Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Issues - Please Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Issues - Please Help

Unread postby Urban Monk » December 3rd, 2010, 5:08 pm

I feel my system is overrun by malware at this point. I have the following things happening.

1. Random windows keep popping up with advertisements when I'm using firefox.

2. Google results redirect to sites that I did not click on.

3. Updates to MS Windows (I run XP) are not installing.

4. System is running slow, and keep getting weird windows errors.

Please help me clean my computer out. I have run both malware bytes and windows security essentials.

Thank you.

__________________________________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:18 PM, on 12/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ashok Shah\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Ashok Shah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ashok Shah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ashok Shah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ashok Shah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ashok Shah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ashok Shah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googsystray] C:\Program Files\googsystray\googsystray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Songkicker] C:\Program Files\Songkick\Songkicker\songkicker.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Ashok Shah\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9128310406
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdri ... wtinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9245438d00c02) (gupdate1c9245438d00c02) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ashok Shah\Desktop\P7140323.JPG

--
End of file - 11188 bytes

____________________________________________________________________________
Uninstall log

AC3Filter (remove only)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.1.0
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
Audio Stream Recorder
AVIcodec (remove only)
Bonjour
CCleaner
Cool Edit Pro 2.0
Cool Edit Pro Pre-install
DivX Codec
DivX Web Player
D-link AirPlus G DWL-G120 Wireless USB Adapter
eRoom 7
ESPNMotion
Fences
Fences
FruityLoops v3.56 Full
GAMS Distribution 22.0
Glary Utilities 2.6
Google Desktop
Google Earth
Google Email Uploader 1.1.0808.1801
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP LaserJet P1000 series
HPCarePackCore
HPCarePackProducts
HPSSupply
HyperLoad
Intel(R) PRO Ethernet Adapter and Software
Intel® PRO Network Adapters WMI Provider (2.0)
iPhone Configuration Utility
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java(TM) 6 Update 17
Java(TM) 6 Update 7
LINDO 6.1
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Phone Data Manager (beta)
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MixMeister
MobileMe Control Panel
Mozilla Firefox (3.5.15)
MrvlUsgTracking
MSXML 6.0 Parser (KB925673)
Nic's XviD Decoder
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Songkicker
Sound Blaster Extigy
TBS WMP Plug-in
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Veetle TV 0.9.17
VideoLAN VLC media player 0.8.4a
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Windows 7 USB/DVD Download Tool
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xobni
Xobni Core
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm
Advertisement
Register to Remove

Re: Malware Issues - Please Help

Unread postby melboy » December 6th, 2010, 8:05 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=======================================================


Fix HijackThis entries

  • Run HijackThis
  • Click on the do a system scan only button
  • Put a check beside all of the items listed below (if present):

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.

REBOOT



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.




In your next reply:
  1. MBAM log
  2. DDS.txt
  3. Attach.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

MBAM Log

Unread postby Urban Monk » December 7th, 2010, 12:26 am

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5259

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/6/2010 11:24:16 PM
mbam-log-2010-12-06 (23-24-16).txt

Scan type: Quick scan
Objects scanned: 177847
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Attach.txt

Unread postby Urban Monk » December 7th, 2010, 12:36 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/23/2003 4:03:54 PM
System Uptime: 12/6/2010 11:05:51 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 02X378
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2399/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 2.2 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 596 GiB total, 547.075 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2747: 11/16/2010 2:29:48 PM - Software Distribution Service 3.0
RP2748: 11/17/2010 3:00:24 AM - Software Distribution Service 3.0
RP2749: 11/17/2010 2:30:02 PM - Software Distribution Service 3.0
RP2750: 11/18/2010 3:00:29 AM - Software Distribution Service 3.0
RP2751: 11/18/2010 2:30:13 PM - Software Distribution Service 3.0
RP2752: 11/19/2010 3:00:25 AM - Software Distribution Service 3.0
RP2753: 11/19/2010 2:30:44 PM - Software Distribution Service 3.0
RP2754: 11/20/2010 3:00:24 AM - Software Distribution Service 3.0
RP2755: 11/20/2010 2:29:37 PM - Software Distribution Service 3.0
RP2756: 11/21/2010 1:50:01 AM - Software Distribution Service 3.0
RP2757: 11/21/2010 3:00:28 AM - Software Distribution Service 3.0
RP2758: 11/21/2010 2:30:56 PM - Software Distribution Service 3.0
RP2759: 11/22/2010 3:00:26 AM - Software Distribution Service 3.0
RP2760: 11/22/2010 2:30:36 PM - Software Distribution Service 3.0
RP2761: 11/23/2010 3:00:30 AM - Software Distribution Service 3.0
RP2762: 11/23/2010 2:31:13 PM - Software Distribution Service 3.0
RP2763: 11/24/2010 3:00:39 AM - Software Distribution Service 3.0
RP2764: 11/24/2010 2:30:05 PM - Software Distribution Service 3.0
RP2765: 11/25/2010 3:00:23 AM - Software Distribution Service 3.0
RP2766: 11/25/2010 5:37:13 AM - Software Distribution Service 3.0
RP2767: 11/30/2010 2:53:52 AM - Software Distribution Service 3.0
RP2768: 11/30/2010 3:00:26 AM - Software Distribution Service 3.0
RP2769: 12/1/2010 3:00:21 AM - Software Distribution Service 3.0
RP2770: 12/1/2010 6:00:56 PM - Software Distribution Service 3.0
RP2771: 12/2/2010 8:17:40 PM - Software Distribution Service 3.0
RP2772: 12/3/2010 10:13:45 PM - System Checkpoint
RP2773: 12/4/2010 9:46:20 AM - Software Distribution Service 3.0
RP2774: 12/5/2010 3:00:24 AM - Software Distribution Service 3.0
RP2775: 12/6/2010 3:00:24 AM - Software Distribution Service 3.0

==== Installed Programs ======================

AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.1.0
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
Audio Stream Recorder
AVIcodec (remove only)
Balsamiq Mockups For Desktop
BitLord 1.1
Bonjour
CCleaner
Cool Edit Pro 2.0
Cool Edit Pro Pre-install
D-link AirPlus G DWL-G120 Wireless USB Adapter
DivX Codec
DivX Web Player
Dropbox
eRoom 7
ESPNMotion
Fences
FruityLoops v3.56 Full
GAMS Distribution 22.0
Glary Utilities 2.6
Google Chrome
Google Desktop
Google Earth
Google Email Uploader 1.1.0808.1801
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP LaserJet P1000 series
HPCarePackCore
HPCarePackProducts
HPSSupply
HyperLoad
Intel(R) PRO Ethernet Adapter and Software
IntelŽ PRO Network Adapters WMI Provider (2.0)
iPhone Configuration Utility
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java Auto Updater
Java(TM) 6 Update 17
Java(TM) 6 Update 7
LINDO 6.1
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Phone Data Manager (beta)
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MixMeister
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.5.15)
MrvlUsgTracking
MSXML 6.0 Parser (KB925673)
Nic's XviD Decoder
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Songkicker
Sound Blaster Extigy
TBS WMP Plug-in
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Veetle TV 0.9.17
VideoLAN VLC media player 0.8.4a
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Windows 7 USB/DVD Download Tool
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Xobni
Xobni Core

==== Event Viewer Messages From Past Week ========

12/6/2010 9:21:27 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 9:21:27 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: SHAH\Ashok Shah Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 8:28:07 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 8:28:07 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 6:28:03 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 6:28:03 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 6:20:15 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 4:29:09 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 3:28:45 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 3:28:45 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 3:28:00 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 3:28:00 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 12:30:18 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 12:02:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
12/6/2010 11:00:00 PM, error: Service Control Manager [7034] - The XobniService service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 11:00:00 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:59:59 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:59:59 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:59:59 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:59:59 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:59:59 PM, error: Service Control Manager [7034] - The ASF Agent service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 10:59:59 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/6/2010 10:59:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/6/2010 10:20:16 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: SHAH\Ashok Shah Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 10:19:17 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 1:40:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.975.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/6/2010 1:32:21 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 1:19:12 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: SHAH\Ashok Shah Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/6/2010 1:02:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
12/5/2010 9:36:21 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: SHAH\Ashok Shah Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 9:26:30 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 9:09:38 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 9:09:38 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: SHAH\Ashok Shah Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 9:02:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
12/5/2010 9:02:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
12/5/2010 8:02:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
12/5/2010 8:02:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
12/5/2010 7:02:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
12/5/2010 7:02:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
12/5/2010 6:27:38 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 6:02:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
12/5/2010 6:02:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
12/5/2010 5:02:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
12/5/2010 5:02:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
12/5/2010 4:28:26 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 4:28:26 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 4:02:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
12/5/2010 4:02:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
12/5/2010 3:02:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
12/5/2010 3:02:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
12/5/2010 2:02:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
12/5/2010 12:02:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
12/5/2010 11:39:47 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: SHAH\Ashok Shah Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 11:28:53 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 11:28:53 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632284 User: NT AUTHORITY\SYSTEM Name: TrojanDownloader:Win32/Unruy.H ID: 2147632284 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 11:02:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
12/5/2010 10:02:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
12/5/2010 1:30:55 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.975.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
12/5/2010 1:22:46 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/5/2010 1:02:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
12/4/2010 9:39:03 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147575279 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/4/2010 2:02:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
12/4/2010 11:14:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.975.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
12/4/2010 11:02:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
12/4/2010 10:36:40 PM, error: Service Control Manager [7034] - The Google Software Updater service terminated unexpectedly. It has done this 3 time(s).
12/4/2010 10:31:35 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147575279 User: SHAH\Ashok Shah Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/4/2010 10:31:14 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147575279 User: SHAH\Ashok Shah Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/4/2010 10:21:37 PM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
12/4/2010 10:06:36 PM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
12/4/2010 10:02:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
12/3/2010 9:45:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.
12/3/2010 9:45:46 AM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/3/2010 9:40:08 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/3/2010 9:37:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.975.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/3/2010 9:34:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/3/2010 9:34:05 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/3/2010 7:14:07 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/3/2010 4:23:18 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: NT AUTHORITY\SYSTEM Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/3/2010 4:14:38 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/3/2010 4:14:01 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMSMR130\0000 disappeared from the system without first being prepared for removal.
12/3/2010 4:08:57 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147611223 User: SHAH\Ashok Shah Name: VirTool:Win32/CeeInject.gen!J ID: 2147611223 Severity: Severe Category: Tool Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/3/2010 4:01:13 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
12/2/2010 9:11:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/2/2010 9:09:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/2/2010 9:09:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
12/2/2010 9:08:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/2/2010 9:08:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ALG with arguments "" in order to run the server: {D6015EC3-FA16-4813-9CA1-DA204574F5DA}
12/2/2010 8:19:37 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.975.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
12/2/2010 8:09:40 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.2, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
12/2/2010 8:09:14 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
12/2/2010 6:26:21 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 6:15:41 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 6:05:36 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 5:55:30 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 5:45:24 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 5:35:16 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 5:25:10 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 5:15:08 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 5:05:07 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 4:55:06 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638595 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Wimpixo.E ID: 2147638595 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.975.0, AS: 1.95.975.0 Engine Version: 1.1.6402.0
12/2/2010 2:09:26 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).
12/2/2010 2:01:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/2/2010 10:32:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

DDS.txt

Unread postby Urban Monk » December 7th, 2010, 12:36 am

DDS (Ver_10-12-05.01) - NTFSx86
Run by Ashok Shah at 23:26:37.62 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1443 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32 .exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
C:\Program Files\Microsoft IntelliPoint\ipoint .exe
C:\Program Files\Microsoft Security Essentials\msseces .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Microsoft IntelliType Pro\itype .exe
C:\Program Files\Songkick\Songkicker\songkicker .exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ashok Shah\Desktop\dds(3).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop search\GoogleDesktopIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\ashok shah\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [googsystray] c:\program files\googsystray\googsystray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Songkicker] c:\program files\songkick\songkicker\songkicker .exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [cafaojss] c:\windows\temp\tgdbsvvyw\ixpqnxwaffm.exe
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
StartupFolder: c:\docume~1\ashoks~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ashok shah\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/ ... 3559814250
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... t/opuc.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 9128310406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - hxxp://toolbar.google.com/data/GoogleActivate.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/C ... 6706365741
DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3 ... 04-win.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/061011 ... 101001.cab
DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - hxxp://www.wildtangent.com/install/wdri ... wtinst.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\
FF - component: c:\documents and settings\ashok shah\application data\mozilla\firefox\profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\ashok shah\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\ashok shah\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ashok shah\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ashok shah\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {66D2ED49-322F-4071-ADBC-7EBC987EA654} - c:\documents and settings\ashok shah\local settings\application data\{66D2ED49-322F-4071-ADBC-7EBC987EA654}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Ubiquity: ubiquity@labs.mozilla.com - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\ubiquity@labs.mozilla.com
FF - Extension: Firefox Universal Uploader (fireuploader): {0200c2a9-70da-4f6d-b527-f5f7d7877228} - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
FF - Extension: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\facepad@lazyrussian.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Extension: Multifox: multifox@hultmann - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\multifox@hultmann
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\isreaditlater@ideashower.com
FF - Extension: vShare Plugin: vshare@toolbar - c:\docume~1\ashoks~1\applic~1\mozilla\firefox\profiles\svrrnb29.default\extensions\vshare@toolbar
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: XULRunner: {66D2ED49-322F-4071-ADBC-7EBC987EA654} - c:\documents and settings\ashok shah\local settings\application data\{66D2ED49-322F-4071-ADBC-7EBC987EA654}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\ashok shah\application data\Move Networks

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2002-5-8 212992]
R2 NetAlrt;NetAlrt;c:\windows\system32\drivers\Netalrt.sys [2002-5-7 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\system32\drivers\platalrt.sys [2002-5-7 23744]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2008-7-22 46824]
R3 sbext;Sound Blaster Extigy Audio Driver;c:\windows\system32\drivers\sbext.sys [2003-5-28 1152916]
S2 gupdate1c9245438d00c02;Google Update Service (gupdate1c9245438d00c02);c:\program files\google\update\GoogleUpdate.exe [2008-10-2 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2004-10-20 42500]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\drivers\tiacxubt.sys --> c:\windows\system32\drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\drivers\tiacxusb.sys --> c:\windows\system32\drivers\tiacxusb.sys [?]

=============== Created Last 30 ================

2010-12-06 23:07:43 -------- d-----w- c:\docume~1\ashoks~1\applic~1\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2010-12-06 17:51:21 -------- d-----w- c:\program files\Balsamiq Mockups
2010-12-02 16:25:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-12-02 16:24:58 -------- d-----w- c:\docume~1\ashoks~1\locals~1\applic~1\NPE
2010-12-02 07:31:29 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-01 23:01:07 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{092cc2c6-4b79-41b2-87b2-97b6a0cd3645}\mpengine.dll
2010-11-30 21:34:28 -------- d-----w- c:\docume~1\ashoks~1\locals~1\applic~1\{66D2ED49-322F-4071-ADBC-7EBC987EA654}
2010-11-30 21:32:53 0 ----a-w- c:\docume~1\ashoks~1\locals~1\applic~1\50103750.exe

==================== Find3M ====================

2010-12-01 20:43:02 0 ----a-w- c:\windows\Rliguyosamav.bin
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 14:27:51 88 ---ha-w- C:\aaw7boot.cmd
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-75CAA0 rev.16.06V16 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A59F566]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5a5624]; MOV EAX, [0x8a5a56a0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A61DAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A611B60]
\Driver\atapi[0x8A5F7D10] -> IRP_MJ_CREATE -> 0x8A59F566
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-75CAA0______________________16.06V16#4457572d414d4538333631363333_039_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A59F3B2
user != kernel MBR !!!
sectors 156249998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 23:29:22.78 ===============
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Re: Malware Issues - Please Help

Unread postby melboy » December 7th, 2010, 2:30 pm

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

BitLord 1.1

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.


  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate BitLord 1.1 and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.



CKScanner
Download CKScanner from here
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Issues - Please Help

Unread postby Urban Monk » December 7th, 2010, 3:20 pm

Bitlord Removed.

____________________

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\ashok shah\my documents\my music\itunes\itunes music\compilations\itunes holiday sampler\17 the nutcracker, op. 71, act 2_ ch.m4a
scanner sequence 3.NA.11
----- EOF -----
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Re: Malware Issues - Please Help

Unread postby melboy » December 7th, 2010, 4:09 pm

Risk Advice - MBR

Unfortunately you have an infected Master Boot Record (MBR)

Some Dell computers have a non-standard customised MBR that allows you to press a key on startup and restore your computer to it's factory delivered condition. That option is no longer available to you due to the infection.

Any attempted fix of this infection may result in the PC receiving a default Windows XP MBR. Whilst this will fix the infection, it will not restore the ability to restore your computer to it's factory delivered condition.

It may be possible to restore the original Dell MBR either before or after fixing the infection, but I would recommend that you contact Dell themselves for support for this.

If you would like to proceed with attempting to fix this infection I need you to recognise this does not come without risk. The MBR is a critical component of your PC - as the name suggests it is critical to booting the PC. If anything was to go wrong with the fix it could result in your computer no longer being able to boot up. Whilst an unbootable computer may be fixable, it can be lengthy and complicated procedure.


If you understand the possible risk involved and would like to attempt to fix this infection, I would urge you first to ensure you have first backed up any important data and then continue with the instructions below. If you have any questions - Please ask them first.



MBR backup

Please download MBR.exe by GMER

Be sure to download it to the root of your drive, e.g. C:\MBR.exe


Click Start > Run. Copy and paste the contents of the codebox below into the run box (Do Not include Code:), then click OK :
Code: Select all

cmd /c \MBR.exe -c 0 63 C:\MBR_backup.dat


A black command window will open and close and a file will be created on your C: drive named MBR_backup.dat
Save this file to an external source, eg. External Hard Drive, USB Flash Drive.


When you have saved a backup of your MBR follow the instructions below.



TDSSKiller

Download tdsskiller.exe and save it to your desktop

  • Double click TDSSKiller.exe
  • Click Start scan and allow it to scan for Malicious objects.
  • If Malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Issues - Please Help

Unread postby Urban Monk » December 7th, 2010, 4:41 pm

2010/12/07 15:31:22.0453 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/07 15:31:22.0453 ================================================================================
2010/12/07 15:31:22.0453 SystemInfo:
2010/12/07 15:31:22.0453
2010/12/07 15:31:22.0453 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/07 15:31:22.0453 Product type: Workstation
2010/12/07 15:31:22.0453 ComputerName: SHAH
2010/12/07 15:31:22.0453 UserName: Ashok Shah
2010/12/07 15:31:22.0453 Windows directory: C:\WINDOWS
2010/12/07 15:31:22.0453 System windows directory: C:\WINDOWS
2010/12/07 15:31:22.0453 Processor architecture: Intel x86
2010/12/07 15:31:22.0453 Number of processors: 1
2010/12/07 15:31:22.0453 Page size: 0x1000
2010/12/07 15:31:22.0453 Boot type: Normal boot
2010/12/07 15:31:22.0453 ================================================================================
2010/12/07 15:31:27.0531 Initialize success
2010/12/07 15:31:34.0718 ================================================================================
2010/12/07 15:31:34.0718 Scan started
2010/12/07 15:31:34.0718 Mode: Manual;
2010/12/07 15:31:34.0718 ================================================================================
2010/12/07 15:31:35.0265 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/12/07 15:31:35.0421 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/07 15:31:35.0562 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/07 15:31:35.0703 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/12/07 15:31:35.0906 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/07 15:31:36.0078 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/07 15:31:36.0265 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/07 15:31:36.0421 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/07 15:31:36.0593 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/12/07 15:31:36.0765 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/12/07 15:31:36.0906 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/12/07 15:31:37.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/12/07 15:31:37.0296 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/12/07 15:31:37.0437 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/12/07 15:31:37.0593 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/12/07 15:31:37.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/12/07 15:31:37.0906 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/12/07 15:31:38.0062 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/12/07 15:31:38.0234 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/12/07 15:31:38.0453 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/07 15:31:38.0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS
2010/12/07 15:31:39.0140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/07 15:31:39.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/07 15:31:39.0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/07 15:31:39.0625 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/12/07 15:31:39.0671 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/12/07 15:31:39.0812 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/12/07 15:31:39.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/07 15:31:40.0046 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/12/07 15:31:40.0203 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/07 15:31:40.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/07 15:31:40.0468 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/07 15:31:40.0609 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/07 15:31:40.0734 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/07 15:31:40.0875 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/12/07 15:31:41.0109 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/12/07 15:31:41.0296 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/12/07 15:31:41.0437 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/12/07 15:31:41.0578 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/12/07 15:31:41.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/07 15:31:41.0906 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/07 15:31:42.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/12/07 15:31:42.0296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/07 15:31:42.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/07 15:31:42.0578 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/12/07 15:31:42.0687 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/07 15:31:42.0812 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/12/07 15:31:42.0953 E1000 (854293999e91bf2eb9e786166de4a35f) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/12/07 15:31:43.0203 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/07 15:31:43.0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/07 15:31:43.0468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/07 15:31:43.0593 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/07 15:31:43.0734 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/07 15:31:43.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/07 15:31:44.0000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/07 15:31:44.0140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/07 15:31:44.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/07 15:31:44.0437 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/07 15:31:44.0578 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/12/07 15:31:44.0796 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/07 15:31:44.0921 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/07 15:31:45.0046 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/07 15:31:45.0187 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/07 15:31:45.0359 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/07 15:31:45.0468 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/12/07 15:31:45.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/07 15:31:45.0750 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/12/07 15:31:45.0890 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/12/07 15:31:46.0015 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/12/07 15:31:46.0156 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/12/07 15:31:46.0296 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/12/07 15:31:46.0421 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/12/07 15:31:46.0562 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/12/07 15:31:46.0734 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/12/07 15:31:47.0015 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/12/07 15:31:47.0171 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/12/07 15:31:47.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/07 15:31:47.0546 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/12/07 15:31:47.0687 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/12/07 15:31:47.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/07 15:31:47.0984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/07 15:31:48.0109 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2010/12/07 15:31:48.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/07 15:31:48.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/07 15:31:48.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/07 15:31:48.0953 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/07 15:31:49.0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/07 15:31:49.0328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/07 15:31:49.0531 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/07 15:31:49.0671 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/07 15:31:49.0812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/07 15:31:49.0984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/07 15:31:50.0484 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/12/07 15:31:50.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/07 15:31:50.0828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/07 15:31:51.0000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/07 15:31:51.0171 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/07 15:31:51.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/07 15:31:51.0593 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/12/07 15:31:51.0781 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/12/07 15:31:51.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/07 15:31:52.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/07 15:31:52.0375 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/07 15:31:52.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/07 15:31:52.0734 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/07 15:31:52.0906 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/07 15:31:53.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/07 15:31:53.0203 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/07 15:31:53.0359 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/07 15:31:53.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/07 15:31:53.0640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/07 15:31:53.0765 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/07 15:31:53.0890 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/07 15:31:54.0015 NetAlrt (73c0f29643f54ebe777521c88535114a) C:\WINDOWS\System32\drivers\NetAlrt.sys
2010/12/07 15:31:54.0125 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/07 15:31:54.0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/07 15:31:54.0515 NMSCFG (f7f15b15d7d376af554450387753d34a) C:\WINDOWS\System32\drivers\NMSCFG.SYS
2010/12/07 15:31:54.0687 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/07 15:31:54.0812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/07 15:31:55.0000 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/12/07 15:31:55.0125 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/07 15:31:55.0359 nv (933a02052aed2da698811a14b7848faf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/07 15:31:55.0671 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/07 15:31:55.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/07 15:31:55.0984 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/12/07 15:31:56.0140 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/12/07 15:31:56.0281 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/07 15:31:56.0453 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/07 15:31:56.0640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/07 15:31:56.0781 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/07 15:31:57.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/07 15:31:57.0171 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/07 15:31:57.0734 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/12/07 15:31:57.0890 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/12/07 15:31:58.0031 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2010/12/07 15:31:58.0312 PlatAlrt (7e885eb50520747204947eff818b0a29) C:\WINDOWS\System32\drivers\PlatAlrt.sys
2010/12/07 15:31:58.0468 pmem (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\DRIVERS\pmemnt.sys
2010/12/07 15:31:58.0640 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/12/07 15:31:58.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/07 15:31:59.0171 PRISM_A02 (3102f13afdcdfbfe1467bf03bf027cb1) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
2010/12/07 15:31:59.0328 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/07 15:31:59.0500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/07 15:31:59.0625 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/07 15:31:59.0765 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/12/07 15:31:59.0906 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/12/07 15:32:00.0031 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/12/07 15:32:00.0156 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/12/07 15:32:00.0296 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/12/07 15:32:00.0437 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/12/07 15:32:00.0593 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/07 15:32:00.0718 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/07 15:32:00.0843 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/07 15:32:00.0953 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/07 15:32:01.0093 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/07 15:32:01.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/07 15:32:01.0421 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/07 15:32:01.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/07 15:32:01.0718 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/07 15:32:01.0953 sbext (c5d8cc129720797547c133487289f7e3) C:\WINDOWS\system32\DRIVERS\sbext.sys
2010/12/07 15:32:02.0187 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/07 15:32:02.0359 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/07 15:32:02.0515 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/07 15:32:02.0718 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/07 15:32:02.0968 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/12/07 15:32:03.0125 smwdm (12d9287937366bf1c9ad7007b5407deb) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/07 15:32:03.0312 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/12/07 15:32:03.0437 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/07 15:32:03.0562 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/07 15:32:03.0750 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/07 15:32:03.0921 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/07 15:32:04.0078 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/07 15:32:04.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/12/07 15:32:04.0406 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/12/07 15:32:04.0546 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/07 15:32:04.0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/07 15:32:04.0968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/07 15:32:05.0109 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/07 15:32:05.0281 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/07 15:32:05.0640 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/12/07 15:32:05.0828 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/12/07 15:32:06.0031 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/07 15:32:06.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/12/07 15:32:06.0375 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/07 15:32:06.0578 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/07 15:32:06.0750 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/07 15:32:06.0906 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/07 15:32:07.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/07 15:32:07.0187 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/07 15:32:07.0343 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/07 15:32:07.0484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/07 15:32:07.0640 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/12/07 15:32:07.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/07 15:32:07.0984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/07 15:32:08.0125 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/07 15:32:08.0281 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/12/07 15:32:08.0453 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/12/07 15:32:08.0609 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/07 15:32:08.0828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/07 15:32:09.0312 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/07 15:32:09.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/07 15:32:09.0859 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/07 15:32:10.0046 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/07 15:32:10.0203 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/07 15:32:10.0234 ================================================================================
2010/12/07 15:32:10.0234 Scan finished
2010/12/07 15:32:10.0234 ================================================================================
2010/12/07 15:32:10.0265 Detected object count: 1
2010/12/07 15:32:19.0281 \HardDisk0 - will be cured after reboot
2010/12/07 15:32:19.0281 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/07 15:32:22.0031 Deinitialize success
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Re: Malware Issues - Please Help

Unread postby melboy » December 7th, 2010, 4:53 pm

ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Issues - Please Help

Unread postby Urban Monk » December 7th, 2010, 6:38 pm

ComboFix 10-12-06.04 - Ashok Shah 12/07/2010 16:07:06.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1372 [GMT -5:00]
Running from: c:\documents and settings\Ashok Shah\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ashok Shah\Application Data\Bitrix Security
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\dizgoouro64_shrd
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\dupm
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\fg.txt
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\gakpr_shrd
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\kfwhsb_shrd
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\ljgh.txt
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\lopx.ico
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\lsvagr
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\lyenrei96_shrd
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\mcx.txt
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\omskxye30_shrd
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\plk.txt
c:\documents and settings\Ashok Shah\Application Data\Bitrix Security\tghmqo
c:\documents and settings\Ashok Shah\Application Data\install
c:\documents and settings\Ashok Shah\Local Settings\Application Data\{66D2ED49-322F-4071-ADBC-7EBC987EA654}
c:\documents and settings\Ashok Shah\Local Settings\Application Data\{66D2ED49-322F-4071-ADBC-7EBC987EA654}\chrome.manifest
c:\documents and settings\Ashok Shah\Local Settings\Application Data\{66D2ED49-322F-4071-ADBC-7EBC987EA654}\chrome\content\_cfg.js
c:\documents and settings\Ashok Shah\Local Settings\Application Data\{66D2ED49-322F-4071-ADBC-7EBC987EA654}\chrome\content\overlay.xul
c:\documents and settings\Ashok Shah\Local Settings\Application Data\{66D2ED49-322F-4071-ADBC-7EBC987EA654}\install.rdf
c:\documents and settings\Ashok Shah\Local Settings\Application Data\50103750.exe
c:\documents and settings\Ashok Shah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\googsystray\googsystray.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Microsoft Hardware\Keyboard\type32.exe
c:\program files\Microsoft IntelliPoint\ipoint.exe
c:\program files\Microsoft IntelliType Pro\itype.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\Microsoft Security Essentials\msseces.exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask.exe
c:\program files\Songkick\Songkicker\songkicker .exe
c:\program files\Songkick\Songkicker\songkicker .exe
c:\program files\Songkick\Songkicker\songkicker .exe
c:\program files\Songkick\Songkicker\songkicker .exe
c:\program files\Songkick\Songkicker\songkicker .exe
c:\program files\Songkick\Songkicker\songkicker.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-07 20:45 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9953C6-E651-4717-A7FF-E50670DAC6CB}\mpengine.dll
2010-12-07 20:18 . 2010-12-07 20:18 89088 ----a-w- C:\mbr.exe
2010-12-06 23:07 . 2010-12-06 23:07 -------- d-----w- c:\documents and settings\Ashok Shah\Application Data\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2010-12-06 17:51 . 2010-12-06 17:51 -------- d-----w- c:\program files\Balsamiq Mockups
2010-12-04 08:30 . 2010-12-04 08:30 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-12-04 06:26 . 2010-12-04 06:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-12-04 06:20 . 2010-12-04 06:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-03 05:09 . 2010-12-03 05:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-12-02 16:25 . 2010-12-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-02 16:24 . 2010-12-02 17:38 -------- d-----w- c:\documents and settings\Ashok Shah\Local Settings\Application Data\NPE
2010-12-02 09:17 . 2010-12-02 09:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-12-02 07:31 . 2010-12-02 07:31 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-02 04:44 . 2010-12-02 04:44 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2010-12-02 04:41 . 2010-12-02 04:41 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2010-11-18 05:11 . 2010-11-18 05:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-09-14 02:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-09-14 02:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 04:33 . 2009-10-10 06:52 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-10-09 06:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44 . 2009-03-12 04:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-07-20 06:27 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-18 17:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 14:27 . 2010-09-15 14:27 88 ---ha-w- C:\aaw7boot.cmd
2010-09-15 08:00 . 2010-09-15 08:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-14 01:58 . 2010-09-14 01:58 96512 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-09-10 05:58 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2003-05-23 23:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2003-05-23 23:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-08-12 23:47 . 2005-05-08 04:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
Code: Select all
<pre>
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\googsystray\googsystray .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam  .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Hardware\Keyboard\type32 .exe
c:\program files\Microsoft IntelliPoint\ipoint .exe
c:\program files\Microsoft IntelliType Pro\itype .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Microsoft Security Essentials\msseces .exe
c:\program files\QuickTime\qttask                                                                                                                                                               .exe
c:\program files\Songkick\Songkicker\songkicker           .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Google Update"="c:\documents and settings\Ashok Shah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"googsystray"="c:\program files\googsystray\googsystray.exe" [N/A]
"Songkicker"="c:\program files\Songkick\Songkicker\songkicker .exe" [2009-12-15 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312]
"nwiz"="nwiz.exe" [2004-08-03 917504]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [N/A]
"AudCtrl"="AudCtrl.dll" [2002-03-21 47897]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [N/A]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [N/A]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [N/A]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [N/A]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [N/A]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-03 42500]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-12-04 53248]

c:\documents and settings\The Sneak\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Ashok Shah\Desktop\P7140323.JPG
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDSentry"=c:\windows\System32\DSentry.exe
"HostManager"=c:\program files\Common Files\AOL\1142488136\ee\AOLSoftware.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 9:51 AM 212992]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 4:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 4:06 PM 23744]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [7/22/2008 6:17 PM 46824]
R3 sbext;Sound Blaster Extigy Audio Driver;c:\windows\SYSTEM32\DRIVERS\sbext.sys [5/28/2003 5:40 PM 1152916]
S2 gupdate1c9245438d00c02;Google Update Service (gupdate1c9245438d00c02);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2008 1:02 AM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\Drivers\tiacxubt.sys --> c:\windows\system32\Drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\Drivers\tiacxusb.sys --> c:\windows\system32\Drivers\tiacxusb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-12-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-22 16:08]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\
FF - component: c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Ashok Shah\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Ubiquity: ubiquity@labs.mozilla.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\ubiquity@labs.mozilla.com
FF - Extension: Firefox Universal Uploader (fireuploader): {0200c2a9-70da-4f6d-b527-f5f7d7877228} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
FF - Extension: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\facepad@lazyrussian.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Extension: Multifox: multifox@hultmann - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\multifox@hultmann
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\isreaditlater@ideashower.com
FF - Extension: vShare Plugin: vshare@toolbar - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\vshare@toolbar
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Ashok Shah\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 17:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4???F????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\???????(?`??????C@?\???\??????sF???\??????s\????&3?5??s?&3??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(420)
c:\windows\system32\WININET.dll
c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\System32\msvdm.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2010-12-07 17:36:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-07 22:36
ComboFix2.txt 2010-09-19 07:53

Pre-Run: 2,179,350,528 bytes free
Post-Run: 2,174,615,552 bytes free

- - End Of File - - 5F906393FCCCB6F55AFC418F0A59A98E
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Re: Malware Issues - Please Help

Unread postby melboy » December 7th, 2010, 8:41 pm

Hi

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    c:\windows\Rliguyosamav.bin
    C:\aaw7boot.cmd
    
    RenV::
    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
    c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
    c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\googsystray\googsystray .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam  .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\Microsoft Hardware\Keyboard\type32 .exe
    c:\program files\Microsoft IntelliPoint\ipoint .exe
    c:\program files\Microsoft IntelliType Pro\itype .exe
    c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
    c:\program files\Microsoft Security Essentials\msseces .exe
    c:\program files\QuickTime\qttask                                                                                                                                                               .exe
    c:\program files\Songkick\Songkicker\songkicker           .exe
    
    Driver::
    Lavasoft Kernexplorer
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    "Songkicker"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Issues - Please Help

Unread postby Urban Monk » December 8th, 2010, 1:46 am

ComboFix 10-12-07.02 - Ashok Shah 12/08/2010 0:08.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1480 [GMT -5:00]
Running from: c:\documents and settings\Ashok Shah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ashok Shah\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"C:\aaw7boot.cmd"
"c:\windows\Rliguyosamav.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aaw7boot.cmd
c:\windows\Rliguyosamav.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_Lavasoft Kernexplorer


((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-07 22:39 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{241E7253-521E-4BA3-9CF5-E06D1DB19332}\mpengine.dll
2010-12-07 20:18 . 2010-12-07 20:18 89088 ----a-w- C:\mbr.exe
2010-12-06 23:07 . 2010-12-06 23:07 -------- d-----w- c:\documents and settings\Ashok Shah\Application Data\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2010-12-06 17:51 . 2010-12-06 17:51 -------- d-----w- c:\program files\Balsamiq Mockups
2010-12-04 08:30 . 2010-12-04 08:30 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-12-04 06:26 . 2010-12-04 06:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-12-04 06:20 . 2010-12-04 06:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-03 05:09 . 2010-12-03 05:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-12-02 16:25 . 2010-12-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-02 16:24 . 2010-12-02 17:38 -------- d-----w- c:\documents and settings\Ashok Shah\Local Settings\Application Data\NPE
2010-12-02 09:17 . 2010-12-02 09:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-12-02 07:31 . 2010-12-02 07:31 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-02 04:44 . 2010-12-02 04:44 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2010-12-02 04:41 . 2010-12-02 04:41 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2010-11-18 05:11 . 2010-11-18 05:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-09-14 02:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-09-14 02:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 04:33 . 2009-10-10 06:52 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-10-09 06:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44 . 2009-03-12 04:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-07-20 06:27 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-18 17:23 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:00 . 2010-09-15 08:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-14 01:58 . 2010-09-14 01:58 96512 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-09-10 05:58 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2003-05-23 23:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2003-05-23 23:09 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-08-12 23:47 . 2005-05-08 04:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]
"googsystray"="c:\program files\googsystray\googsystray.exe" [2009-12-15 60928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312]
"nwiz"="nwiz.exe" [2004-08-03 917504]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"AudCtrl"="AudCtrl.dll" [2002-03-21 47897]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 30192]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-12-04 53248]

c:\documents and settings\The Sneak\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Ashok Shah\Desktop\P7140323.JPG
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ashok Shah^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Ashok Shah\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 17:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDSentry"=c:\windows\System32\DSentry.exe
"HostManager"=c:\program files\Common Files\AOL\1142488136\ee\AOLSoftware.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Ashok Shah\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Ashok Shah\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 9:51 AM 212992]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 4:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 4:06 PM 23744]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [7/22/2008 6:17 PM 46824]
R3 sbext;Sound Blaster Extigy Audio Driver;c:\windows\SYSTEM32\DRIVERS\sbext.sys [5/28/2003 5:40 PM 1152916]
S2 gupdate1c9245438d00c02;Google Update Service (gupdate1c9245438d00c02);c:\program files\Google\Update\GoogleUpdate.exe [10/2/2008 1:02 AM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/20/2004 1:47 AM 30192]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\Drivers\tiacxubt.sys --> c:\windows\system32\Drivers\tiacxubt.sys [?]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\Drivers\tiacxusb.sys --> c:\windows\system32\Drivers\tiacxusb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-12-08 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-22 16:08]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-02 06:02]

2010-12-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\
FF - component: c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Ashok Shah\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Ashok Shah\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Ubiquity: ubiquity@labs.mozilla.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\ubiquity@labs.mozilla.com
FF - Extension: Firefox Universal Uploader (fireuploader): {0200c2a9-70da-4f6d-b527-f5f7d7877228} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
FF - Extension: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\facepad@lazyrussian.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Extension: Multifox: multifox@hultmann - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\multifox@hultmann
FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\isreaditlater@ideashower.com
FF - Extension: vShare Plugin: vshare@toolbar - c:\documents and settings\Ashok Shah\Application Data\Mozilla\Firefox\Profiles\svrrnb29.default\extensions\vshare@toolbar
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Ashok Shah\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Google Update - c:\documents and settings\Ashok Shah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 00:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4????????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\????????@a??????C@?\???\??????s????\??????s\????&3?5??s?&3??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WININET.dll
c:\documents and settings\Ashok Shah\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\System32\msvdm.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\RunDll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-12-08 00:32:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-08 05:31
ComboFix2.txt 2010-12-07 22:36
ComboFix3.txt 2010-09-19 07:53

Pre-Run: 2,181,107,712 bytes free
Post-Run: 2,161,455,104 bytes free

- - End Of File - - E545DB35C5F125A9D3A19D64D51F5355
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm

Re: Malware Issues - Please Help

Unread postby melboy » December 8th, 2010, 5:19 pm

Hi

Give me an update on how things are running.



Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.4 to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 7.1.0
  • Install the new downloaded updated software.
  • Then using the internal updater update the software to the current increment 9.4.1
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.



Update Java Runtime
You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 6 Update 23.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition JDK 6 Update 23 (JDK or JRE)"
  • Click the Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u23-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java 2 Runtime Environment Standard Edition v1.3.1_04
    Java(TM) 6 Update 17
    Java(TM) 6 Update 7
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer


TFC

You should still have this on your desktop,

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Malware Issues - Please Help

Unread postby Urban Monk » December 9th, 2010, 10:24 am

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip Win32/Bagle.gen.zip worm
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ashok Shah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Google\Google Desktop Search\GoogleDesktop.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\googsystray\googsystray.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft Hardware\Keyboard\type32.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft IntelliPoint\ipoint.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft IntelliType Pro\itype.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft Office\Office12\GrooveMonitor.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Essentials\msseces.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Songkick\Songkicker\songkicker .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Songkick\Songkicker\songkicker .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Songkick\Songkicker\songkicker .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Songkick\Songkicker\songkicker .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Songkick\Songkicker\songkicker .exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\Program Files\Songkick\Songkicker\songkicker.exe.vir Win32/TrojanDownloader.Unruy.BN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ajfgupvw.ini.vir Win32/Adware.Virtumonde.NEO application
C:\SDFix\apps\Process.exe Win32/PrcView application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2772\A0962658.com Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2776\A0964802.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2776\A0964803.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2776\A0964804.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2776\A0964806.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2776\A0964811.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964875.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964876.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964877.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964878.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964879.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964880.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964881.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964882.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964883.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964884.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964885.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964886.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964887.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964888.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964889.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964890.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964891.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964892.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964893.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964894.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964895.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964896.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964897.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964898.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964899.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964900.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964901.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964902.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964903.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964904.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964905.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964906.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964907.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964908.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964909.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964910.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964911.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964912.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964913.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964914.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964915.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964916.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964917.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964918.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964919.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964920.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964921.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964922.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964923.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964924.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964925.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964926.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964927.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964928.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964929.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964930.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964931.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964932.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964933.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964934.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964935.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964936.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964937.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964938.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964939.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964940.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964941.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964942.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964943.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964944.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964945.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964946.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964947.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964948.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964949.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964950.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964951.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964952.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964953.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964954.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964955.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964956.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964957.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964958.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964959.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964960.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964961.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964962.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964963.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964964.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964965.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964966.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964967.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964968.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964969.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964970.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964971.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964972.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964973.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964974.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964975.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964976.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964977.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964978.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964979.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964980.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964981.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964982.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964983.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964984.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964985.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964986.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964987.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964988.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964989.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964990.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964991.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964992.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964993.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964994.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964995.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964996.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964997.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964998.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0964999.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965000.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965001.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965002.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965003.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965004.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965005.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965006.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965007.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965008.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965009.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965010.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965011.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965012.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965013.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965014.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965015.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965016.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965017.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965018.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965019.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965020.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965021.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965022.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965023.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965024.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965025.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965026.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965027.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965028.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965029.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965030.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965031.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965032.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965033.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965034.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965035.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965036.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965037.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965038.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965039.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965040.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965041.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965042.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965043.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965044.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965045.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965046.exe Win32/TrojanDownloader.Unruy.BN trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2777\A0965228.exe Win32/TrojanDownloader.Unruy.BN trojan
Urban Monk
Regular Member
 
Posts: 31
Joined: September 14th, 2010, 6:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 333 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware