Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Problem

Unread postby TehDudeAbides » January 19th, 2009, 6:11 am

Hello, I just came across this site and I've got a few problems that need to be solved.
I most likely got this problem whilst downloading a song across the internet (Not P2P) but likely just as dodgy I guess. I've stopped now. (It involved using a script that searched for matches for mp3's located in google)

I noticed that the downloading file was slow to download but the data that I was download exceeded the filesize by an excessive amount.

Problems
1. Firefox and IE. When I use certain sites and click certain links and etc, it blanks out. The page is valid but it loads up blank. I have to refresh the page several times sometimes to view things.
2. Firefox, Pop-ups. I get them time to time.
3. IE, I don't actually use IE, but this pop-up loads and opens about 15-25 links to a unknown IP address which is blank but I'm afraid it's trying to download something harmful.

Here is the log.

I'm willing to get rid of any unwanted programs that I might not need.

Logfile of HijackThis v1.99.1
Scan saved at 9:00:46 PM, on 19/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\Program Files\AskBarDis\bar\bin\AskService.exe
D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero\Nero 7\InCD\InCD.exe
D:\Program Files\Gigabyte\ET5\GUI.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Utopia\Angel\Angel.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\dwwin.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://joinup.unwired.com.au/?platform=win&ver=2.1.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {2fd04713-8d88-4a6e-aebf-42941ad850af} - D:\WINDOWS\system32\yopiruna.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {62016911-1685-16ea-df04-7f668c6a14c9} - {9c41a6c8-66f7-40fd-ae61-586111961026} - D:\WINDOWS\system32\vpxpxq.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] D:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] D:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [EasyTuneV] D:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [kidizinofe] Rundll32.exe "D:\WINDOWS\system32\jewerari.dll",s
O4 - HKLM\..\Run: [CPMaf36ed0b] Rundll32.exe "d:\windows\system32\vozusoto.dll",a
O4 - HKLM\..\Run: [1c4e22c4] rundll32.exe "D:\WINDOWS\system32\hisukeba.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\nelesunu.dll vpxpxq.dll d:\windows\system32\vozusoto.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - d:\windows\system32\vozusoto.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASKService - Unknown owner - D:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

Thank You.
TehDudeAbides
Active Member
 
Posts: 6
Joined: January 19th, 2009, 6:04 am
Advertisement
Register to Remove

Re: Malware Problem

Unread postby peku006 » January 22nd, 2009, 8:52 am

Hello and welcome to Malware Removal.

My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Scan With ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware Problem

Unread postby TehDudeAbides » January 22nd, 2009, 4:35 pm

ComboFix 09-01-18.03 - User 2009-01-23 7:25:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1152 [GMT 11:00]
Running from: d:\documents and settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\LocalService\Application Data\twain_32
d:\documents and settings\LocalService\Application Data\twain_32\user.ds
d:\windows\system32\~.exe
d:\windows\system32\abekusih.ini
d:\windows\system32\adesugiy.ini
d:\windows\system32\adupajag.ini
d:\windows\system32\afikanuv.ini
d:\windows\system32\agetegat.ini
d:\windows\system32\ahohutus.ini
d:\windows\system32\akivigir.ini
d:\windows\system32\alobiwef.ini
d:\windows\system32\anigajoz.ini
d:\windows\system32\anurimab.ini
d:\windows\system32\apuririy.ini
d:\windows\system32\atapubab.ini
d:\windows\system32\atiluwuh.ini
d:\windows\system32\azizowok.ini
d:\windows\system32\babupata.dll
d:\windows\system32\bapepopo.dll
d:\windows\system32\bayopuge.dll
d:\windows\system32\bebufizu.dll
d:\windows\system32\berijona.dll
d:\windows\system32\beruvufi.dll
d:\windows\system32\betutuyo.dll
d:\windows\system32\bewijeze.dll
d:\windows\system32\bgzris.dll
d:\windows\system32\bimefili.dll
d:\windows\system32\biwifasi.dll
d:\windows\system32\bnsrrj.dll
d:\windows\system32\bolanefi.dll
d:\windows\system32\bomezagi.dll
d:\windows\system32\borababu.dll
d:\windows\system32\busofiyo.dll
d:\windows\system32\butobuko.dll
d:\windows\system32\darususi.dll
d:\windows\system32\dekoleha.dll
d:\windows\system32\derinade.dll
d:\windows\system32\deseliwo.dll
d:\windows\system32\dgjluv.dll
d:\windows\system32\dibiyowa.dll
d:\windows\system32\dijipire.dll
d:\windows\system32\dijuzihi.dll
d:\windows\system32\diwuzito.dll
d:\windows\system32\dorebehi.dll
d:\windows\system32\dufabuyo.dll
d:\windows\system32\duyovaha.dll
d:\windows\system32\ebiragug.ini
d:\windows\system32\ebukigek.ini
d:\windows\system32\ebunijim.ini
d:\windows\system32\edanired.ini
d:\windows\system32\edisepov.ini
d:\windows\system32\edodovej.ini
d:\windows\system32\edurojel.ini
d:\windows\system32\efidolos.ini
d:\windows\system32\efopvf.dll
d:\windows\system32\ehejudal.ini
d:\windows\system32\ehekuwup.ini
d:\windows\system32\ehifanag.ini
d:\windows\system32\ejonimop.ini
d:\windows\system32\ekapejon.ini
d:\windows\system32\elilovoh.ini
d:\windows\system32\elozorat.ini
d:\windows\system32\eluvazet.ini
d:\windows\system32\emilipus.ini
d:\windows\system32\emowafuj.ini
d:\windows\system32\esodohuy.ini
d:\windows\system32\esotufuf.ini
d:\windows\system32\esovodan.ini
d:\windows\system32\etemitav.ini
d:\windows\system32\etevigib.ini
d:\windows\system32\evodamim.ini
d:\windows\system32\ewijaneg.ini
d:\windows\system32\ewumuvip.ini
d:\windows\system32\ezejiweb.ini
d:\windows\system32\ezidizig.ini
d:\windows\system32\falefigi.dll
d:\windows\system32\famabuvu.dll
d:\windows\system32\fapalogo.dll
d:\windows\system32\farewoka.dll
d:\windows\system32\feberero.dll
d:\windows\system32\fedoniko.dll
d:\windows\system32\fevubitu.dll
d:\windows\system32\fezahoyu.dll
d:\windows\system32\figikoli.dll
d:\windows\system32\fogizezu.dll
d:\windows\system32\fozusayo.dll
d:\windows\system32\fufutose.dll
d:\windows\system32\fuhevive.dll
d:\windows\system32\fulewoge.dll
d:\windows\system32\fuyowugu.dll
d:\windows\system32\gabuwuwo.dll
d:\windows\system32\gadonesi.dll
d:\windows\system32\gamuduhe.dll
d:\windows\system32\gavedewu.dll
d:\windows\system32\gemewoda.dll
d:\windows\system32\gijabawu.dll
d:\windows\system32\gitalobo.dll
d:\windows\system32\giyqdq.dll
d:\windows\system32\gizidize.dll
d:\windows\system32\gojuhuji.dll
d:\windows\system32\gopikobi.dll
d:\windows\system32\gugaribe.dll
d:\windows\system32\gulosada.dll
d:\windows\system32\gurabimi.dll
d:\windows\system32\guvobana.dll
d:\windows\system32\hagipugo.dll
d:\windows\system32\hemunebu.dll
d:\windows\system32\higudivo.dll
d:\windows\system32\hinilezo.dll
d:\windows\system32\hisukeba.dll
d:\windows\system32\holusifo.dll
d:\windows\system32\hotowaze.dll
d:\windows\system32\hoyaguya.dll
d:\windows\system32\huhotise.dll
d:\windows\system32\huliguzo.dll
d:\windows\system32\ibujupop.ini
d:\windows\system32\idpyxv.dll
d:\windows\system32\ihizunad.ini
d:\windows\system32\ijuhujog.ini
d:\windows\system32\ikufepon.ini
d:\windows\system32\ilifemib.ini
d:\windows\system32\ilofehub.ini
d:\windows\system32\imibarug.ini
d:\windows\system32\isujukev.ini
d:\windows\system32\ivuvomap.ini
d:\windows\system32\iwuboboj.ini
d:\windows\system32\jaemtd.dll
d:\windows\system32\jahomayo.dll
d:\windows\system32\jalezada.dll
d:\windows\system32\jobobuwi.dll
d:\windows\system32\jopibata.dll
d:\windows\system32\jopokano.dll
d:\windows\system32\jovuee.dll
d:\windows\system32\jufawome.dll
d:\windows\system32\jufevedu.dll
d:\windows\system32\jureviji.dll
d:\windows\system32\jutimono.dll
d:\windows\system32\juwinamu.dll
d:\windows\system32\juyodufu.dll
d:\windows\system32\kebehawi.dll
d:\windows\system32\kedohugu.dll
d:\windows\system32\kegikube.dll
d:\windows\system32\kekiyala.dll
d:\windows\system32\kesezila.dll
d:\windows\system32\kiganopo.dll
d:\windows\system32\kivumolo.dll
d:\windows\system32\kowoziza.dll
d:\windows\system32\kujonuva.dll
d:\windows\system32\labagobu.dll
d:\windows\system32\ladujehe.dll
d:\windows\system32\lamukepa.dll
d:\windows\system32\latadeti.dll
d:\windows\system32\lazogiya.dll
d:\windows\system32\lejorude.dll
d:\windows\system32\ligijowe.dll
d:\windows\system32\lobumije.dll
d:\windows\system32\lomuduje.dll
d:\windows\system32\mameneye.dll
d:\windows\system32\mamotapi.dll
d:\windows\system32\mareruta.dll
d:\windows\system32\mawudeke.dll
d:\windows\system32\mdm.exe
d:\windows\system32\menukabu.dll
d:\windows\system32\mijinube.dll
d:\windows\system32\mimadove.dll
d:\windows\system32\monopatu.dll
d:\windows\system32\mudagisi.dll
d:\windows\system32\nadovose.dll
d:\windows\system32\nasikaje.dll
d:\windows\system32\nefilepu.dll
d:\windows\system32\nehozipa.dll
d:\windows\system32\nmiwlv.dll
d:\windows\system32\nojepake.dll
d:\windows\system32\nopefuki.dll
d:\windows\system32\nuhugofe.dll
d:\windows\system32\nuvameje.dll
d:\windows\system32\obekahez.ini
d:\windows\system32\obolatig.ini
d:\windows\system32\ofederes.ini
d:\windows\system32\ofisuloh.ini
d:\windows\system32\ofukipun.ini
d:\windows\system32\ogayotez.ini
d:\windows\system32\ogihapod.ini
d:\windows\system32\ogiyesir.ini
d:\windows\system32\okarolij.ini
d:\windows\system32\okasinel.ini
d:\windows\system32\okegomiv.ini
d:\windows\system32\olosupor.ini
d:\windows\system32\onomituj.ini
d:\windows\system32\onoputag.ini
d:\windows\system32\opidayir.ini
d:\windows\system32\opiduwaf.ini
d:\windows\system32\oraviyik.ini
d:\windows\system32\orejagiv.ini
d:\windows\system32\orunidim.ini
d:\windows\system32\osugorir.ini
d:\windows\system32\ovidugih.ini
d:\windows\system32\ovumilin.ini
d:\windows\system32\owilesed.ini
d:\windows\system32\oworilum.ini
d:\windows\system32\owuwubag.ini
d:\windows\system32\oyewatev.ini
d:\windows\system32\oyututeb.ini
d:\windows\system32\ozovonok.ini
d:\windows\system32\ozumomir.ini
d:\windows\system32\pabevajo.dll
d:\windows\system32\panosuba.dll
d:\windows\system32\pasevomi.dll
d:\windows\system32\pazeyoda.dll
d:\windows\system32\perakivu.dll
d:\windows\system32\peyumama.dll
d:\windows\system32\pezipiru.dll
d:\windows\system32\pipibuju.dll
d:\windows\system32\pivumuwe.dll
d:\windows\system32\popujubi.dll
d:\windows\system32\povisema.exe
d:\windows\system32\powipogi.dll
d:\windows\system32\ppmfsa.dll
d:\windows\system32\pularewi.dll
d:\windows\system32\puwukehe.dll
d:\windows\system32\rajujuli.dll
d:\windows\system32\rakujotu.dll
d:\windows\system32\refomoyo.dll
d:\windows\system32\repevumo.dll
d:\windows\system32\rimomuzo.dll
d:\windows\system32\riroguso.dll
d:\windows\system32\riseyigo.dll
d:\windows\system32\riyadipo.dll
d:\windows\system32\romabotu.dll
d:\windows\system32\ruwihela.dll
d:\windows\system32\savohofu.dll
d:\windows\system32\secchh.dll
d:\windows\system32\seredefo.dll
d:\windows\system32\sezogibe.dll
d:\windows\system32\sihowedo.dll
d:\windows\system32\sipituko.dll
d:\windows\system32\siyipino.dll
d:\windows\system32\sovosofu.dll
d:\windows\system32\sunezihe.dll
d:\windows\system32\sunufajo.dll
d:\windows\system32\supilime.dll
d:\windows\system32\sutefuhi.dll
d:\windows\system32\tafivefi.dll
d:\windows\system32\tagetega.dll
d:\windows\system32\tajokigu.dll
d:\windows\system32\tatoluya.dll
d:\windows\system32\tefiyuvu.dll
d:\windows\system32\temekatu.dll
d:\windows\system32\tutokifo.dll
d:\windows\system32\twain_32
d:\windows\system32\twain_32\local.ds
d:\windows\system32\twain_32\user.ds
d:\windows\system32\twext.exe
d:\windows\system32\ubabarob.ini
d:\windows\system32\ubakiwod.ini
d:\windows\system32\ubakunem.ini
d:\windows\system32\udevefuj.ini
d:\windows\system32\ufiyinin.ini
d:\windows\system32\ufosovos.ini
d:\windows\system32\ufozinaw.ini
d:\windows\system32\ugikojat.ini
d:\windows\system32\ujofogey.ini
d:\windows\system32\umagibep.ini
d:\windows\system32\umaniwuj.ini
d:\windows\system32\upedapid.ini
d:\windows\system32\utaponom.ini
d:\windows\system32\uvikarep.ini
d:\windows\system32\uvubamaf.ini
d:\windows\system32\uvuyifet.ini
d:\windows\system32\uwedevag.ini
d:\windows\system32\uypvot.dll
d:\windows\system32\uzezigof.ini
d:\windows\system32\vahhfd.dll
d:\windows\system32\vamodimu.dll
d:\windows\system32\vatimete.dll
d:\windows\system32\vedofumu.dll
d:\windows\system32\vekujusi.dll
d:\windows\system32\vigajero.dll
d:\windows\system32\vimogeko.dll
d:\windows\system32\viriteda.dll
d:\windows\system32\vnajcv.dll
d:\windows\system32\vofehafi.dll
d:\windows\system32\vosulome.dll
d:\windows\system32\vozusoto.dll
d:\windows\system32\vpxpxq.dll
d:\windows\system32\vubaliha.dll
d:\windows\system32\vunakifa.dll
d:\windows\system32\vuvoseku.dll
d:\windows\system32\vuzasufa.dll
d:\windows\system32\wanizofu.dll
d:\windows\system32\wegagolu.dll
d:\windows\system32\wijusigi.dll
d:\windows\system32\wisebiga.dll
d:\windows\system32\wiwijadu.dll
d:\windows\system32\wosarako.dll
d:\windows\system32\wutizipi.dll
d:\windows\system32\yahosuze.dll
d:\windows\system32\yatorolo.dll
d:\windows\system32\yemuyafe.dll
d:\windows\system32\yigohene.dll
d:\windows\system32\yirirupa.dll
d:\windows\system32\yohefani.dll
d:\windows\system32\yohitavu.dll
d:\windows\system32\yovukuyo.dll
d:\windows\system32\yowefise.dll
d:\windows\system32\yoyorena.dll
d:\windows\system32\yuhodose.dll
d:\windows\system32\yuwevelo.dll
d:\windows\system32\zajeyema.dll
d:\windows\system32\zasugipu.dll
d:\windows\system32\zehakebo.dll
d:\windows\system32\zetoyago.dll
d:\windows\system32\zewobihu.dll
d:\windows\system32\zojagina.dll
d:\windows\system32\zokelika.dll
d:\windows\system32\zusawuzo.dll

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-04 03:10 . 2009-01-04 03:46 <DIR> d-------- d:\documents and settings\User\Application Data\LimeWire
2009-01-01 19:49 . 2009-01-01 19:49 <DIR> d-------- d:\documents and settings\All Users\Application Data\Blizzard
2009-01-01 17:04 . 2009-01-01 17:04 <DIR> d-------- d:\program files\Common Files\Blizzard Entertainment
2008-12-26 00:17 . 2008-12-26 11:54 <DIR> d-------- d:\documents and settings\User\Application Data\Azureus
2008-12-26 00:17 . 2008-12-26 00:17 <DIR> d-------- d:\documents and settings\All Users\Application Data\Azureus
2008-12-26 00:16 . 2009-01-22 20:29 <DIR> d-------- d:\program files\Vuze

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 20:30 --------- d-----w d:\documents and settings\User\Application Data\Hamachi
2009-01-22 00:50 --------- d-----w d:\documents and settings\User\Application Data\mIRC
2008-12-04 11:07 --------- d-----w d:\program files\Common Files\Adobe
2008-12-04 08:49 --------- d-----w d:\windows\system32\config\systemprofile\Application Data\aAvgApi
2008-11-30 03:42 --------- d-----w d:\documents and settings\User\Application Data\THQ
2008-11-30 03:34 --------- d-----w d:\program files\Gigabyte
2008-11-29 09:32 --------- d-----w d:\documents and settings\Test\Application Data\AVGTOOLBAR
2008-09-14 11:45 18,432 --sha-w d:\windows\system32\bomukako.dll
2007-12-17 14:13 91,938 --sha-w d:\windows\system32\dipafibu.dll
2008-09-13 23:45 14,336 --sha-w d:\windows\system32\dorulelo.dll
2007-09-16 09:16 10,240 --sha-w d:\windows\system32\getovojo.dll
2008-08-30 23:33 2,048 --sha-w d:\windows\system32\guvuvara.dll
2007-09-18 08:10 15,360 --sha-w d:\windows\system32\holuwuma.dll
2008-09-11 03:28 14,336 --sha-w d:\windows\system32\hurezuve.dll
2007-12-17 02:12 92,946 --sha-w d:\windows\system32\levewani.dll
2008-09-11 03:28 16,384 --sha-w d:\windows\system32\ligalijo.dll
2008-08-30 09:24 61,952 --sha-w d:\windows\system32\miziwiva.dll
2008-08-30 09:24 61,952 --sha-w d:\windows\system32\mumenawo.dll
2008-08-23 20:46 87,934 --sha-w d:\windows\system32\naditume.dll
2007-09-18 08:10 9,216 --sha-w d:\windows\system32\niwaluyu.dll
2008-09-02 05:36 69,632 --sha-w d:\windows\system32\rofegivu.dll
2007-12-18 08:12 878 --sh--w d:\windows\system32\saperiho.dll
2007-12-17 02:12 84,092 --sha-w d:\windows\system32\sutuhoha.dll
2008-09-19 03:13 24,576 --sha-w d:\windows\system32\tegavipo.dll
2008-09-14 11:45 16,384 --sha-w d:\windows\system32\tonasuta.dll
2008-08-24 08:47 33,754 --sha-w d:\windows\system32\vafowine.dll
2008-09-02 05:36 45,056 --sha-w d:\windows\system32\vufeguja.dll
2008-09-13 23:45 21,504 --sha-w d:\windows\system32\wulubuvo.dll
2008-09-19 03:13 24,576 --sha-w d:\windows\system32\yeneriho.dll
2008-09-23 20:48 82,944 --sha-w d:\windows\system32\yeweyefa.dll
2008-09-05 22:51 66,560 --sha-w d:\windows\system32\yeyanido.dll
2007-12-16 09:16 2,713 --sh--w d:\windows\system32\zarebeba.dll
1601-01-01 00:12 56,433 --sha-w d:\windows\system32\zavonuda.dll
2008-09-03 23:38 74,752 --sha-w d:\windows\system32\zolekare.dll
2008-09-19 03:13 16,384 --sha-w d:\windows\system32\zugibiru.dll
2007-09-16 09:16 10,240 --sha-w d:\windows\system32\zusidebi.dll
2008-10-16 14:31 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101720081018\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Utopia Angel"="c:\utopia\Angel\Angel.exe" [2009-01-05 3552256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2005-12-19 7315456]
"SW20"="d:\windows\system32\sw20.exe" [2006-02-06 208896]
"SW24"="d:\windows\system32\sw24.exe" [2006-02-06 69632]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2005-12-19 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"EasyTuneV"="d:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 d:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2005-12-19 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\User\Start Menu\Programs\Startup\
hamachi.lnk - d:\program files\Hamachi\hamachi.exe [5/2/2008 11:05:31 PM 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)
"NMIndexingService"=3 (0x3)
"LexBceS"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Netdraft\\NetDraft\\idraft.exe"=
"c:\\Program Files\\Magic Workstation\\MWSPlay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6113:TCP"= 6113:TCP:Warcraft 3

S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\User\LOCALS~1\Temp\GPEB.tmp --> d:\docume~1\User\LOCALS~1\Temp\GPEB.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [8/3/2005 8:10:13 AM 32512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MARKFUN_NT
*Deregistered* - MarkFun_NT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fd90ab1-aeda-11dd-8066-ba646a0efa97}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31d799c8-b0aa-11dd-806a-e34d5d13c770}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f77a92d-aed1-11dd-8064-001485f373d7}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cab3dd22-b691-11dd-8078-bf006a6cfb49}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd87040d-aef5-11dd-8067-935063668e81}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
BHO-{24850fc0-41a3-400b-8f44-7fdf4127e9d6} - d:\windows\system32\secchh.dll
BHO-{2fd04713-8d88-4a6e-aebf-42941ad850af} - d:\windows\system32\kesezila.dll
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.garena.com/portal/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = https://joinup.unwired.com.au/?platform=win&ver=2.1.0
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
d:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - d:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\uuoq6tm9.default\
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 07:30:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\User\LOCALS~1\Temp\GPEB.tmp"
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Lavasoft\Ad-Aware\aawservice.exe
d:\program files\Nero\Nero 7\InCD\InCDsrv.exe
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\windows\system32\rundll32.exe
d:\windows\system32\rundll32.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\wdfmgr.exe
d:\program files\iPod\bin\iPodService.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-23 7:32:14 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2009-01-22 20:32:11

Pre-Run: 43,641,696,256 bytes free
Post-Run: 44,217,167,872 bytes free

499 --- E O F --- 2008-10-16 14:12:36


-----------------------------------------------------------------



Logfile of HijackThis v1.99.1
Scan saved at 7:34:36 AM, on 23/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero\Nero 7\InCD\InCD.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://joinup.unwired.com.au/?platform=win&ver=2.1.0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] D:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] D:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [EasyTuneV] D:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA61610-987D-4CDA-A985-C2DF7915C552}: NameServer = 61.88.88.88 61.88.88.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

Didn't realise I had so many "bad" files :S
TehDudeAbides
Active Member
 
Posts: 6
Joined: January 19th, 2009, 6:04 am

Re: Malware Problem

Unread postby peku006 » January 23rd, 2009, 3:40 am

Hi TehDudeAbides

The Recovery Console has not been installed on your machine. We will manually install it now in case something gets broken. With tools as powerful as ComboFix around you wouldn't want to risk it. Installing the Recovery Console only takes a few minutes of your time.
Please click here

Now please download the correct Setup Disks for your version of Windows XP. Please put the file on your desktop.

Image

Disconnect from the internet and disable ALL protection software! ComboFix is about to modify some critical system files and no protection software will ever allow that to happen.
Next, drag the Microsoft executable into ComboFix.
Image

Please follow the instructions ComboFix gives you. When asked whether to continue scanning for malware, click Yes

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware Problem

Unread postby TehDudeAbides » January 23rd, 2009, 7:33 am

ComboFix 09-01-18.03 - User 2009-01-23 22:26:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1095 [GMT 11:00]
Running from: d:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-04 03:10 . 2009-01-04 03:46 <DIR> d-------- d:\documents and settings\User\Application Data\LimeWire
2009-01-01 19:49 . 2009-01-01 19:49 <DIR> d-------- d:\documents and settings\All Users\Application Data\Blizzard
2009-01-01 17:04 . 2009-01-01 17:04 <DIR> d-------- d:\program files\Common Files\Blizzard Entertainment
2008-12-26 00:17 . 2008-12-26 11:54 <DIR> d-------- d:\documents and settings\User\Application Data\Azureus
2008-12-26 00:17 . 2008-12-26 00:17 <DIR> d-------- d:\documents and settings\All Users\Application Data\Azureus
2008-12-26 00:16 . 2009-01-22 20:29 <DIR> d-------- d:\program files\Vuze

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 11:26 --------- d-----w d:\documents and settings\User\Application Data\mIRC
2009-01-23 08:26 --------- d-----w d:\documents and settings\User\Application Data\Hamachi
2008-12-21 11:46 85,134 ------w d:\windows\system32\pominoje.dll
2008-12-20 07:13 89,762 ------w d:\windows\system32\nilimuvo.dll
2008-12-19 15:13 89,722 ------w d:\windows\system32\gatupono.dll
2008-12-19 03:32 96,900 ----a-w d:\windows\system32\tipajile.dll
2008-12-19 03:32 89,904 ------w d:\windows\system32\yiguseda.dll
2008-12-19 03:32 66,157 ----a-w d:\windows\system32\butabefu.dll
2008-12-18 12:44 88,184 ------w d:\windows\system32\gajapuda.dll
2008-12-13 23:56 92,325 ----a-w d:\windows\system32\rapavogo.dll
2008-12-13 23:50 84,712 ----a-w d:\windows\system32\dowikabu.dll
2008-12-13 23:50 62,205 ----a-w d:\windows\system32\bozuhanu.dll
2008-12-07 23:28 88,144 ------w d:\windows\system32\niniyifu.dll
2008-12-07 11:27 87,132 ------w d:\windows\system32\kiyivaro.dll
2008-12-04 11:07 --------- d-----w d:\program files\Common Files\Adobe
2008-12-04 09:49 85,557 ------w d:\windows\system32\midinuro.dll
2008-12-04 08:49 --------- d-----w d:\windows\system32\config\systemprofile\Application Data\aAvgApi
2008-12-03 11:38 86,581 ------w d:\windows\system32\fewibola.dll
2008-12-02 22:37 86,581 ------w d:\windows\system32\pamovuvi.dll
2008-12-02 06:36 86,581 ------w d:\windows\system32\vetaweyo.dll
2008-11-30 23:37 94,772 ----a-w d:\windows\system32\volorume.dll
2008-11-30 23:37 88,116 ------w d:\windows\system32\ganafihe.dll
2008-11-30 23:33 2,713 --sh--w d:\windows\system32\patafudi.dll
2008-11-30 23:33 2,713 --sh--w d:\windows\system32\nujarive.dll
2008-11-30 03:42 --------- d-----w d:\documents and settings\User\Application Data\THQ
2008-11-30 03:34 --------- d-----w d:\program files\Gigabyte
2008-11-29 09:32 --------- d-----w d:\documents and settings\Test\Application Data\AVGTOOLBAR
2008-11-23 08:46 86,068 ------w d:\windows\system32\danuzihi.dll
2008-11-22 08:45 86,068 ------w d:\windows\system32\lenisako.dll
2008-11-21 20:44 86,068 ------w d:\windows\system32\konovozo.dll
2008-11-21 06:46 86,068 ------w d:\windows\system32\dopahigo.dll
2008-11-20 15:42 86,068 ------w d:\windows\system32\hovolile.dll
2008-09-14 11:45 18,432 --sha-w d:\windows\system32\bomukako.dll
2007-12-17 14:13 91,938 --sha-w d:\windows\system32\dipafibu.dll
2008-09-13 23:45 14,336 --sha-w d:\windows\system32\dorulelo.dll
2007-09-16 09:16 10,240 --sha-w d:\windows\system32\getovojo.dll
2008-08-30 23:33 2,048 --sha-w d:\windows\system32\guvuvara.dll
2007-09-18 08:10 15,360 --sha-w d:\windows\system32\holuwuma.dll
2008-09-11 03:28 14,336 --sha-w d:\windows\system32\hurezuve.dll
2007-12-17 02:12 92,946 --sha-w d:\windows\system32\levewani.dll
2008-09-11 03:28 16,384 --sha-w d:\windows\system32\ligalijo.dll
2008-08-30 09:24 61,952 --sha-w d:\windows\system32\miziwiva.dll
2008-08-30 09:24 61,952 --sha-w d:\windows\system32\mumenawo.dll
2008-08-23 20:46 87,934 --sha-w d:\windows\system32\naditume.dll
2007-09-18 08:10 9,216 --sha-w d:\windows\system32\niwaluyu.dll
2008-09-02 05:36 69,632 --sha-w d:\windows\system32\rofegivu.dll
2007-12-18 08:12 878 --sh--w d:\windows\system32\saperiho.dll
2007-12-17 02:12 84,092 --sha-w d:\windows\system32\sutuhoha.dll
2008-09-19 03:13 24,576 --sha-w d:\windows\system32\tegavipo.dll
2008-09-14 11:45 16,384 --sha-w d:\windows\system32\tonasuta.dll
2008-08-24 08:47 33,754 --sha-w d:\windows\system32\vafowine.dll
2008-09-02 05:36 45,056 --sha-w d:\windows\system32\vufeguja.dll
2008-09-13 23:45 21,504 --sha-w d:\windows\system32\wulubuvo.dll
2008-09-19 03:13 24,576 --sha-w d:\windows\system32\yeneriho.dll
2008-09-23 20:48 82,944 --sha-w d:\windows\system32\yeweyefa.dll
2008-09-05 22:51 66,560 --sha-w d:\windows\system32\yeyanido.dll
2007-12-16 09:16 2,713 --sh--w d:\windows\system32\zarebeba.dll
1601-01-01 00:12 56,433 --sha-w d:\windows\system32\zavonuda.dll
2008-09-03 23:38 74,752 --sha-w d:\windows\system32\zolekare.dll
2008-09-19 03:13 16,384 --sha-w d:\windows\system32\zugibiru.dll
2007-09-16 09:16 10,240 --sha-w d:\windows\system32\zusidebi.dll
2008-10-16 14:31 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101720081018\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Utopia Angel"="c:\utopia\Angel\Angel.exe" [2009-01-05 3552256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2005-12-19 7315456]
"SW20"="d:\windows\system32\sw20.exe" [2006-02-06 208896]
"SW24"="d:\windows\system32\sw24.exe" [2006-02-06 69632]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2005-12-19 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"EasyTuneV"="d:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 d:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2005-12-19 d:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\User\Start Menu\Programs\Startup\
hamachi.lnk - d:\program files\Hamachi\hamachi.exe [5/2/2008 11:05:31 PM 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)
"NMIndexingService"=3 (0x3)
"LexBceS"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Netdraft\\NetDraft\\idraft.exe"=
"c:\\Program Files\\Magic Workstation\\MWSPlay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6113:TCP"= 6113:TCP:Warcraft 3

S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\User\LOCALS~1\Temp\GPEB.tmp --> d:\docume~1\User\LOCALS~1\Temp\GPEB.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [8/3/2005 8:10:13 AM 32512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fd90ab1-aeda-11dd-8066-ba646a0efa97}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31d799c8-b0aa-11dd-806a-e34d5d13c770}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f77a92d-aed1-11dd-8064-001485f373d7}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd87040d-aef5-11dd-8067-935063668e81}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.garena.com/portal/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = https://joinup.unwired.com.au/?platform=win&ver=2.1.0
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
d:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - d:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\uuoq6tm9.default\
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 22:28:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\User\LOCALS~1\Temp\GPEB.tmp"
.
Completion time: 2009-01-23 22:29:25
ComboFix-quarantined-files.txt 2009-01-23 11:29:23
ComboFix2.txt 2009-01-22 20:32:15

Pre-Run: 44,205,998,080 bytes free
Post-Run: 44,199,059,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

183 --- E O F --- 2008-10-16 14:12:36


------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:32:59 PM, on 23/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero\Nero 7\InCD\InCD.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\imapi.exe
D:\WINDOWS\explorer.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\iTunes\iTunes.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://joinup.unwired.com.au/?platform=win&ver=2.1.0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] D:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] D:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [EasyTuneV] D:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA61610-987D-4CDA-A985-C2DF7915C552}: NameServer = 61.88.88.88 61.88.88.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
TehDudeAbides
Active Member
 
Posts: 6
Joined: January 19th, 2009, 6:04 am

Re: Malware Problem

Unread postby peku006 » January 23rd, 2009, 8:14 am

Hi TehDudeAbides
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze
Azureus
LimeWire


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW

Create an uninstall list

  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Include this log in your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware Problem

Unread postby TehDudeAbides » January 23rd, 2009, 9:46 am

@BIOS
4U AVI MPEG Converter (version 5.3.8)
ABBYY FineReader 5.0 Sprint
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Apple Software Update
AudioEdit Deluxe
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
BA Installer
Combined Community Codec Pack 2007-07-22
DotA Client Build 1.87 (Tester)
EasyTune5
FaxTools
GameDesire-Poker
Garena
Hamachi 1.0.3.0
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB952287)
IrfanView (remove only)
iTunes
Java(TM) 6 Update 7
Lexmark 1200 Series
Magic Workstation 0.94f
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Web Publishing Wizard 1.53
mIRC
Motorola Driver Installation
Mozilla Firefox (3.0.5)
MP3 Player Utilities 3.66
MSN
MTG GamePack for Magic Workstation
Multi Media Player Setup
Nero 7 Essentials
neroxml
NVIDIA Drivers
Optus Wireless Broadband
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
SecurDisc Viewer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Spybot - Search & Destroy
StealthBot v2.6 Revision 3 (remove only)
Update for Windows XP (KB951072-v2)
Ventrilo Client
WC3Banlist
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
World of Warcraft

The 3 programs were removed a while ago. Dunno why traces are there but. Can't wipe them completely I guess.
TehDudeAbides
Active Member
 
Posts: 6
Joined: January 19th, 2009, 6:04 am

Re: Malware Problem

Unread postby peku006 » January 23rd, 2009, 11:22 am

Hi TehDudeAbides
we will remove those empty folders now

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
      O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
      O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Run CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
d:\windows\system32\pominoje.dll
d:\windows\system32\nilimuvo.dl
d:\windows\system32\gatupono.dll
d:\windows\system32\tipajile.dll
d:\windows\system32\yiguseda.dll
d:\windows\system32\butabefu.dll
d:\windows\system32\gajapuda.dll
d:\windows\system32\rapavogo.dll
d:\windows\system32\dowikabu.dll
d:\windows\system32\bozuhanu.dll
d:\windows\system32\niniyifu.dll
d:\windows\system32\kiyivaro.dll
d:\windows\system32\midinuro.dll
w d:\windows\system32\fewibola.dll
d:\windows\system32\pamovuvi.dll
d:\windows\system32\vetaweyo.dll
d:\windows\system32\volorume.dll
d:\windows\system32\ganafihe.dll
d:\windows\system32\patafudi.dll
d:\windows\system32\nujarive.dll
d:\windows\system32\danuzihi.dll
d:\windows\system32\lenisako.dll
d:\windows\system32\konovozo.dll
d:\windows\system32\dopahigo.dll
d:\windows\system32\hovolile.dll
sha-w d:\windows\system32\bomukako.dll
d:\windows\system32\dipafibu.dll
d:\windows\system32\dorulelo.dll
d:\windows\system32\getovojo.dll
d:\windows\system32\guvuvara.dll
d:\windows\system32\holuwuma.dll
d:\windows\system32\hurezuve.dll
d:\windows\system32\levewani.dll
d:\windows\system32\ligalijo.dll
d:\windows\system32\miziwiva.dll
d:\windows\system32\mumenawo.dll
d:\windows\system32\naditume.dll
d:\windows\system32\niwaluyu.dll
d:\windows\system32\rofegivu.dll
d:\windows\system32\saperiho.dll
d:\windows\system32\sutuhoha.dll
d:\windows\system32\tegavipo.dll
d:\windows\system32\tonasuta.dll
d:\windows\system32\vafowine.dll
d:\windows\system32\vufeguja.dll
d:\windows\system32\wulubuvo.dll
d:\windows\system32\yeneriho.dll
d:\windows\system32\yeweyefa.dll
d:\windows\system32\yeyanido.dll
d:\windows\system32\zarebeba.dll
d:\windows\system32\zavonuda.dll
d:\windows\system32\zolekare.dll
d:\windows\system32\zugibiru.dll
d:\windows\system32\zusidebi.dll

Folder::
d:\documents and settings\User\Application Data\LimeWire
d:\documents and settings\User\Application Data\Azureus
d:\documents and settings\All Users\Application Data\Azureus
d:\program files\Vuze


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

3 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware Problem

Unread postby TehDudeAbides » January 24th, 2009, 6:03 am

1601-01-01 11:12:31 A------- 37,534 D:\Qoobox\Quarantine\D\WINDOWS\system32\pasevomi.dll.vir
1601-01-01 11:12:31 A------- 49,662 D:\Qoobox\Quarantine\D\WINDOWS\system32\lomuduje.dll.vir
1601-01-01 11:12:31 A------- 62,007 D:\Qoobox\Quarantine\D\WINDOWS\system32\sipituko.dll.vir
1601-01-01 11:12:31 A------- 62,733 D:\Qoobox\Quarantine\D\WINDOWS\system32\tatoluya.dll.vir
1601-01-01 11:12:31 A------- 63,175 D:\Qoobox\Quarantine\D\WINDOWS\system32\fulewoge.dll.vir
1601-01-01 11:12:31 A------- 63,723 D:\Qoobox\Quarantine\D\WINDOWS\system32\hotowaze.dll.vir
1601-01-01 11:12:31 A------- 63,723 D:\Qoobox\Quarantine\D\WINDOWS\system32\kesezila.dll.vir
1601-01-01 11:12:31 A------- 63,723 D:\Qoobox\Quarantine\D\WINDOWS\system32\latadeti.dll.vir
1601-01-01 11:12:31 A------- 63,723 D:\Qoobox\Quarantine\D\WINDOWS\system32\lazogiya.dll.vir
1601-01-01 11:12:31 A------- 63,994 D:\Qoobox\Quarantine\D\WINDOWS\system32\mareruta.dll.vir
1601-01-01 11:12:31 A------- 68,255 D:\Qoobox\Quarantine\D\WINDOWS\system32\fedoniko.dll.vir
1601-01-01 11:12:31 A------- 68,863 D:\Qoobox\Quarantine\D\WINDOWS\system32\jureviji.dll.vir
1601-01-01 11:12:31 A------- 69,804 D:\Qoobox\Quarantine\D\WINDOWS\system32\pazeyoda.dll.vir
1601-01-01 11:12:31 A------- 73,728 D:\Qoobox\Quarantine\D\WINDOWS\system32\nuvameje.dll.vir
1601-01-01 11:12:31 A------- 83,968 D:\Qoobox\Quarantine\D\WINDOWS\system32\peyumama.dll.vir
1601-01-01 11:12:31 A------- 84,670 D:\Qoobox\Quarantine\D\WINDOWS\system32\zehakebo.dll.vir
1601-01-01 11:12:31 A------- 85,278 D:\Qoobox\Quarantine\D\WINDOWS\system32\riroguso.dll.vir
1601-01-01 11:12:31 A------- 85,293 D:\Qoobox\Quarantine\D\WINDOWS\system32\bimefili.dll.vir
1601-01-01 11:12:31 A------- 86,016 D:\Qoobox\Quarantine\D\WINDOWS\system32\jalezada.dll.vir
1601-01-01 11:12:31 A------- 86,085 D:\Qoobox\Quarantine\D\WINDOWS\system32\ladujehe.dll.vir
1601-01-01 11:12:31 A------- 86,169 D:\Qoobox\Quarantine\D\WINDOWS\system32\mijinube.dll.vir
1601-01-01 11:12:31 A------- 86,176 D:\Qoobox\Quarantine\D\WINDOWS\system32\nadovose.dll.vir
1601-01-01 11:12:31 A------- 86,324 D:\Qoobox\Quarantine\D\WINDOWS\system32\betutuyo.dll.vir
1601-01-01 11:12:31 A------- 86,339 D:\Qoobox\Quarantine\D\WINDOWS\system32\gugaribe.dll.vir
1601-01-01 11:12:31 A------- 86,685 D:\Qoobox\Quarantine\D\WINDOWS\system32\gulosada.dll.vir
1601-01-01 11:12:31 A------- 87,112 D:\Qoobox\Quarantine\D\WINDOWS\system32\borababu.dll.vir
1601-01-01 11:12:31 A------- 87,153 D:\Qoobox\Quarantine\D\WINDOWS\system32\zetoyago.dll.vir
1601-01-01 11:12:31 A------- 87,162 D:\Qoobox\Quarantine\D\WINDOWS\system32\vimogeko.dll.vir
1601-01-01 11:12:31 A------- 87,184 D:\Qoobox\Quarantine\D\WINDOWS\system32\vunakifa.dll.vir
1601-01-01 11:12:31 A------- 87,337 D:\Qoobox\Quarantine\D\WINDOWS\system32\fufutose.dll.vir
1601-01-01 11:12:31 A------- 87,342 D:\Qoobox\Quarantine\D\WINDOWS\system32\supilime.dll.vir
1601-01-01 11:12:31 A------- 87,376 D:\Qoobox\Quarantine\D\WINDOWS\system32\tagetega.dll.vir
1601-01-01 11:12:31 A------- 89,384 D:\Qoobox\Quarantine\D\WINDOWS\system32\tajokigu.dll.vir
1601-01-01 11:12:31 A------- 90,179 D:\Qoobox\Quarantine\D\WINDOWS\system32\fogizezu.dll.vir
1601-01-01 11:12:31 A------- 90,200 D:\Qoobox\Quarantine\D\WINDOWS\system32\nojepake.dll.vir
1601-01-01 11:12:31 A------- 90,278 D:\Qoobox\Quarantine\D\WINDOWS\system32\derinade.dll.vir
1601-01-01 11:12:31 A------- 90,387 D:\Qoobox\Quarantine\D\WINDOWS\system32\puwukehe.dll.vir
1601-01-01 11:12:31 A------- 90,400 D:\Qoobox\Quarantine\D\WINDOWS\system32\zojagina.dll.vir
1601-01-01 11:12:31 A------- 90,727 D:\Qoobox\Quarantine\D\WINDOWS\system32\rimomuzo.dll.vir
1601-01-01 11:12:31 A------- 90,768 D:\Qoobox\Quarantine\D\WINDOWS\system32\vekujusi.dll.vir
1601-01-01 11:12:31 A------- 90,831 D:\Qoobox\Quarantine\D\WINDOWS\system32\wanizofu.dll.vir
1601-01-01 11:12:31 A------- 90,882 D:\Qoobox\Quarantine\D\WINDOWS\system32\bewijeze.dll.vir
1601-01-01 11:12:31 A------- 91,344 D:\Qoobox\Quarantine\D\WINDOWS\system32\kegikube.dll.vir
1601-01-01 11:12:31 A------- 91,397 D:\Qoobox\Quarantine\D\WINDOWS\system32\yirirupa.dll.vir
1601-01-01 11:12:31 A------- 91,414 D:\Qoobox\Quarantine\D\WINDOWS\system32\jobobuwi.dll.vir
1601-01-01 11:12:31 A------- 92,268 D:\Qoobox\Quarantine\D\WINDOWS\system32\gojuhuji.dll.vir
1601-01-01 11:12:31 A------- 92,289 D:\Qoobox\Quarantine\D\WINDOWS\system32\seredefo.dll.vir
1601-01-01 11:12:31 A------- 92,291 D:\Qoobox\Quarantine\D\WINDOWS\system32\perakivu.dll.vir
1601-01-01 11:12:31 A------- 92,316 D:\Qoobox\Quarantine\D\WINDOWS\system32\deseliwo.dll.vir
1601-01-01 11:12:31 A------- 92,342 D:\Qoobox\Quarantine\D\WINDOWS\system32\gurabimi.dll.vir
1601-01-01 11:12:31 A------- 92,365 D:\Qoobox\Quarantine\D\WINDOWS\system32\gizidize.dll.vir
1601-01-01 11:12:31 A------- 95,948 D:\Qoobox\Quarantine\D\WINDOWS\system32\farewoka.dll.vir
1601-01-01 11:12:31 A------- 96,502 D:\Qoobox\Quarantine\D\WINDOWS\system32\duyovaha.dll.vir
1601-01-01 11:12:31 A------- 96,990 D:\Qoobox\Quarantine\D\WINDOWS\system32\mawudeke.dll.vir
1601-01-01 11:12:31 A------- 97,504 D:\Qoobox\Quarantine\D\WINDOWS\system32\figikoli.dll.vir
1601-01-01 11:12:31 A------- 97,954 D:\Qoobox\Quarantine\D\WINDOWS\system32\hagipugo.dll.vir
1601-01-01 11:12:31 A------- 98,618 D:\Qoobox\Quarantine\D\WINDOWS\system32\ruwihela.dll.vir
1601-01-01 11:12:31 A------- 99,060 D:\Qoobox\Quarantine\D\WINDOWS\system32\fuhevive.dll.vir
1601-01-01 11:12:31 A------- 99,416 D:\Qoobox\Quarantine\D\WINDOWS\system32\romabotu.dll.vir
1601-01-01 11:12:31 A------- 99,439 D:\Qoobox\Quarantine\D\WINDOWS\system32\hemunebu.dll.vir
1601-01-01 11:12:31 A------- 99,463 D:\Qoobox\Quarantine\D\WINDOWS\system32\wosarako.dll.vir
1601-01-01 11:12:31 A------- 99,495 D:\Qoobox\Quarantine\D\WINDOWS\system32\vubaliha.dll.vir
1601-01-01 11:12:31 A------- 99,521 D:\Qoobox\Quarantine\D\WINDOWS\system32\wegagolu.dll.vir
1601-01-01 11:12:31 A------- 99,554 D:\Qoobox\Quarantine\D\WINDOWS\system32\huliguzo.dll.vir
1601-01-01 11:12:31 A------- 99,563 D:\Qoobox\Quarantine\D\WINDOWS\system32\busofiyo.dll.vir
1601-01-01 11:12:31 A------- 99,640 D:\Qoobox\Quarantine\D\WINDOWS\system32\vamodimu.dll.vir
1601-01-01 11:12:31 A------- 99,925 D:\Qoobox\Quarantine\D\WINDOWS\system32\savohofu.dll.vir
1601-01-01 11:12:31 A------- 100,453 D:\Qoobox\Quarantine\D\WINDOWS\system32\biwifasi.dll.vir
1601-01-01 11:12:31 A------- 100,535 D:\Qoobox\Quarantine\D\WINDOWS\system32\kiganopo.dll.vir
1601-01-01 11:12:31 A------- 100,705 D:\Qoobox\Quarantine\D\WINDOWS\system32\vozusoto.dll.vir
1601-01-01 11:12:31 A------- 100,998 D:\Qoobox\Quarantine\D\WINDOWS\system32\yovukuyo.dll.vir
1601-01-01 11:12:31 A------- 101,035 D:\Qoobox\Quarantine\D\WINDOWS\system32\wiwijadu.dll.vir
1601-01-01 11:12:31 A------- 101,604 D:\Qoobox\Quarantine\D\WINDOWS\system32\sihowedo.dll.vir
1601-01-01 11:12:31 A------- 102,033 D:\Qoobox\Quarantine\D\WINDOWS\system32\vuvoseku.dll.vir
1601-01-01 11:12:31 A------- 102,080 D:\Qoobox\Quarantine\D\WINDOWS\system32\fuyowugu.dll.vir
1601-01-01 11:12:31 A------- 102,194 D:\Qoobox\Quarantine\D\WINDOWS\system32\panosuba.dll.vir
1601-01-01 11:12:31 A------- 102,205 D:\Qoobox\Quarantine\D\WINDOWS\system32\butobuko.dll.vir
1601-01-01 11:12:31 A------- 102,512 D:\Qoobox\Quarantine\D\WINDOWS\system32\labagobu.dll.vir
1601-01-01 11:12:31 A------- 102,527 D:\Qoobox\Quarantine\D\WINDOWS\system32\kekiyala.dll.vir
1601-01-01 11:12:31 A------- 102,688 D:\Qoobox\Quarantine\D\WINDOWS\system32\zajeyema.dll.vir
1601-01-01 11:12:31 A------- 102,706 D:\Qoobox\Quarantine\D\WINDOWS\system32\powipogi.dll.vir
1601-01-01 11:12:31 A------- 103,036 D:\Qoobox\Quarantine\D\WINDOWS\system32\jopokano.dll.vir
1601-01-01 11:12:31 A------- 103,050 D:\Qoobox\Quarantine\D\WINDOWS\system32\mudagisi.dll.vir
1601-01-01 11:12:31 A------- 103,148 D:\Qoobox\Quarantine\D\WINDOWS\system32\bomezagi.dll.vir
1601-01-01 11:12:31 A------- 103,151 D:\Qoobox\Quarantine\D\WINDOWS\system32\gopikobi.dll.vir
1601-01-01 11:12:31 A------- 103,217 D:\Qoobox\Quarantine\D\WINDOWS\system32\zusawuzo.dll.vir
1601-01-01 11:12:31 A------- 103,220 D:\Qoobox\Quarantine\D\WINDOWS\system32\pabevajo.dll.vir
1601-01-01 11:12:31 A------- 103,622 D:\Qoobox\Quarantine\D\WINDOWS\system32\tutokifo.dll.vir
1601-01-01 11:12:31 A------- 103,667 D:\Qoobox\Quarantine\D\WINDOWS\system32\kujonuva.dll.vir
1601-01-01 11:12:31 A------- 103,723 D:\Qoobox\Quarantine\D\WINDOWS\system32\rajujuli.dll.vir
1601-01-01 11:12:31 A------- 104,096 D:\Qoobox\Quarantine\D\WINDOWS\system32\yowefise.dll.vir
1601-01-01 11:12:31 A------- 104,571 D:\Qoobox\Quarantine\D\WINDOWS\system32\feberero.dll.vir
1601-01-01 11:12:31 A------- 129,513 D:\Qoobox\Quarantine\D\WINDOWS\system32\dorebehi.dll.vir
1601-01-01 11:12:31 A------- 131,686 D:\Qoobox\Quarantine\D\WINDOWS\system32\gadonesi.dll.vir
1601-01-01 11:12:31 A------- 131,909 D:\Qoobox\Quarantine\D\WINDOWS\system32\fozusayo.dll.vir
1601-01-01 11:12:31 A------- 133,309 D:\Qoobox\Quarantine\D\WINDOWS\system32\wijusigi.dll.vir
1601-01-01 11:12:31 A------- 133,314 D:\Qoobox\Quarantine\D\WINDOWS\system32\vosulome.dll.vir
1601-01-01 11:12:31 A------- 133,344 D:\Qoobox\Quarantine\D\WINDOWS\system32\sutefuhi.dll.vir
1601-01-01 11:12:31 A------- 133,351 D:\Qoobox\Quarantine\D\WINDOWS\system32\wisebiga.dll.vir
1601-01-01 11:12:31 A------- 133,752 D:\Qoobox\Quarantine\D\WINDOWS\system32\zasugipu.dll.vir
1601-01-01 11:12:31 A------- 133,770 D:\Qoobox\Quarantine\D\WINDOWS\system32\gamuduhe.dll.vir
1601-01-01 11:12:31 A------- 133,791 D:\Qoobox\Quarantine\D\WINDOWS\system32\dibiyowa.dll.vir
1601-01-01 11:12:31 A------- 133,811 D:\Qoobox\Quarantine\D\WINDOWS\system32\yuwevelo.dll.vir
1601-01-01 11:12:31 A------- 133,890 D:\Qoobox\Quarantine\D\WINDOWS\system32\hoyaguya.dll.vir
1601-01-01 11:12:31 A------- 133,897 D:\Qoobox\Quarantine\D\WINDOWS\system32\fevubitu.dll.vir
1601-01-01 11:12:31 A------- 134,314 D:\Qoobox\Quarantine\D\WINDOWS\system32\mameneye.dll.vir
1998-05-29 01:00:00 A------- 119,400 D:\Qoobox\Quarantine\D\WINDOWS\system32\MDM.EXE.vir
2006-02-28 23:00:00 A------- 192,000 D:\Qoobox\Quarantine\D\WINDOWS\system32\twext.exe.vir
2007-12-16 20:21:19 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\edisepov.ini.vir
2007-12-17 13:12:59 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ahohutus.ini.vir
2007-12-18 01:13:35 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ujofogey.ini.vir
2008-04-25 23:00:39 A------- 64,778 D:\Qoobox\Quarantine\D\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2008-04-25 23:00:39 A------- 65,827 D:\Qoobox\Quarantine\D\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2008-07-26 16:00:00 A------- 62,205 D:\Qoobox\Quarantine\D\WINDOWS\system32\bozuhanu.dll.vir
2008-07-26 16:00:00 A------- 66,157 D:\Qoobox\Quarantine\D\WINDOWS\system32\butabefu.dll.vir
2008-07-26 16:00:00 A------- 68,907 D:\Qoobox\Quarantine\D\WINDOWS\system32\yatorolo.dll.vir
2008-07-26 16:00:00 A------- 84,712 D:\Qoobox\Quarantine\D\WINDOWS\system32\dowikabu.dll.vir
2008-07-26 16:00:00 A------- 86,285 D:\Qoobox\Quarantine\D\WINDOWS\system32\hisukeba.dll.vir
2008-07-26 16:00:00 A------- 89,904 D:\Qoobox\Quarantine\D\WINDOWS\system32\yiguseda.dll.vir
2008-07-26 16:00:00 A------- 92,325 D:\Qoobox\Quarantine\D\WINDOWS\system32\rapavogo.dll.vir
2008-07-26 16:00:00 A------- 96,900 D:\Qoobox\Quarantine\D\WINDOWS\system32\tipajile.dll.vir
2008-07-26 16:00:00 A------- 131,675 D:\Qoobox\Quarantine\D\WINDOWS\system32\sezogibe.dll.vir
2008-07-26 16:00:00 A------- 131,706 D:\Qoobox\Quarantine\D\WINDOWS\system32\zokelika.dll.vir
2008-08-21 02:42:28 A------- 90,164 D:\Qoobox\Quarantine\D\WINDOWS\system32\fapalogo.dll.vir
2008-08-22 19:45:19 A------- 90,164 D:\Qoobox\Quarantine\D\WINDOWS\system32\nasikaje.dll.vir
2008-08-23 19:46:01 A------- 90,164 D:\Qoobox\Quarantine\D\WINDOWS\system32\gijabawu.dll.vir
2008-08-27 12:14:13 A------- 93,748 D:\Qoobox\Quarantine\D\WINDOWS\system32\vedofumu.dll.vir
2008-08-30 20:25:11 A------- 88,116 D:\Qoobox\Quarantine\D\WINDOWS\system32\babupata.dll.vir
2008-08-30 20:25:11 A------- 94,772 D:\Qoobox\Quarantine\D\WINDOWS\system32\bebufizu.dll.vir
2008-09-01 23:32:57 A------- 91,188 D:\Qoobox\Quarantine\D\WINDOWS\system32\juwinamu.dll.vir
2008-09-01 23:32:57 A------- 95,796 D:\Qoobox\Quarantine\D\WINDOWS\system32\repevumo.dll.vir
2008-09-02 16:36:30 A------- 65,076 D:\Qoobox\Quarantine\D\WINDOWS\system32\kedohugu.dll.vir
2008-09-02 17:36:12 A------- 93,749 D:\Qoobox\Quarantine\D\WINDOWS\system32\gemewoda.dll.vir
2008-09-03 09:37:18 A------- 93,749 D:\Qoobox\Quarantine\D\WINDOWS\system32\sunufajo.dll.vir
2008-09-03 22:37:59 A------- 93,749 D:\Qoobox\Quarantine\D\WINDOWS\system32\refomoyo.dll.vir
2008-09-04 10:38:30 A------- 64,565 D:\Qoobox\Quarantine\D\WINDOWS\system32\nuhugofe.dll.vir
2008-09-04 20:49:49 A------- 85,557 D:\Qoobox\Quarantine\D\WINDOWS\system32\midinuro.dll.vir
2008-09-04 20:49:50 A------- 94,261 D:\Qoobox\Quarantine\D\WINDOWS\system32\darususi.dll.vir
2008-09-05 09:50:36 A------- 93,237 D:\Qoobox\Quarantine\D\WINDOWS\system32\bolanefi.dll.vir
2008-09-05 09:50:38 A------- 88,117 D:\Qoobox\Quarantine\D\WINDOWS\system32\mimadove.dll.vir
2008-09-05 09:51:16 A------- 64,565 D:\Qoobox\Quarantine\D\WINDOWS\system32\fezahoyu.dll.vir
2008-09-05 21:50:51 A------- 93,297 D:\Qoobox\Quarantine\D\WINDOWS\system32\sunezihe.dll.vir
2008-09-05 21:50:52 A------- 88,147 D:\Qoobox\Quarantine\D\WINDOWS\system32\jufawome.dll.vir
2008-09-06 09:51:22 A------- 64,239 D:\Qoobox\Quarantine\D\WINDOWS\system32\siyipino.dll.vir
2008-09-06 22:27:08 A------- 88,251 D:\Qoobox\Quarantine\D\WINDOWS\system32\lejorude.dll.vir
2008-09-06 22:27:08 A------- 94,301 D:\Qoobox\Quarantine\D\WINDOWS\system32\zewobihu.dll.vir
2008-09-07 10:27:21 A------- 88,188 D:\Qoobox\Quarantine\D\WINDOWS\system32\higudivo.dll.vir
2008-09-07 10:27:21 A------- 94,291 D:\Qoobox\Quarantine\D\WINDOWS\system32\falefigi.dll.vir
2008-09-07 22:27:41 A------- 87,132 D:\Qoobox\Quarantine\D\WINDOWS\system32\kiyivaro.dll.vir
2008-09-07 22:27:41 A------- 93,302 D:\Qoobox\Quarantine\D\WINDOWS\system32\dijipire.dll.vir
2008-09-08 10:28:35 A------- 93,451 D:\Qoobox\Quarantine\D\WINDOWS\system32\dekoleha.dll.vir
2008-09-08 10:28:36 A------- 88,144 D:\Qoobox\Quarantine\D\WINDOWS\system32\niniyifu.dll.vir
2008-09-13 01:20:42 A------- 88,856 D:\Qoobox\Quarantine\D\WINDOWS\system32\popujubi.dll.vir
2008-09-13 01:20:42 A------- 94,265 D:\Qoobox\Quarantine\D\WINDOWS\system32\dufabuyo.dll.vir
2008-09-13 01:20:45 A------- 65,296 D:\Qoobox\Quarantine\D\WINDOWS\system32\yoyorena.dll.vir
2008-09-18 23:44:43 A------- 88,184 D:\Qoobox\Quarantine\D\WINDOWS\system32\gajapuda.dll.vir
2008-09-18 23:44:43 A------- 95,869 D:\Qoobox\Quarantine\D\WINDOWS\system32\lobumije.dll.vir
2008-09-18 23:44:46 A------- 68,190 D:\Qoobox\Quarantine\D\WINDOWS\system32\vuzasufa.dll.vir
2008-09-20 02:13:05 A------- 89,722 D:\Qoobox\Quarantine\D\WINDOWS\system32\gatupono.dll.vir
2008-09-20 02:13:05 A------- 96,869 D:\Qoobox\Quarantine\D\WINDOWS\system32\temekatu.dll.vir
2008-09-20 18:12:41 A------- 97,063 D:\Qoobox\Quarantine\D\WINDOWS\system32\hinilezo.dll.vir
2008-09-21 06:12:44 A------- 83,212 D:\Qoobox\Quarantine\D\WINDOWS\system32\yuhodose.dll.vir
2008-09-21 06:12:45 A------- 97,054 D:\Qoobox\Quarantine\D\WINDOWS\system32\yohitavu.dll.vir
2008-09-21 22:46:31 A------- 85,134 D:\Qoobox\Quarantine\D\WINDOWS\system32\pominoje.dll.vir
2008-09-21 22:46:31 A------- 94,959 D:\Qoobox\Quarantine\D\WINDOWS\system32\tafivefi.dll.vir
2008-09-22 10:46:52 A------- 87,150 D:\Qoobox\Quarantine\D\WINDOWS\system32\famabuvu.dll.vir
2008-09-22 10:46:52 A------- 98,093 D:\Qoobox\Quarantine\D\WINDOWS\system32\guvobana.dll.vir
2008-09-22 22:47:06 A------- 94,956 D:\Qoobox\Quarantine\D\WINDOWS\system32\wutizipi.dll.vir
2008-09-23 10:47:26 A------- 83,031 D:\Qoobox\Quarantine\D\WINDOWS\system32\gavedewu.dll.vir
2008-09-23 10:47:26 A------- 94,898 D:\Qoobox\Quarantine\D\WINDOWS\system32\huhotise.dll.vir
2008-09-23 19:47:55 A------- 87,230 D:\Qoobox\Quarantine\D\WINDOWS\system32\gabuwuwo.dll.vir
2008-09-23 19:47:55 A------- 94,935 D:\Qoobox\Quarantine\D\WINDOWS\system32\viriteda.dll.vir
2008-09-23 22:47:37 A------- 83,147 D:\Qoobox\Quarantine\D\WINDOWS\system32\riseyigo.dll.vir
2008-09-23 22:47:37 A------- 95,859 D:\Qoobox\Quarantine\D\WINDOWS\system32\vofehafi.dll.vir
2008-09-24 07:48:25 A------- 62,221 D:\Qoobox\Quarantine\D\WINDOWS\system32\pipibuju.dll.vir
2008-09-24 08:48:51 A------- 84,124 D:\Qoobox\Quarantine\D\WINDOWS\system32\monopatu.dll.vir
2008-09-24 08:48:52 A------- 97,939 D:\Qoobox\Quarantine\D\WINDOWS\system32\kebehawi.dll.vir
2008-09-24 14:02:57 A------- 83,061 D:\Qoobox\Quarantine\D\WINDOWS\system32\holusifo.dll.vir
2008-09-24 14:02:57 A------- 98,096 D:\Qoobox\Quarantine\D\WINDOWS\system32\lamukepa.dll.vir
2008-09-24 20:49:20 A------- 99,473 D:\Qoobox\Quarantine\D\WINDOWS\system32\nefilepu.dll.vir
2008-09-24 20:49:21 A------- 84,245 D:\Qoobox\Quarantine\D\WINDOWS\system32\sovosofu.dll.vir
2008-09-25 02:03:03 A------- 83,153 D:\Qoobox\Quarantine\D\WINDOWS\system32\vatimete.dll.vir
2008-09-25 02:03:03 A------- 97,996 D:\Qoobox\Quarantine\D\WINDOWS\system32\mamotapi.dll.vir
2008-09-25 09:49:35 A------- 84,041 D:\Qoobox\Quarantine\D\WINDOWS\system32\gitalobo.dll.vir
2008-09-25 09:49:35 A------- 99,114 D:\Qoobox\Quarantine\D\WINDOWS\system32\dijuzihi.dll.vir
2008-09-25 17:54:04 A------- 87,319 D:\Qoobox\Quarantine\D\WINDOWS\system32\menukabu.dll.vir
2008-09-25 17:54:04 A------- 94,841 D:\Qoobox\Quarantine\D\WINDOWS\system32\juyodufu.dll.vir
2008-09-25 21:50:03 A------- 99,564 D:\Qoobox\Quarantine\D\WINDOWS\system32\jopibata.dll.vir
2008-09-26 09:51:17 A------- 85,098 D:\Qoobox\Quarantine\D\WINDOWS\system32\riyadipo.dll.vir
2008-09-26 09:51:18 A------- 95,974 D:\Qoobox\Quarantine\D\WINDOWS\system32\diwuzito.dll.vir
2008-09-26 09:52:12 A------- 63,275 D:\Qoobox\Quarantine\D\WINDOWS\system32\pezipiru.dll.vir
2008-09-26 21:50:54 A------- 99,556 D:\Qoobox\Quarantine\D\WINDOWS\system32\yohefani.dll.vir
2008-09-27 11:01:15 A------- 87,145 D:\Qoobox\Quarantine\D\WINDOWS\system32\kowoziza.dll.vir
2008-09-27 11:01:15 A------- 95,919 D:\Qoobox\Quarantine\D\WINDOWS\system32\bayopuge.dll.vir
2008-09-27 23:02:39 A------- 85,203 D:\Qoobox\Quarantine\D\WINDOWS\system32\jufevedu.dll.vir
2008-09-27 23:02:39 A------- 99,055 D:\Qoobox\Quarantine\D\WINDOWS\system32\yahosuze.dll.vir
2008-09-28 11:01:39 A------- 63,115 D:\Qoobox\Quarantine\D\WINDOWS\system32\yigohene.dll.vir
2008-09-28 11:01:39 A------- 87,284 D:\Qoobox\Quarantine\D\WINDOWS\system32\tefiyuvu.dll.vir
2008-09-28 11:01:39 A------- 99,440 D:\Qoobox\Quarantine\D\WINDOWS\system32\yemuyafe.dll.vir
2008-09-28 12:02:15 A------- 98,034 D:\Qoobox\Quarantine\D\WINDOWS\system32\ligijowe.dll.vir
2008-09-29 00:02:10 A------- 87,299 D:\Qoobox\Quarantine\D\WINDOWS\system32\vigajero.dll.vir
2008-09-29 00:02:10 A------- 98,020 D:\Qoobox\Quarantine\D\WINDOWS\system32\beruvufi.dll.vir
2008-09-29 14:03:00 A------- 87,219 D:\Qoobox\Quarantine\D\WINDOWS\system32\pivumuwe.dll.vir
2008-09-29 14:03:00 A------- 98,059 D:\Qoobox\Quarantine\D\WINDOWS\system32\berijona.dll.vir
2008-09-30 02:04:48 A------- 85,078 D:\Qoobox\Quarantine\D\WINDOWS\system32\nopefuki.dll.vir
2008-09-30 02:04:48 A------- 97,934 D:\Qoobox\Quarantine\D\WINDOWS\system32\pularewi.dll.vir
2008-09-30 19:01:59 A------- 85,051 D:\Qoobox\Quarantine\D\WINDOWS\system32\jutimono.dll.vir
2008-09-30 19:02:01 A------- 97,369 D:\Qoobox\Quarantine\D\WINDOWS\system32\nehozipa.dll.vir
2008-09-30 19:02:51 A------- 63,096 D:\Qoobox\Quarantine\D\WINDOWS\system32\kivumolo.dll.vir
2008-10-01 10:07:39 A------- 28,672 D:\Qoobox\Quarantine\D\WINDOWS\system32\bapepopo.dll.vir
2008-10-01 10:07:39 A------- 61,007 D:\Qoobox\Quarantine\D\WINDOWS\system32\rakujotu.dll.vir
2008-11-21 02:42:34 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\elilovoh.ini.vir
2008-11-21 17:46:30 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ogihapod.ini.vir
2008-11-22 07:44:53 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ozovonok.ini.vir
2008-11-22 19:45:24 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\okasinel.ini.vir
2008-11-23 07:45:37 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\elozorat.ini.vir
2008-11-23 19:46:05 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ihizunad.ini.vir
2008-11-24 07:47:28 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\anurimab.ini.vir
2008-11-24 19:48:01 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\etevigib.ini.vir
2008-11-25 10:47:46 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\okarolij.ini.vir
2008-11-25 22:48:15 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\oworilum.ini.vir
2008-11-26 10:48:28 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\atiluwuh.ini.vir
2008-11-27 12:14:47 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ofukipun.ini.vir
2008-11-30 20:24:41 A------- 62,464 D:\Qoobox\Quarantine\D\WINDOWS\system32\~.exe.vir
2008-11-30 20:25:14 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\atapubab.ini.vir
2008-12-01 10:37:22 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ehifanag.ini.vir
2008-12-01 23:32:59 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\umaniwuj.ini.vir
2008-12-02 17:36:17 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\oyewatev.ini.vir
2008-12-03 09:37:23 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ivuvomap.ini.vir
2008-12-03 22:38:29 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\alobiwef.ini.vir
2008-12-04 20:49:58 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\orunidim.ini.vir
2008-12-05 09:51:18 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\evodamim.ini.vir
2008-12-05 21:51:57 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\emowafuj.ini.vir
2008-12-06 22:27:16 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\edurojel.ini.vir
2008-12-07 10:27:28 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ovidugih.ini.vir
2008-12-07 22:27:48 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\oraviyik.ini.vir
2008-12-08 10:29:01 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ufiyinin.ini.vir
2008-12-11 22:47:21 A------- 0 D:\Qoobox\Quarantine\D\WINDOWS\system32\twain_32\user.ds.vir
2008-12-11 22:47:21 A------- 56,772 D:\Qoobox\Quarantine\D\WINDOWS\system32\twain_32\local.ds.vir
2008-12-11 22:47:26 A------- 8,872 D:\Qoobox\Quarantine\D\Documents and Settings\LocalService\Application Data\twain_32\user.ds.vir
2008-12-13 01:20:46 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ibujupop.ini.vir
2008-12-14 10:50:21 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ubakiwod.ini.vir
2008-12-14 22:46:48 A------- 5,100 D:\Qoobox\Quarantine\D\WINDOWS\system32\jahomayo.dll.vir
2008-12-18 23:44:47 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\adupajag.ini.vir
2008-12-19 14:32:35 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\adesugiy.ini.vir
2008-12-20 02:13:09 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\onoputag.ini.vir
2008-12-20 18:13:41 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ovumilin.ini.vir
2008-12-21 06:13:17 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\esodohuy.ini.vir
2008-12-21 22:46:38 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ejonimop.ini.vir
2008-12-22 10:46:56 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\uvubamaf.ini.vir
2008-12-22 22:47:43 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\akivigir.ini.vir
2008-12-23 10:47:29 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\uwedevag.ini.vir
2008-12-23 19:48:01 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\owuwubag.ini.vir
2008-12-23 22:47:43 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ogiyesir.ini.vir
2008-12-24 08:49:26 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\utaponom.ini.vir
2008-12-24 14:03:03 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ofisuloh.ini.vir
2008-12-24 20:50:15 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ufosovos.ini.vir
2008-12-25 02:03:06 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\etemitav.ini.vir
2008-12-25 09:49:38 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\obolatig.ini.vir
2008-12-25 17:54:06 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ubakunem.ini.vir
2008-12-25 21:50:14 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\upedapid.ini.vir
2008-12-26 00:17:08 A------- 5,472,734 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\azmplay.exe.bak.vir
2008-12-26 00:17:10 A------- 6,696 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\font.desc.bak.vir
2008-12-26 00:17:10 A------- 8,864 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak.vir
2008-12-26 00:17:10 A------- 8,864 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak.vir
2008-12-26 00:17:10 A------- 106,464 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\cp1250-a.raw.bak.vir
2008-12-26 00:17:10 A------- 106,464 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\cp1250-b.raw.bak.vir
2008-12-26 00:17:42 A------- 0 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\.lock.vir
2008-12-26 00:17:42 A------- 3,229 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\azureus.config.vir
2008-12-26 00:17:44 A------- 32 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\.certs.vir
2008-12-26 00:17:44 A------- 32 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\.keystore.vir
2008-12-26 00:17:47 A------- 3,156 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\azureus.config.bak.vir
2008-12-26 00:17:47 A------- 14,339 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\thread_1.log.vir
2008-12-26 00:17:48 A------- 5,434 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\seltrace_1.log.vir
2008-12-26 00:17:50 A------- 0 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\ipfilter.cache.vir
2008-12-26 00:17:51 A------- 20 D:\Qoobox\Quarantine\D\Documents and Settings\All Users\Application Data\Azureus\azCID.txt.vir
2008-12-26 00:17:51 A------- 12,221 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\v3.PMsgr_1.log.vir
2008-12-26 00:17:53 A------- 35 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17759.tmp.vir
2008-12-26 00:17:53 A------- 7,335 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17760.tmp.vir
2008-12-26 00:17:54 A------- 0 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17765.tmp.vir
2008-12-26 00:17:54 A------- 215 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17762.tmp.vir
2008-12-26 00:17:54 A------- 277 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17766.tmp.vir
2008-12-26 00:17:54 A------- 3,424 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17761.tmp.vir
2008-12-26 00:17:54 A------- 20,888 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17764.tmp.vir
2008-12-26 00:17:54 A------- 41,497 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\Friends_1.log.vir
2008-12-26 00:17:54 A------- 76,387 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17763.tmp.vir
2008-12-26 00:17:56 A------- 21,079 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\debug_1.log.vir
2008-12-26 00:17:57 A------- 13 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\v3.Friends.dat.bak.vir
2008-12-26 00:17:57 A------- 13 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\v3.Friends.dat.vir
2008-12-26 00:17:57 A------- 117 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\net\pm_default.dat.vir
2008-12-26 00:17:57 A------- 1,801 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log.vir
2008-12-26 00:17:57 A------- 104,451 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\v3.Friends_1.log.vir
2008-12-26 00:17:58 A------- 12 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\unsentdata.config.vir
2008-12-26 00:18:02 A------- 14 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tracker.config.vir
2008-12-26 00:18:04 A------- 1,866 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\v3.CMsgr_1.log.vir
2008-12-26 00:18:09 A------- 879 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\VuzeActivities.config.vir
2008-12-26 00:18:12 A------- 7,006 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\MetaSearch_1.log.vir
2008-12-26 00:18:13 A------- 128 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\dht\addresses.dat.vir
2008-12-26 00:18:13 A------- 910 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\Subscriptions_1.log.vir
2008-12-26 00:18:16 A------- 4,534 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\metasearch.config.vir
2008-12-26 00:18:17 A------- 2,104 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\torrents\AZU17767.tmp.vir
2008-12-26 00:18:17 A------- 3,721 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\metasearch.config.bak.vir
2008-12-26 00:18:18 A------- 1,018 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\v3.ads_1.log.vir
2008-12-26 00:18:20 A------- 258 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\v3.Stream_1.log.vir
2008-12-26 00:18:23 A------- 595 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\downloads.config.vir
2008-12-26 00:18:29 A------- 90 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\NetStatus_1.log.vir
2008-12-26 00:18:39 A------- 2,899 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\torrents\Girls of gaming 1-2 [mininova].torrent.vir
2008-12-26 00:18:39 A------- 4,981 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\active\F5482A6300EEE282CA56536D75B725EF0D4DE824.dat.bak.vir
2008-12-26 00:18:39 A------- 4,981 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\active\F5482A6300EEE282CA56536D75B725EF0D4DE824.dat.vir
2008-12-26 00:18:44 A------- 20 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\dht\version.dat.vir
2008-12-26 00:18:45 A------- 595 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\downloads.config.bak.vir
2008-12-26 00:18:45 A------- 4,882 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tables.config.vir
2008-12-26 00:18:53 A------- 159 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\azureus.statistics.vir
2008-12-26 00:19:02 A------- 14 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tracker.config.bak.vir
2008-12-26 00:19:02 A------- 93 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\dht\diverse.dat.vir
2008-12-26 00:19:11 A------- 2,619,426 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17770.tmp.vir
2008-12-26 00:19:11 A------- 2,619,426 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\azemp_2.0.32.zip.vir
2008-12-26 00:19:12 A------- 205 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\plugin.properties_2.0.32.vir
2008-12-26 00:19:12 A------- 324,886 D:\Qoobox\Quarantine\D\Program Files\Vuze\plugins\azemp\azemp_2.0.32.jar.vir
2008-12-26 00:19:13 A------- 35 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17771.tmp.vir
2008-12-26 00:19:13 A------- 147 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\alerts_1.log.vir
2008-12-26 00:19:53 A------- 159 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\azureus.statistics.bak.vir
2008-12-26 00:20:45 A------- 43,524 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17773.tmp.vir
2008-12-26 00:20:45 A------- 188,232 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tmp\AZU17772.tmp.vir
2008-12-26 00:28:14 A------- 548 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\dht\contacts.dat.vir
2008-12-26 00:32:51 A------- 16,934 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\net\pm_4804.dat.vir
2008-12-26 00:39:25 A------- 4,866 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\tables.config.bak.vir
2008-12-26 05:00:30 A------- 262,234 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\logs\thread_2.log.vir
2008-12-26 09:52:08 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\opidayir.ini.vir
2008-12-26 11:54:25 A------- 187 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\timingstats.dat.vir
2008-12-26 11:54:25 A------- 266 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\sidebarauto.config.vir
2008-12-26 11:54:26 A------- 13 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\friends.config.vir
2008-12-26 11:54:26 A------- 742 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\active\cache.dat.vir
2008-12-26 11:54:26 A------- 25,149 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\Azureus\dht\general.dat.vir
2008-12-26 21:50:58 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\umagibep.ini.vir
2008-12-27 11:01:19 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\azizowok.ini.vir
2008-12-27 23:02:42 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\udevefuj.ini.vir
2008-12-28 11:01:42 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\uvuyifet.ini.vir
2008-12-28 12:02:44 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\edodovej.ini.vir
2008-12-29 00:02:13 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\orejagiv.ini.vir
2008-12-29 14:03:04 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ewumuvip.ini.vir
2008-12-30 02:04:52 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ikufepon.ini.vir
2008-12-30 19:02:47 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\onomituj.ini.vir
2008-12-31 11:08:22 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\obekahez.ini.vir
2008-12-31 23:08:58 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\opiduwaf.ini.vir
2009-01-01 11:09:51 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\efidolos.ini.vir
2009-01-01 23:09:26 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ewijaneg.ini.vir
2009-01-02 13:10:13 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ehejudal.ini.vir
2009-01-03 02:10:51 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ugikojat.ini.vir
2009-01-03 14:11:46 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\imibarug.ini.vir
2009-01-04 02:11:26 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ijuhujog.ini.vir
2009-01-04 03:10:37 A------- 99 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\kill.gif.vir
2009-01-04 03:10:37 A------- 104 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\kill_on.gif.vir
2009-01-04 03:10:37 A------- 143 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\warning.gif.vir
2009-01-04 03:10:37 A------- 167 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\question.gif.vir
2009-01-04 03:10:37 A------- 236 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\01_star.gif.vir
2009-01-04 03:10:37 A------- 291 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\02_star.gif.vir
2009-01-04 03:10:37 A------- 325 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\03_star.gif.vir
2009-01-04 03:10:37 A------- 365 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\04_star.gif.vir
2009-01-04 03:10:37 A------- 374 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\05_star.gif.vir
2009-01-04 03:10:37 A------- 520 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\chat.gif.vir
2009-01-04 03:10:37 A------- 789 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\theme.txt.vir
2009-01-04 03:10:37 A------- 883 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\stop_dn.gif.vir
2009-01-04 03:10:37 A------- 883 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\stop_up.gif.vir
2009-01-04 03:10:37 A------- 889 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\play_dn.gif.vir
2009-01-04 03:10:37 A------- 889 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\play_up.gif.vir
2009-01-04 03:10:37 A------- 892 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\pause_dn.gif.vir
2009-01-04 03:10:37 A------- 892 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\pause_up.gif.vir
2009-01-04 03:10:37 A------- 920 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif.vir
2009-01-04 03:10:37 A------- 920 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\rewind_up.gif.vir
2009-01-04 03:10:37 A------- 922 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\forward_dn.gif.vir
2009-01-04 03:10:37 A------- 922 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme\forward_up.gif.vir
2009-01-04 03:10:37 A------- 14,515 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\themes\windows_theme.lwtp.vir
2009-01-04 03:11:04 A------- 333 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\createtimes.cache.vir
2009-01-04 03:11:04 A------- 676 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\library.dat.vir
2009-01-04 03:11:04 A------- 704 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\fileurns.bak.vir
2009-01-04 03:11:04 A------- 1,003 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\fileurns.cache.vir
2009-01-04 03:12:14 A------- 194 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\mojito.props.vir
2009-01-04 03:12:14 A------- 268 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\installation.props.vir
2009-01-04 03:12:14 A------- 612 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\tables.props.vir
2009-01-04 03:12:14 A------- 12,503 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\limewire.props.vir
2009-01-04 03:12:41 A------- 69 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\versions.props.vir
2009-01-04 03:12:41 A------- 112 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\questions.props.vir
2009-01-04 03:12:49 A------- 435 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\promotion\promodb.properties.vir
2009-01-04 03:14:55 A------- 2,492 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\version.xml.vir
2009-01-04 03:14:58 A------- 28,448 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\simpp.xml.vir
2009-01-04 03:15:37 A------- 58 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\downloads.dat.vir
2009-01-04 03:19:51 A------- 87 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\filters.props.vir
2009-01-04 03:43:04 A------- 508 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\xml\data\video.sxml2.vir
2009-01-04 03:46:41 A------- 82 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\responses.cache.vir
2009-01-04 03:46:41 A------- 1,010 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\promotion\promodb.script.vir
2009-01-04 03:46:41 A------- 19,397 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\gnutella.net.vir
2009-01-04 03:46:41 A------- 31,347 D:\Qoobox\Quarantine\D\Documents and Settings\User\Application Data\LimeWire\spam.dat.vir
2009-01-04 14:12:49 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\owilesed.ini.vir
2009-01-05 02:11:54 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ezidizig.ini.vir
2009-01-05 14:12:21 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\eluvazet.ini.vir
2009-01-06 02:16:56 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ofederes.ini.vir
2009-01-06 17:27:51 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\uvikarep.ini.vir
2009-01-07 07:16:35 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ezejiweb.ini.vir
2009-01-07 08:16:30 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ozumomir.ini.vir
2009-01-07 23:53:36 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ehekuwup.ini.vir
2009-01-08 11:53:50 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ufozinaw.ini.vir
2009-01-08 23:54:03 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\uzezigof.ini.vir
2009-01-09 11:55:16 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\anigajoz.ini.vir
2009-01-09 23:56:18 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\edanired.ini.vir
2009-01-10 11:55:31 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ekapejon.ini.vir
2009-01-10 23:54:48 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\apuririy.ini.vir
2009-01-11 11:55:25 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\iwuboboj.ini.vir
2009-01-11 23:55:32 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ebukigek.ini.vir
2009-01-12 13:35:16 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\isujukev.ini.vir
2009-01-13 02:35:50 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\olosupor.ini.vir
2009-01-13 14:36:06 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\esotufuf.ini.vir
2009-01-14 02:37:00 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ubabarob.ini.vir
2009-01-14 14:37:39 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ilofehub.ini.vir
2009-01-14 14:59:40 A------- 131,675 D:\Qoobox\Quarantine\D\WINDOWS\system32\giyqdq.dll.vir
2009-01-15 02:36:56 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\agetegat.ini.vir
2009-01-15 02:36:57 A------- 131,909 D:\Qoobox\Quarantine\D\WINDOWS\system32\jaemtd.dll.vir
2009-01-15 17:00:30 A------- 131,686 D:\Qoobox\Quarantine\D\WINDOWS\system32\ppmfsa.dll.vir
2009-01-16 11:02:19 A------- 522 D:\Qoobox\Quarantine\D\WINDOWS\system32\povisema.exe.vir
2009-01-16 23:12:40 A------- 131,706 D:\Qoobox\Quarantine\D\WINDOWS\system32\nmiwlv.dll.vir
2009-01-17 11:02:54 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ebiragug.ini.vir
2009-01-17 11:02:54 A------- 133,897 D:\Qoobox\Quarantine\D\WINDOWS\system32\uypvot.dll.vir
2009-01-17 23:03:10 A------- 133,890 D:\Qoobox\Quarantine\D\WINDOWS\system32\efopvf.dll.vir
2009-01-17 23:03:18 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ilifemib.ini.vir
2009-01-18 11:03:42 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\esovodan.ini.vir
2009-01-18 11:03:44 A------- 133,309 D:\Qoobox\Quarantine\D\WINDOWS\system32\jovuee.dll.vir
2009-01-18 23:04:05 A------- 133,770 D:\Qoobox\Quarantine\D\WINDOWS\system32\dgjluv.dll.vir
2009-01-18 23:04:06 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\osugorir.ini.vir
2009-01-19 12:05:13 A------- 133,811 D:\Qoobox\Quarantine\D\WINDOWS\system32\vpxpxq.dll.vir
2009-01-19 13:05:51 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\abekusih.ini.vir
2009-01-20 00:04:48 A------- 133,752 D:\Qoobox\Quarantine\D\WINDOWS\system32\idpyxv.dll.vir
2009-01-20 00:04:49 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\okegomiv.ini.vir
2009-01-20 16:06:05 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\emilipus.ini.vir
2009-01-20 16:06:09 A------- 133,791 D:\Qoobox\Quarantine\D\WINDOWS\system32\bnsrrj.dll.vir
2009-01-21 05:08:34 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\afikanuv.ini.vir
2009-01-21 05:09:07 A------- 134,314 D:\Qoobox\Quarantine\D\WINDOWS\system32\bgzris.dll.vir
2009-01-21 18:56:02 A------- 133,351 D:\Qoobox\Quarantine\D\WINDOWS\system32\vnajcv.dll.vir
2009-01-21 18:56:12 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ogayotez.ini.vir
2009-01-22 10:57:05 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\oyututeb.ini.vir
2009-01-22 10:57:05 A------- 133,344 D:\Qoobox\Quarantine\D\WINDOWS\system32\vahhfd.dll.vir
2009-01-22 22:57:09 A------- 120 D:\Qoobox\Quarantine\D\WINDOWS\system32\ebunijim.ini.vir
2009-01-22 22:57:19 A------- 133,314 D:\Qoobox\Quarantine\D\WINDOWS\system32\secchh.dll.vir
2009-01-23 00:06:18 A------- 398 D:\Qoobox\Quarantine\catchme.log
2009-01-23 07:27:27 A------- 7,945 D:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-01-23 07:31:16 A------- 118 D:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B}.reg.dat
2009-01-23 07:31:17 A------- 374 D:\Qoobox\Quarantine\Registry_backups\BHO-{2fd04713-8d88-4a6e-aebf-42941ad850af}.reg.dat
2009-01-23 07:31:17 A------- 416 D:\Qoobox\Quarantine\Registry_backups\BHO-{24850fc0-41a3-400b-8f44-7fdf4127e9d6}.reg.dat
2009-01-23 07:31:18 A------- 161 D:\Qoobox\Quarantine\Registry_backups\HKCU-Run-SpybotSD TeaTimer.reg.dat
2009-01-23 07:31:22 A------- 151 D:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}.reg.dat

-------------------------------------------------

Malwarebytes' Anti-Malware 1.33
Database version: 1685
Windows 5.1.2600 Service Pack 3

24/01/2009 11:55:50 AM
mbam-log-2009-01-24 (11-55-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118365
Time elapsed: 35 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 396

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Documents and Settings\Test\Local Settings\Temporary Internet Files\Content.IE5\PBYN7ZTD\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\babupata.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\bapepopo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\bayopuge.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\bebufizu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\berijona.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\beruvufi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\bewijeze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\bimefili.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\bnsrrj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\bolanefi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\bomezagi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\borababu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\butabefu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\darususi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\dekoleha.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\derinade.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\deseliwo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\dgjluv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\dibiyowa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\dijipire.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\dijuzihi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\diwuzito.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\dorebehi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\dowikabu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\dufabuyo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\duyovaha.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\efopvf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\vedofumu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\vpxpxq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\wiwijadu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yohitavu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\falefigi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\famabuvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\fapalogo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\farewoka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\fevubitu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\figikoli.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\fogizezu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\fozusayo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\fufutose.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\fuyowugu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gabuwuwo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gadonesi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gajapuda.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gamuduhe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gatupono.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gavedewu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gemewoda.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gijabawu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gitalobo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\giyqdq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gizidize.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gojuhuji.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gugaribe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\gurabimi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\guvobana.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\hagipugo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\higudivo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\hinilezo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\hisukeba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\holusifo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\hoyaguya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\huhotise.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\huliguzo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\idpyxv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\jaemtd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\jalezada.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\jopibata.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\jufawome.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\jufevedu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\jutimono.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\juwinamu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\juyodufu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\kebehawi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\kekiyala.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\kiyivaro.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\kowoziza.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\labagobu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\ladujehe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\lamukepa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\lejorude.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\ligijowe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\lobumije.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\mamotapi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\mawudeke.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\menukabu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\midinuro.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\mimadove.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\monopatu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\nadovose.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\nasikaje.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\nefilepu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\nehozipa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\niniyifu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\nmiwlv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\nojepake.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\nopefuki.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\nuhugofe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\pasevomi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\perakivu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\pivumuwe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\pominoje.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\popujubi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\powipogi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\ppmfsa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\pularewi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\puwukehe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\rakujotu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\rapavogo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\refomoyo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\repevumo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\rimomuzo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\riroguso.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\riseyigo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\riyadipo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\savohofu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\seredefo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\sezogibe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\sihowedo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\sovosofu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\sunezihe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\sunufajo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\tafivefi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\tagetega.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\tajokigu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\tatoluya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\tefiyuvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\temekatu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\tipajile.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\uypvot.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\vatimete.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\vigajero.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\viriteda.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\vofehafi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\vozusoto.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\wanizofu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\wegagolu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\wosarako.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\wutizipi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yahosuze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yemuyafe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yiguseda.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yohefani.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yovukuyo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yowefise.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yuhodose.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\yuwevelo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\zajeyema.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\zasugipu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\zehakebo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\zewobihu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\zojagina.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\zokelika.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Qoobox\Quarantine\D\WINDOWS\system32\zusawuzo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079443.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079444.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079445.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079447.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079448.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079449.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079452.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079453.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079454.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079460.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP235\A0079518.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP236\A0082664.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP240\A0088448.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP242\A0091463.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP243\A0091477.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP244\A0092607.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP244\A0092608.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP244\A0092609.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP258\A0112250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP259\A0116314.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP259\A0116315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP259\A0116316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP261\A0122290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP261\A0124343.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP263\A0127343.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP266\A0129421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP267\A0130421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP267\A0130422.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP267\A0131430.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP267\A0131431.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP267\A0131432.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP268\A0132421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP275\A0136660.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP276\A0137708.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141924.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142032.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142050.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141909.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141910.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141911.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141914.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141918.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141919.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141921.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141925.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141926.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141927.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141928.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141929.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141930.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141931.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141932.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141933.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141934.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141935.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141944.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141965.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141966.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141967.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141968.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141971.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141973.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141975.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141980.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141981.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141982.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141983.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141984.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141985.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141986.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141987.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141988.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141989.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141991.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141993.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141994.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141995.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141997.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141998.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0141999.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142000.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142002.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142003.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142004.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142006.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142016.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142018.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142020.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142023.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142024.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142026.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142027.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142028.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142029.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142039.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142043.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142044.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142045.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142048.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142051.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142053.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142054.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142056.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142057.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142058.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142059.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142060.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142062.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142096.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142098.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142102.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142103.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142107.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142109.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142110.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142111.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142112.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142114.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142168.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP286\A0142199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142440.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142438.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142439.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142441.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142442.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142443.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142444.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142445.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP288\A0142447.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP241\A0088470.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11C325EC-90CE-4B2D-973A-49979E5BC921}\RP241\A0090469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\danuzihi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ganafihe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\naditume.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\naluwota.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rofegivu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rurisugo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\sutuhoha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tegavipo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vafowine.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\dezuzara.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\dopahigo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\dorulelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\dupefomu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\habanuvo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nilimuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tonasuta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\hulahake.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mumenawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\bomukako.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\sehuwuri.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wulemake.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wulubuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\konovozo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\lumiwoyo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vetaweyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yegofoju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yeneriho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yeweyefa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yeyanido.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\dipafibu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pamovuvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\lenisako.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\levewani.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ligalijo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yozekute.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\zolekare.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\zugibiru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\zusidebi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\holuwuma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\hovolile.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\getovojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\fewibola.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\volorume.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vopeside.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\vufeguja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\miziwiva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\niwaluyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\zarebeba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\guvuvara.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


--------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:58:32 PM, on 24/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Utopia\Angel\Angel.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://joinup.unwired.com.au/?platform=win&ver=2.1.0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] D:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] D:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [EasyTuneV] D:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA61610-987D-4CDA-A985-C2DF7915C552}: NameServer = 61.88.88.88 61.88.88.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
TehDudeAbides
Active Member
 
Posts: 6
Joined: January 19th, 2009, 6:04 am

Re: Malware Problem

Unread postby peku006 » January 24th, 2009, 10:11 am

Hi TehDudeAbides

it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Please reply with

a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware Problem

Unread postby NonSuch » January 29th, 2009, 8:51 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware