~1\Monique\LOCALS~1\Temp\j1o04c36.exe
O4 - HKCU\..\Run: [jj87oiywyx1x7wadllsxgsd4fpjzzxbze2yeffdcrp1pwyda7j] C:\DOCUME~1\Monique\LOCALS~1\Temp\orgkczrqvhgh.exe
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit




Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:commands
[emptytemp]
[start explorer]

    

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Post a fresh HJT log and the otmovit report.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 26th, 2009, 12:02 pm

Account B tasks completed..
Here is the moveit log followed by HJT

========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_448.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ec.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03262009_084733

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_448.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_5ec.dat not found!


====================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:43 AM, on 3/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Monique\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Monique\Local Settings\Temp\{413483A4-7BE2-434B-920F-D2E8D0D63A19}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3256666875
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9E74DE-34BF-43FE-AFF9-317895B44F1D}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7792 bytes
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 26th, 2009, 1:11 pm

Can you update malwarebytes and do me a full scan please.

Then we will look at an online scan..

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Post malwarebytes report and kaspersky report
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 27th, 2009, 3:55 am

Hey Dan.

Its late just after midnight.
For Account B I updated Malwarebytes bytes and ran a scan that just finished.
Here is that log...
I will post the Kaspersky tomorrow.

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 2

3/27/2009 12:36:00 AM
mbam-log-2009-03-27 (00-35-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 225367
Time elapsed: 2 hour(s), 44 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{287368c4-44ed-86d5-a425-efbb34f6c8c6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b606603-5e87-931a-2610-76e878a78a45} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c677779-4fd3-169d-ba8e-e71421ade371} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abe199e3-d9ff-9402-7cdb-478d4a6cb9d9} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2b7baa3-33ad-6c59-40fc-fcc46f8f765e} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f8f3ef62-9037-7ac7-5da5-bb03797e47e8} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fa83f041-a1a7-96e9-9a0f-5bfec18c399d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\uagxble.exe.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe.vir (Backdoor.KeyStart) -> No action taken.
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware