Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hypersonic's Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hypersonic's Log

Unread postby beynac » December 10th, 2007, 6:17 pm

Hi Hypersonic.

Your logs are looking a lot better. Next, we need to update your Java and then run an online scan to make sure that there is nothing still lurking.

---------------------------------------------------

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 3.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6 Update 3
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your desktop
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all the following old versions of Java
    • Java 2 Runtime Environment, SE v1.4.2_04
    • Java 2 Runtime Environment, SE v1.4.2_06
    • J2SE Runtime Environment 5.0 Update 3
  • Reboot your computer
  • Delete the folder C:\Program Files\Java, if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer

----------------------------------------------------

ATF Cleaner by Atribune ©

Download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.
  • Make sure that all browser windows are closed
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.

------------------------------------------------

Kaspersky Online Scanner

Be aware that downloading the definition files and scanning the computer may take an hour or more.

Using Internet Explorer, go to: http://www.kaspersky.com/virusscanner
  • Click on Kaspersky Online Scanner
  • Click the Accept button (see the note below if using IE7)
  • Follow the prompts to download and install the ActiveX component(s) and other software
    • If a yellow information bar appears at the top of the browser window, click on it and select Install ActiveX Control
    • If a message box appears, click on OK or Run as appropriate
  • Click Accept again (see the note below if using IE7)
  • When a message box appears, click on Install to allow the installation
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click 'Next'.
  • Now click on 'Scan Settings'
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
    • Scan Options: 'Scan Archives' and 'Scan Mail Bases'
  • Click 'OK'
  • Now under 'Select a target to scan' select 'My Computer'
  • The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
  • Now click on the Save as... button:
  • Save the report to your desktop (N.B. Save as type: Text document (txt))

Note: You may get a window without the Accept/Decline buttons. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

---------------------------------------------------

Please post the following as replies to this thread:
  • The Kaspersky report (you may have to split this into two or more replies)
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Advertisement
Register to Remove

Re: Hypersonic's Log

Unread postby Hypersonic » December 15th, 2007, 5:09 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 15, 2007 11:14:16 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/12/2007
Kaspersky Anti-Virus database records: 483304
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 78586
Number of viruses found: 25
Number of infected objects: 183
Number of suspicious objects: 4
Duration of the scan process: 01:32:16

Infected Object Name / Virus Name / Last Action
C:\D5.tmp Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\D8.tmp Infected: Trojan-Downloader.Win32.Small.gvr skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AOLDiag\AOL\HelixUSBETA\Win32\2.5.6.1\0000d8ac.prm Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak1.zip/hcwprn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak4.zip/wbeInst$.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\cert8.db Object is locked skipped
C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\history.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\key3.db Object is locked skipped
C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\parent.lock Object is locked skipped
C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Valued Customer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.dfd Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.did Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.dsd Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kdb Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kdl Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kib Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kpf Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.ksb Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\UserProfiles\1165102985\ttop363\cls\common.cls Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Mozilla\Firefox\Profiles\wx9zgw4e.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\History\History.IE5\MSHist012007121520071216\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Temp\18.tmp Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Temp\CMLS--2007-12-15--07-40-24.log Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Valued Customer\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Valued Customer\Data\storydb.idx Object is locked skipped
C:\Program Files\SPYWAREfighter\spf.dat Object is locked skipped
C:\Program Files\SPYWAREfighter\spf.log Object is locked skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\14.tmp/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\14.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\14.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\15.tmp/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\15.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\15.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\E3.tmp/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\E3.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\E3.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\E4.tmp/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\E4.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security\QUARANTINE\E4.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\WinRAR\antispystorm_setup.exe/EXE-file Infected: not-a-virus:FraudTool.Win32.AntiSpyStorm.b skipped
C:\Program Files\WinRAR\antispystorm_setup.exe Embedded EXE: infected - 1 skipped
C:\Program Files\WinRAR\antispystorm_setup.exe UPX: infected - 1 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\atjhml.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\axkdcrywi.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\dlr.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\dlsefv.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\efokjg.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\egfgiw.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\fhmrq.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\fhtvy.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\hneeiqmurqek.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\hyekaea.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\hysd.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\kqfei.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\ktzoprugw.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\lqdeynrb.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\mrgzppfgnncu.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\nkfregsf.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\nsjydy.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\ojwsebypwpm.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\osehflsayjg.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\oxntduruc.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\pkks.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\sblnctpltwzk.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\svteqd.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\syxhsjwb.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\ttelabl.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\twpmi.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\ujapplyzea.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\uttlhwpbsn.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\vcvcmuf.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\zdqalkpqv.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Documents and Settings\Valued Customer\Application Data\zuezvvj.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\info.exe.vir Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\qoobox\Quarantine\C\Program Files\AntispyStorm\uninstall.exe.vir/EXE-file Infected: not-a-virus:FraudTool.Win32.AntiSpyStorm.b skipped
C:\qoobox\Quarantine\C\Program Files\AntispyStorm\uninstall.exe.vir Embedded EXE: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\AntispyStorm\uninstall.exe.vir UPX: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\SKS~1\scanregw.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fa skipped
C:\qoobox\Quarantine\C\Program Files\Insider\Insider.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\qoobox\Quarantine\C\Program Files\ISM\ism.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\qoobox\Quarantine\C\Program Files\MSN\hokewo24418.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 2 skipped
C:\qoobox\Quarantine\C\Program Files\QdrDrive\QdrDrive8.dll.vir Infected: not-a-virus:AdWare.Win32.AdBand.e skipped
C:\qoobox\Quarantine\C\Program Files\QdrModule\QdrModule9.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\qoobox\Quarantine\C\Program Files\QdrPack\QdrPack9.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.vu skipped
C:\qoobox\Quarantine\C\WINDOWS\b111.exe.vir Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\qoobox\Quarantine\C\WINDOWS\b147.exe.vir Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\qoobox\Quarantine\C\WINDOWS\b149.exe.vir Infected: Trojan-Dropper.Win32.Agent.ctu skipped
C:\qoobox\Quarantine\C\WINDOWS\mrofinu72.exe.vir Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jtgcfsd.exe.vir Infected: Trojan-Downloader.Win32.VB.bvx skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ramtmb.dll.vir Infected: Trojan-Spy.Win32.Agent.aiu skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\tmrsr.exe.vir Infected: not-virus:Hoax.Win32.Renos.sg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP924\A0173232.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP924\A0173238.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0175446.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0175449.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0175454.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0176569.exe/EXE-file Infected: not-a-virus:FraudTool.Win32.AntiSpyStorm.b skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0176569.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0176569.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0177577.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0177584.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0177596.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP926\A0177603.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP928\A0177653.exe/EXE-file Infected: not-a-virus:FraudTool.Win32.AntiSpyStorm.b skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP928\A0177653.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP928\A0177653.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP933\A0177849.exe/EXE-file Infected: not-a-virus:FraudTool.Win32.AntiSpyStorm.b skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP933\A0177849.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP933\A0177849.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP933\A0177853.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyStorm.b skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP935\A0185029.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP936\A0188260.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP936\A0188260.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP936\A0188260.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP936\A0188264.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP937\A0188356.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP941\A0189274.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP942\A0189281.dll Infected: not-a-virus:FraudTool.Win32.AntiSpyStorm.b skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP942\A0189282.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP943\A0189315.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP943\A0189315.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP943\A0189315.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP943\A0189321.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP944\A0189330.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP944\A0190362.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP944\A0190362.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP944\A0190362.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP944\A0190367.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP944\A0190416.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP946\A0193445.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP946\A0193468.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP946\A0193468.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP946\A0193468.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP946\A0193473.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP946\A0194492.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP946\A0196525.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP947\A0197523.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP947\A0198520.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP947\A0198581.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0198617.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0199655.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0200647.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0201656.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0201677.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0201677.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0201677.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0201682.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP948\A0202681.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202740.exe Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202742.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202743.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202744.exe Infected: Trojan-Dropper.Win32.Agent.ctu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202745.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202746.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202747.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202750.exe Infected: not-a-virus:AdWare.Win32.Agent.vu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202752.exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202762.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202764.exe Infected: Trojan-Downloader.Win32.PurityScan.fa skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202765.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202765.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202765.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202768.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202803.exe Infected: Trojan-Downloader.Win32.VB.bvx skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP949\A0202805.exe Infected: not-virus:Hoax.Win32.Renos.sg skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP950\A0205871.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205935.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205949.exe/EXE-file Infected: not-a-virus:FraudTool.Win32.AntiSpyStorm.b skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205949.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205949.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205950.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205951.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205952.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205953.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205954.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205955.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205956.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205957.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205958.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205959.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205960.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205961.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205962.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205963.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205964.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205965.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205966.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205967.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205968.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205969.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205970.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205971.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205972.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205973.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205974.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205975.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205976.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205977.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205978.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205979.exe Infected: not-a-virus:FraudTool.Win32.Avola.a skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205980.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP952\A0205982.dll Infected: Trojan-Spy.Win32.Agent.aiu skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP956\A0209141.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP956\A0209142.exe Infected: Trojan-Downloader.Win32.Small.gud skipped
C:\System Volume Information\_restore{2ACB873E-4D00-469E-AF57-C6A07555AC60}\RP965\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{662BA481-2931-425E-BA72-9BF303B7467C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby Hypersonic » December 15th, 2007, 5:11 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:21 AM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLDesktop.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/seri ... /gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13231 bytes
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby beynac » December 16th, 2007, 11:03 am

Good afternoon. :)

Your HijackThis log is clean. The Kaspersky report shows a couple of files which we need to delete, but the bulk of the items found are either in quarantine folders or in system restore points. We'll clean those out in a moment. First let's delete those other infected files.

Click on Start then My Computer, find the following files and folders (highlighted in red) and delete them, if present. Don't worry if any are missing, but please let me know.
  • C:\D5.tmp
  • C:\D8.tmp
  • C:\Program Files\WinRAR\antispystorm_setup.exe

---------------------------------------------

Next, we need to uninstall ComboFix. This will remove its quarantine folder and flush the infected system restore points.
  • Click Start then Run
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Image
  • If shown the Combofix disclaimer, Select "2"

--------------------------------------------

If you do not already use it, I suggest that you install SpywareBlaster. This program will:
  • Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
This program blocks these items but does not run in the background. It therefore does not use any resources.

I would also recommend that you have a look at Firetrust SiteHound. This gives warnings when you are about to enter a website that is on their 'block' list. An alternative is McAfee SiteAdvisor. I use SiteHound, but both have a good reputation (N.B. use only one of them, not both).

This article, How to prevent Malware by miekiemoes, gives some very good advice.

Please let me know whether you have any questions.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Re: Hypersonic's Log

Unread postby Gary R » December 19th, 2007, 11:39 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 328 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware