lashaun84
-
Content Count
34 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by lashaun84
-
-
Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.0.0.hom
ID: {0FFF7749-7242-4E18-8CDB-C60DDB3C7F5C}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0FFF7749-7242-4E18-8CDB-C60DDB3C7F5C}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-436374069-1364589140-1801674531</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 2300</Model></SYSTEM><BIOS><Manufacturer>Mitac Corp</Manufacturer><Version>A01</Version><SMBIOSVersion major="2" minor="3"/><Date>20020719******.******+***</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>1FFA394F0184204E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>87057A632D39D00</Val><Hash>yQLfxRA/aKiOHU0buoxI8EpMa7Q=</Hash><Pid>73931-640-2604441-57595</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840:Dell Inc|1D270:Dell Inc|10B5B:Dell Inc|10B5B:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System
OEM Activation 2.0 Data-->
N/A
-
SDFix: Version 1.240
Run by Administrator on Tue 02/17/2009 at 06:31 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\-85619~1 - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 18:43:06
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 16 Jun 2008 5,237 A..H. --- "C:\TEMP\t4.bak"
Tue 17 Jun 2008 8,941 A..H. --- "C:\TEMP\t4.bak1"
Tue 17 Jun 2008 9,458 A..H. --- "C:\TEMP\t4.bak2"
Sat 23 Aug 2008 6,464 A..H. --- "C:\TEMP\t4.bak3"
Fri 11 Jul 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 20 Dec 2008 7,478,208 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp"
Fri 20 Jun 2008 8,723,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp"
Fri 17 Oct 2008 7,281,784 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Finished!
-
********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.22.7430 *
* *
********************************************************************************
Created at 14:50:11 on Tuesday, February 17, 2009
Time Zone : (GMT-05:00) Eastern Time (US & Canada)
Logged On User : Owner
Operating System : Microsoft Windows XP Home Edition
OS Architecture : X86
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 IntelĀ® CeleronĀ® CPU 1.80GHz
System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\System32
System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 38.14 GB
System Drive Free : 27.51 GB
Total Physical Memory: 254 MB
Free Physical Memory : 102 MB
Total Page File : 254 MB
Free Page File : 455 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1976 MB
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! userinit.exe is Clean !!!
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
No malicious files found
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done
ShadowPuterDude
Safe Surfing!!!
-
ComboFix 09-02-15.01 - Owner 2009-02-17 11:22:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.254.72 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\GnuHashes.ini
c:\windows\IE4 Error Log.txt
c:\windows\system32\__c0021000.dat
c:\windows\system32\__c002917C.dat
c:\windows\system32\__c0044400.dat
c:\windows\system32\__c008D31A.dat
c:\windows\system32\ak
c:\windows\system32\cookie1.dat
c:\windows\system32\dpnlobby32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\39.music.mp3
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\41.crack.zip
c:\windows\system32\GroupPolicyManifest\41.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\42.keymaker.zip
c:\windows\system32\GroupPolicyManifest\42.keymaker.zip.kwd
c:\windows\system32\GroupPolicyManifest\43.setup.zip
c:\windows\system32\GroupPolicyManifest\43.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\44.unpack.zip
c:\windows\system32\GroupPolicyManifest\44.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\45.keygen.zip
c:\windows\system32\GroupPolicyManifest\45.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\46.serial.zip
c:\windows\system32\GroupPolicyManifest\46.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\47.music.snd
c:\windows\system32\GroupPolicyManifest\47.music.snd.kwd
c:\windows\system32\kjepncko.dll
c:\windows\system32\ndqnvhgv.dll
c:\windows\system32\qigkdfeq.dll
c:\windows\system32\rukcng.dll
c:\windows\system32\sjiznr.dll
c:\windows\system32\tb.dr
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\tqtraqcu.dll
c:\windows\system32\wkzrha.dll
c:\windows\system32\zdnvjq.dll
c:\windows\update.exe
C:\xcrashdump.dat
c:\windows\system32\avica.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.
2009-02-17 08:39 . 2009-02-17 08:39 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-15 18:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-15 18:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-15 17:51 . 2009-02-15 17:51 <DIR> d-------- c:\documents and settings\Administrator.DEEANDSHAUN
2009-02-15 09:10 . 2009-02-15 09:10 1,583,467 ---hs---- c:\windows\system32\sxjyuonm.ini
2009-02-11 13:24 . 2009-02-11 13:24 <DIR> d-------- c:\windows\ERUNT
2009-02-11 13:24 . 2009-02-11 13:24 <DIR> d-------- C:\ERDNT
2009-02-11 13:16 . 2009-02-11 15:26 <DIR> d-------- C:\!FixIEDef
2009-02-10 11:29 . 2009-02-10 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-08 19:07 . 2009-02-08 19:07 39,936 --a------ C:\rnqcp.exe
2009-02-08 19:07 . 2009-02-08 19:08 2 --a------ C:\-856197470
2009-02-06 10:35 . 2005-08-27 03:38 1,435,272 --a------ c:\windows\system32\Flash8.ocx
2009-02-06 10:35 . 2002-03-04 13:27 1,140,472 --a------ c:\windows\system32\IGUltraGrid20.ocx
2009-02-06 10:35 . 2003-11-19 14:59 512,688 --a------ c:\windows\system32\XceedCry.dll
2009-02-06 10:35 . 2004-03-09 00:00 131,856 --a------ c:\windows\system32\MSADODC.ocx
2009-02-06 10:35 . 1999-01-26 20:36 11,012 --a------ c:\windows\system32\threadapi.tlb
2009-02-05 19:30 . 2009-02-05 19:53 <DIR> d-------- c:\windows\Internet Logs
2009-02-05 19:28 . 2009-02-09 08:47 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-02-05 19:28 . 2009-02-05 19:28 <DIR> d-------- c:\program files\Zone Labs
2009-02-05 09:33 . 2009-02-05 09:33 18,060 --a------ c:\windows\system32\data013F.pk2
2009-02-05 09:32 . 2009-02-05 09:32 18,148 --a------ c:\windows\system32\data011B.pkd
2009-02-05 09:26 . 2009-02-05 11:14 7,680 --a------ c:\windows\system32\rasha.exe
2009-02-03 16:40 . 2009-02-05 11:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-03 09:56 . 2009-02-03 09:56 120 ---hs---- c:\windows\system32\yaceoerc.ini
2009-02-02 09:09 . 2009-02-02 09:09 1,464,591 ---hs---- c:\windows\system32\wsnpgnil.ini
2009-01-30 08:53 . 2009-01-31 09:08 1,519,799 ---hs---- c:\windows\system32\vehykqla.ini
2009-01-29 08:53 . 2009-01-29 08:53 1,519,356 ---hs---- c:\windows\system32\kwqdiddg.ini
2009-01-27 23:04 . 2009-01-29 08:50 1,519,356 ---hs---- c:\windows\system32\apswymby.ini
2009-01-27 12:38 . 2009-01-27 12:38 <DIR> d-------- c:\program files\ParetoLogic
2009-01-27 12:38 . 2009-01-27 12:38 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-01-27 12:38 . 2009-01-27 12:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-01-27 12:38 . 2009-01-27 12:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverCure
2009-01-27 12:36 . 2009-01-27 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-01-27 12:10 . 2009-01-27 12:10 <DIR> d-------- c:\documents and settings\Owner\Application Data\Uniblue
2009-01-27 11:32 . 2009-01-27 11:32 <DIR> d-------- c:\documents and settings\Dee\Application Data\PC Tools
2009-01-27 10:46 . 2009-01-27 10:46 <DIR> d-------- c:\documents and settings\Administrator
2009-01-26 14:07 . 2009-01-26 14:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\MSN6
2009-01-26 14:07 . 2009-01-26 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6
2009-01-26 11:04 . 2009-01-26 11:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\RegTool
2009-01-25 18:04 . 2009-01-25 18:04 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-01-25 11:21 . 2009-01-25 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\1447988137
2009-01-25 11:03 . 2009-01-25 11:03 45 --a------ c:\windows\system32\RPVersion.ini
2009-01-25 11:00 . 2009-01-25 11:00 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-23 17:18 . 2001-08-18 07:00 96,768 --a------ c:\windows\system32\avica.dll
2009-01-22 11:59 . 2009-01-29 10:14 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-22 11:59 . 2009-01-22 11:59 1,409 --a------ c:\windows\QTFont.for
2009-01-20 18:51 . 2009-01-20 18:51 <DIR> d-------- c:\documents and settings\Owner\.realobjects
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 00:49 --------- d-----w c:\program files\Morpheus
2009-02-10 15:32 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-02-06 00:33 30,208 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-02-06 00:33 12,288 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-02-06 00:30 29,184 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-02-06 00:30 12,800 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-02-05 14:33 13,457 ----a-w c:\windows\system32\0121mixed.bin
2009-02-05 14:33 12,901 ----a-w c:\windows\system32\297backup.bin
2009-02-05 14:32 6,291 ----a-w c:\windows\system32\10b.zip
2009-02-05 14:32 5,287 ----a-w c:\windows\system32\139backup.bin
2009-02-05 14:32 4,797 ----a-w c:\windows\system32\user275.zip
2009-02-05 14:32 4,240 ----a-w c:\windows\system32\cookies284.zip
2009-02-05 14:32 3,793 ----a-w c:\windows\system32\147base.bin
2009-02-05 14:32 3,237 ----a-w c:\windows\system32\data009C.bin
2009-02-05 14:32 12,542 ----a-w c:\windows\system32\uninstall7d.zip
2009-02-05 14:32 11,985 ----a-w c:\windows\system32\0085.zip
2009-02-05 14:32 10,491 ----a-w c:\windows\system32\images142.zip
2009-01-27 17:41 --------- d-----w c:\program files\DivX
2009-01-27 16:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-25 17:40 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2009-01-25 15:59 --------- d-----w c:\program files\Java
2009-01-22 15:10 --------- d-----w c:\program files\Yahoo! Games
2009-01-14 20:32 --------- d-----w c:\documents and settings\Owner\Application Data\Move Networks
2009-01-11 14:28 --------- d-----w c:\program files\Common Files\AOL
2009-01-11 14:27 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2009-01-11 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-11 14:25 --------- d-----w c:\documents and settings\Owner\Application Data\AOL
2009-01-11 03:59 --------- d-----w c:\program files\eGames
2009-01-11 03:58 --------- d-----w c:\program files\Shockwave.com
2009-01-10 22:15 --------- d-----w c:\documents and settings\Owner\Application Data\Mind Control Software
2009-01-07 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap
2009-01-06 00:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 00:54 --------- d-----w c:\program files\ANI
2009-01-06 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-06 00:53 --------- d-----w c:\program files\D-Link
2009-01-06 00:50 --------- d-----w c:\program files\Viva Media
2009-01-06 00:42 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-04 23:04 --------- d-----w c:\program files\iXi Tools
2008-12-29 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2008-12-29 16:39 --------- d-----w c:\documents and settings\Owner\Application Data\Gaijin Ent
2008-12-29 16:28 --------- d-----w c:\program files\Viva Media Best Buy
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCFBA5E4-23ED-49F9-A5C2-99607670DA51}]
2001-08-18 07:00 96768 --a------ c:\windows\System32\avica.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2001-08-18 13312]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-17 98304]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-11 180269]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"1331176861"="c:\documents and settings\All Users\Application Data\1447988137\1331176861.exe" [2009-01-25 2096677]
R0 krnchtju;krnchtju;c:\windows\system32\drivers\krnchtju.sys [2001-08-18 23424]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
2009-02-16 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []
2009-02-16 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool []
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
HKCU-Run-RegTool - c:\program files\RegTool\RegTool.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-MalwareBot - c:\program files\MalwareBot\MalwareBot.exe
Notify-ccf776a2517 - c:\windows\System32\dpnlobby32.dll
Notify-__c002917C - c:\windows\System32\__c002917C.dat
SafeBoot-Winvc05.sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://adserving.cpxinteractive.com/iframe3?0j4EAPLyAwDp-AYASnkCAAIBAAAAAP8AAAD..wICAAJWxwQA.-IDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3MzMzMzPA.zczMzMzM8D8BAAAAAAD8PwEAAAAAAPw.AA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-Zc2EhmSoAR3CUCiFLJku-nURFVowed0ylzM3wAAAAA=,,http://www3.evilshare.com/accd7d46-5618-102b-a5a4-000b6aa2a5f8
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 11:29:31
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\Perflib_Perfdata_7c0.dat 16384 bytes
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\ODBC32.dll
- - - - - - - > 'lsass.exe'(708)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
.
**************************************************************************
.
Completion time: 2009-02-17 11:37:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-17 16:35:35
Pre-Run: 28,706,557,952 bytes free
Post-Run: 28,953,227,264 bytes free
WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
244 --- E O F --- 2009-02-17 16:32:15
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:45 AM, on 17/02/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adserving.cpxinteractive.com/iframe...a4-000b6aa2a5f8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {DCFBA5E4-23ED-49F9-A5C2-99607670DA51} - C:\WINDOWS\System32\avica.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [1331176861] "C:\Documents and Settings\All Users\Application Data\1447988137\1331176861.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00F2EE4C2.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F2EE4C2.exe
O4 - HKCU\..\Run: [A00F3803D8.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F3803D8.exe
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [A00F978B69.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F978B69.exe
O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [A00F5316C0.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F5316C0.exe
O4 - HKCU\..\Run: [A00F5425CF.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F5425CF.exe
O4 - HKCU\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKCU\..\Run: [A00F1B2344.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F1B2344.exe
O4 - HKCU\..\Run: [A00F142019.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F142019.exe
O4 - HKCU\..\Run: [A00F151F3A.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F151F3A.exe
O4 - HKCU\..\Run: [A00F133617.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F133617.exe
O4 - HKCU\..\Run: [A00F180366.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F180366.exe
O4 - HKCU\..\Run: [A00F18E4CD.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F18E4CD.exe
O4 - HKCU\..\Run: [A00F49BD03.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F49BD03.exe
O4 - HKCU\..\Run: [A00F1849C6.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F1849C6.exe
O4 - HKCU\..\Run: [kee7alkt69cynm2wjrmu2626xfqtne50kr6rxzouq1] C:\DOCUME~1\Owner\LOCALS~1\Temp\jf64yo.exe
O4 - HKCU\..\Run: [nugzld42x9qoi8kpfum4381] C:\DOCUME~1\Owner\LOCALS~1\Temp\g9eerxve4pbc.exe
O4 - HKCU\..\Run: [okqy201os5gkvdw1h1ncisss9zxameriwu4ezytzss797s8vo] C:\DOCUME~1\Owner\LOCALS~1\Temp\s8w4afb.exe
O4 - HKCU\..\Run: [qkpcj6rnx0knqt] C:\DOCUME~1\Owner\LOCALS~1\Temp\th3su0fz5p.exe
O4 - HKCU\..\Run: [y51qp1vkmded7] C:\DOCUME~1\Owner\LOCALS~1\Temp\ujq0wl.exe
O4 - HKCU\..\Run: [qya5rk3lycw710xg1zu7iunr3u4m2z3wxd64pexvl39tw1] C:\DOCUME~1\Owner\LOCALS~1\Temp\yda29ynt6c8qt.exe
O4 - HKCU\..\Run: [apk79qiimvlevvykm6lkc34l45s1l6ssblncoy284oqby059os] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnq9gh.exe
O4 - HKCU\..\Run: [aofcwlmky9v9ptpdyqwe5h9rq23snuka4kg34scyyg1ng] C:\DOCUME~1\Owner\LOCALS~1\Temp\sbmqb4au.exe
O4 - HKCU\..\Run: [vkhi2mrlevn6ge72xhb30v8ifm8nmf2s] C:\DOCUME~1\Owner\LOCALS~1\Temp\jtq087fztx24.exe
O4 - HKCU\..\Run: [A00F2B3F59.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F2B3F59.exe
O4 - HKCU\..\Run: [A00F25133.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F25133.exe
O4 - HKCU\..\Run: [A00F395B9.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F395B9.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpnlobby32.dll,C:\WINDOWS\System32\dpnlobby32.dll sdfqxl.dll cnpvkf.dll xhedsz.dll zdnvjq.dll viorxs.dll rukcng.dll
O20 - Winlogon Notify: ccf776a2517 - C:\WINDOWS\System32\dpnlobby32.dll
O20 - Winlogon Notify: __c002917C - C:\WINDOWS\System32\__c002917C.dat
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 8203 bytes
-
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 16, 2009
Operating System: Microsoft Windows XP Home Edition (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 16, 2009 21:45:28
Records in database: 1804985
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 37986
Threat name: 30
Infected objects: 223
Suspicious objects: 1
Duration of the scan: 01:56:18
File name / Threat name / Threats count
winlogon.exe\dpnlobby32.dll/winlogon.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
C:\WINDOWS\System32\dpnlobby32.dll/C:\WINDOWS\System32\dpnlobby32.dll Infected: P2P-Worm.Win32.Nugg.af 22
C:\WINDOWS\system32\zdnvjq.dll/C:\WINDOWS\system32\zdnvjq.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.izl 7
C:\WINDOWS\system32\rukcng.dll/C:\WINDOWS\system32\rukcng.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jmn 7
services.exe\dpnlobby32.dll/services.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
C:\WINDOWS\System32\__c00B9C2.dat/C:\WINDOWS\System32\__c00B9C2.dat Infected: Backdoor.Win32.Agent.aawp 13
lsass.exe\dpnlobby32.dll/lsass.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
svchost.exe\dpnlobby32.dll/svchost.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 4
C:\WINDOWS\System32\zdnvjq.dll/C:\WINDOWS\System32\zdnvjq.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.izl 16
C:\WINDOWS\System32\rukcng.dll/C:\WINDOWS\System32\rukcng.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jmn 16
spoolsv.exe\dpnlobby32.dll/spoolsv.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
jqs.exe\dpnlobby32.dll/jqs.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
wdfmgr.exe\dpnlobby32.dll/wdfmgr.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
explorer.exe\dpnlobby32.dll/explorer.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
jusched.exe\dpnlobby32.dll/jusched.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
realsched.exe\dpnlobby32.dll/realsched.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
issch.exe\dpnlobby32.dll/issch.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
ctfmon.exe\dpnlobby32.dll/ctfmon.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
firefox.exe\dpnlobby32.dll/firefox.exe\dpnlobby32.dll Infected: Trojan.Win32.Agent.bkpf 1
C:\!FixIEDef\1.tmp Infected: Trojan.Win32.Agent2.abb 1
C:\!FixIEDef\__c0013A16.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0019544.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00210E4.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0023CC6.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0025964.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c002A68A.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c002F1E4.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0034F69.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0042D21.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0044C2B.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c004AF7B.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c004C291.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0051F8F.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0052589.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c005670D.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0058519.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0059AEE.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c005E189.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0061FB5.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0065744.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0068A40.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c006961B.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c006FE92.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c007592E.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c007D907.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0086EC0.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c008D81A.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c008E442.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00912FE.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0094E24.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c0096412.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c009AF9A.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c009CFE2.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c009E490.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c009EE1C.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00A024E.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00A481B.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00A4916.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00A5BC1.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00A6853.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00AA101.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00AA59C.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00B4731.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00B7984.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00BB0C4.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00BBF55.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00BE2B5.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00C3440.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00C4CC1.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00C7EFE.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00C9254.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00CA6E4.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00D7B79.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00DB189.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00DB1B2.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00DF600.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00E6129.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00E65D1.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00E8841.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00EA9A1.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00F38C4.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00F3964.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00F4BC0.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00F6B82.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00F7A7A.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\!FixIEDef\__c00FF2EC.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\Documents and Settings\All Users\Application Data\1447988137\1331176861.exe Infected: Trojan.Win32.Agent.bkws 1
C:\Documents and Settings\Owner\Desktop\Incomplete\Preview-T-3515163-busted ron isley.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Owner\Desktop\Incomplete\Preview-T-3545427-drama - not today.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Owner\Desktop\Incomplete\Preview-T-5745425-i love you musiq.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Owner\Desktop\Incomplete\T-5745425-i love you musiq.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Owner\Desktop\MUSIC\yesterday dorinda clark cole.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Owner\Local Settings\Temp\qaafAtHj.exe Infected: Packed.Win32.Krap.j 1
C:\Documents and Settings\Owner\Local Settings\Temp\Rbqlljsg.exe Infected: Trojan-Downloader.Win32.FraudLoad.dcn 1
C:\Documents and Settings\Owner\Local Settings\Temp\rMsUoOvu.exe Infected: Trojan.Win32.Inject.ott 1
C:\Documents and Settings\Owner\Local Settings\Temp\rpwByoTs.exe Infected: Trojan-Downloader.Win32.FraudLoad.dar 1
C:\Documents and Settings\Owner\Local Settings\Temp\TDSS777.tmp Infected: Packed.Win32.Tdss.a 1
C:\Documents and Settings\Owner\Local Settings\Temp\TDSS9e8.tmp Suspicious: Trojan.Win32.Patched.dy 1
C:\Documents and Settings\Owner\Local Settings\Temp\TeuDbAVS.exe Infected: Trojan-Downloader.Win32.Agent.bfut 1
C:\Documents and Settings\Owner\Local Settings\Temp\TgWNhCKv.exe Infected: Trojan-Downloader.Win32.Agent.bgoh 1
C:\Documents and Settings\Owner\Local Settings\Temp\tJPGmmFV.exe Infected: Rootkit.Win32.TDSS.eyj 1
C:\Documents and Settings\Owner\Local Settings\Temp\tmp45C.tmp Infected: Rootkit.Win32.TDSS.eyj 1
C:\Documents and Settings\Owner\Local Settings\Temp\tmp50.tmp Infected: Rootkit.Win32.TDSS.eyj 1
C:\Documents and Settings\Owner\Local Settings\Temp\tmpAC.tmp Infected: Rootkit.Win32.TDSS.eyj 1
C:\Documents and Settings\Owner\Local Settings\Temp\towlorsb.exe Infected: Worm.Win32.AutoTDSS.bpj 1
C:\Documents and Settings\Owner\Local Settings\Temp\uiucdugC.exe Infected: Trojan-Downloader.Win32.Agent.bgoh 1
C:\Documents and Settings\Owner\Local Settings\Temp\uXLdLGVr.exe Infected: Packed.Win32.Krap.j 1
C:\Documents and Settings\Owner\Local Settings\Temp\viDqrvHW.exe Infected: Packed.Win32.Krap.j 1
C:\Documents and Settings\Owner\Local Settings\Temp\WiivGWch.exe Infected: Packed.Win32.Krap.j 1
C:\Documents and Settings\Owner\Local Settings\Temp\winiguard.exe Infected: not-a-virus:FraudTool.Win32.SpyVampire.h 1
C:\Documents and Settings\Owner\Local Settings\Temp\WqgnSSFM.exe Infected: Packed.Win32.Krap.j 1
C:\Documents and Settings\Owner\Local Settings\Temp\wxUlNgTk.exe Infected: Trojan.Win32.Agent.bntk 1
C:\Documents and Settings\Owner\Local Settings\Temp\XafEmLbp.exe Infected: Trojan-Downloader.Win32.Agent.bgoh 1
C:\Documents and Settings\Owner\Local Settings\Temp\XkpGthFn.exe Infected: Trojan-Downloader.Win32.FraudLoad.dcm 1
C:\Documents and Settings\Owner\Local Settings\Temp\xWSkHbjW.exe Infected: Trojan-Downloader.Win32.FraudLoad.dar 1
C:\Documents and Settings\Owner\Local Settings\Temp\YFIDhgpp.exe Infected: Trojan.Win32.Inject.ott 1
C:\Documents and Settings\Owner\Local Settings\Temp\yhRBGxyE.exe Infected: Packed.Win32.Krap.j 1
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F28F94.exe Infected: Backdoor.Win32.Agent.aawp 1
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\WINDOWS\system32\dpnlobby32.dll Infected: P2P-Worm.Win32.Nugg.af 1
C:\WINDOWS\system32\GroupPolicyManifest\39.music.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\WINDOWS\system32\GroupPolicyManifest\41.crack.zip Infected: P2P-Worm.Win32.Nugg.w 3
C:\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip Infected: P2P-Worm.Win32.Nugg.w 2
C:\WINDOWS\system32\GroupPolicyManifest\43.setup.zip Infected: P2P-Worm.Win32.Nugg.w 2
C:\WINDOWS\system32\GroupPolicyManifest\44.unpack.zip Infected: P2P-Worm.Win32.Nugg.w 1
C:\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip Infected: P2P-Worm.Win32.Nugg.w 2
C:\WINDOWS\system32\GroupPolicyManifest\46.serial.zip Infected: P2P-Worm.Win32.Nugg.w 2
C:\WINDOWS\system32\GroupPolicyManifest\47.music.snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\WINDOWS\system32\kjepncko.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.izl 1
C:\WINDOWS\system32\ndqnvhgv.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jep 1
C:\WINDOWS\system32\qigkdfeq.dll Infected: Trojan.Win32.Monder.avau 1
C:\WINDOWS\system32\rasha.exe Infected: Trojan.Win32.Agent2.bhm 1
C:\WINDOWS\system32\rukcng.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jmn 1
C:\WINDOWS\system32\sjiznr.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jep 1
C:\WINDOWS\system32\tqtraqcu.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jmn 1
C:\WINDOWS\system32\wkzrha.dll Infected: Trojan.Win32.Monder.avau 1
C:\WINDOWS\system32\zdnvjq.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.izl 1
C:\WINDOWS\system32\__c00B9C2.dat Infected: Backdoor.Win32.Agent.aawp 1
C:\WINDOWS\Temp\tempo-24481125.tmp Infected: Rootkit.Win32.TDSS.eyj 1
C:\WINDOWS\Temp\tempo-24486062.tmp Infected: Rootkit.Win32.TDSS.eyj 1
The selected area was scanned.
-
Malwarebytes' Anti-Malware 1.34
Database version: 1764
Windows 5.1.2600
15/02/2009 7:25:08 PM
mbam-log-2009-02-15 (19-25-07).txt
Scan type: Quick Scan
Objects scanned: 74163
Time elapsed: 15 minute(s), 50 second(s)
Memory Processes Infected: 5
Memory Modules Infected: 10
Registry Keys Infected: 50
Registry Values Infected: 56
Registry Data Items Infected: 16
Folders Infected: 4
Files Infected: 286
Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\winlognn.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\sysguard.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\baloon.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\fccaBQHY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Szinoceqozuzeqij.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sdfqxl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cnpvkf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xhedsz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\viorxs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\urqNfCTn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\hsfd83jfdg.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\__c009CFE2.dat (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqnfctn (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97bc5159-1d8e-4d18-9b4e-5575041309a8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{97bc5159-1d8e-4d18-9b4e-5575041309a8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97ac8336-c41b-4d04-aba6-c727e8c24588} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71a5fc36-8827-45ff-98ed-bd0f7330b414} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde2b712-04a3-4f2c-ba07-6b2d0fc8411c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71e232e9-753a-4e35-8a49-dfcfa5986a28} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Downloader) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5cc2f638-99ff-45d2-97c7-e30e83cf04d2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36dbc179-a19f-48f2-b16a-6a3e19b42a87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{36dbc179-a19f-48f2-b16a-6a3e19b42a87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dcfba5e4-23ed-49f9-a5c2-99607670da51} (Spyware.BZub) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcfba5e4-23ed-49f9-a5c2-99607670da51} (Spyware.BZub) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{32123989-5e4a-47da-bd3f-75e46c4c75d6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51008f05-10d7-4981-a349-cde667a546bc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85fb89b6-38d9-4b04-8512-c90471161acb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winvc05 (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winvc05 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winvc05 (Rootkit.Agent) -> Delete on reboot.
HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009cfe2 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccf7760d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysguard (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rhoyezudana (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tezrtsjhfr84iusjfo84f (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gyoyaveca (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f530bc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f5f98a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fbd9df.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f31ca1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fa2c2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00faae31.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2f17a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f67438.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00ff0b9f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f3aedf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f31ba7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f41f8a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2f67b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f3ecc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2fcb5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f643f1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f3dbea.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2fe9a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fe2a77.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f41672.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f49140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f5579d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f50779.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f8c0a9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fdde79.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f4bb6d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00ffaa12.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f5114d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fffe1d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f7d30d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f50854.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f80eae.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f4c262.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f69686.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f60820.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f65239.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f79eaf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f55bc3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c:\windows\system32\baloon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccabqhy -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccabqhy -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{256bb56e-10ee-4beb-aa15-49f444d132bd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c7eb3819-3812-4e2c-91cf-a606f639c246}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c7eb3819-3812-4e2c-91cf-a606f639c246}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{256bb56e-10ee-4beb-aa15-49f444d132bd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c7eb3819-3812-4e2c-91cf-a606f639c246}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c7eb3819-3812-4e2c-91cf-a606f639c246}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{256bb56e-10ee-4beb-aa15-49f444d132bd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c7eb3819-3812-4e2c-91cf-a606f639c246}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c7eb3819-3812-4e2c-91cf-a606f639c246}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Owner\Application Data\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Settings (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\urqNfCTn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fccaBQHY.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\YHQBaccf.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\YHQBaccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\batvsgta.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atgsvtab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bibunsdn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndsnubib.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blbscvoa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aovcsblb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bvevvgfv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vfgvvevb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gyspqvle.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\elvqpsyg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iqqdihvo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovhidqqi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jvqjthmf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fmhtjqvj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qhwsqhqx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xqhqswhq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rbxlgsjx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjsglxbr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ujwgxjai.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iajxgwju.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wjwxiomp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmoixwjw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xntiicwe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewciitnx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hsfd83jfdg.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Szinoceqozuzeqij.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sdfqxl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cnpvkf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xhedsz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\viorxs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\winlognn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F2EE4C2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F530BC.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F3803D8.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F978B69.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F5F98A.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FBD9DF.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F31CA1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FA2C2F.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FAAE31.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F2F17A.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F67438.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FF0B9F.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F3AEDF.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F31BA7.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F41F8A.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F2F67B.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F3ECC2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F2FCB5.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F643F1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F3DBEA.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F2FE9A.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F5316C0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F5425CF.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FE2A77.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F1B2344.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F41672.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F49140.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F5579D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F142019.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F151F3A.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F50779.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F133617.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F180366.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F18E4CD.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F49BD03.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F8C0A9.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FDDE79.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F4BB6D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FFAA12.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F5114D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FFFE1D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F1849C6.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F7D30D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F50854.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F80EAE.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F4C262.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F69686.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F60820.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F65239.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F79EAF.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F55BC3.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipv6sp.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iehelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fgrrrgoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnoxefcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqqmjcek.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajwjfbbe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avica.dll (Spyware.BZub) -> Delete on reboot.
C:\WINDOWS\system32\bmecmq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brahuudv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmopdz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dswxrrpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gacehj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gqbppt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isuoos.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itoyulfo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kcfkmvfb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ltsnlhuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oaqhkrsy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pivfwkhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrrrkbno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rvpvqara.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfub.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoeqh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rcuguuib.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucukblls.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhfgdxsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iapcigym.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uukwoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxldcoud.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juwuwlft.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\moyxvb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wikyvfro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdkcnehl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvbgualt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxqhpt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypt3.dll (Spyware.BZub) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yemfpwvm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxkhhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkybsbto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpxooqub.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcbolojw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmaxt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winvc05.sys (Rootkit.Agent) -> Delete on reboot.
C:\beX.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\dhxbxshe.exe (Backdoor.Frauder) -> Quarantined and deleted successfully.
C:\qvwi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\shvmjqoq.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\uspud.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-436374069-1364589140-1801674531-1003\Dc3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\13.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\14.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\16.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\17.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\18.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\19.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1B.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1E.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1F.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tsjmcmbq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\uktkwbyp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\whshpbxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\vknkbatr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\vwtskrrl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\w32NOFJCyliz5mm5R.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\20.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\50.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\7.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\A.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\B.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\F.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\nlarqlpp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\phrxdswg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\8.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\9.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wmwhoinh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F1A11735.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F1B121D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F1D452.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F1DD2F2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F25C01.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F2DCC9.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\skovhcvn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F6AED0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F6C278.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F72400.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F149D5.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F30418.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F44514.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\poargciw.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\qjmqxunc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\qragvkli.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\qthkeiyd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\qxbwkmer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FE43C19.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FEAC87E.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FEC4E24.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FF46F3.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\5B.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\6.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F34BC0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F352B5.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F35BF85.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F37E0B.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F427E7.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tkksjbkp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\xgvaijsh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\xlpxaduv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\xmebeova.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\xrfqhepi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\xwfwsuos.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yrywryej.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yxyqtjex.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yyemkxuw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\C.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\gvtnyghd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F450FB.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F4853A.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F4E4923.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F4F3E2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F55EA2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F5BAAC.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\22.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\23.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\24.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\27.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\2D.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\2F.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\3.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\338.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F84A46B.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F880D1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00F99D3E.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FBC945.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\_A00FBCB97.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\rs.dat (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 05 - 02_02_31 PM_200.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 05 - 04_02_41 PM_513.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 05 - 05_26_15 PM_342.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 05 - 07_37_19 PM_046.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 05 - 07_43_56 PM_889.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 05 - 11_21_31 AM_651.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 09 - 02_13_41 PM_061.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 09 - 05_13_24 PM_357.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 10 - 03_11_45 PM_015.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 10 - 09_07_09 AM_686.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 10 - 09_48_56 AM_983.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 10 - 10_23_04 AM_076.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 10 - 11_16_38 AM_545.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Log\2009 Feb 10 - 12_35_53 PM_514.log (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\MalwareBot\Settings\ScanResults.pie (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job (Rogue.MalwareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\uciqamalanunevif.dll (Trojan.Agent) -> Delete on reboot.
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-8-30-100002726-100015695-100032054-4230.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-6-6-79-100023757-100003572-100027689-8619.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ktpcd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009CFE2.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c002411A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002ADA4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0076D4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00867BF.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A97DB.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D9C03.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00E3787.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00F9F10.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnkLcAr.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMCrpOF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtUlMe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmMEwt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnopNGY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlkLdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYPJab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUoOfGx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\baloon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfrog.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\TDSS73d3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-1858406.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-1866609.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-3733953.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-3768312.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
-
Logfile of HijackThis v1.99.1
Scan saved at 9:12:58 AM, on 11/02/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\baloon.exe
C:\WINDOWS\System32\rundll32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winlognn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\WINDOWS\sysguard.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\office.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adserving.cpxinteractive.com/iframe...a4-000b6aa2a5f8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [1331176861] "C:\Documents and Settings\All Users\Application Data\1447988137\1331176861.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\System32\baloon.exe] C:\WINDOWS\System32\baloon.exe
O4 - HKLM\..\Run: [Rhoyezudana] rundll32.exe "C:\WINDOWS\Szinoceqozuzeqij.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [Gyoyaveca] rundll32.exe "C:\WINDOWS\uciqamalanunevif.dll",e
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00F2EE4C2.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F2EE4C2.exe
O4 - HKCU\..\Run: [A00F530BC.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F530BC.exe
O4 - HKCU\..\Run: [A00F3803D8.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F3803D8.exe
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [A00F978B69.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F978B69.exe
O4 - HKCU\..\Run: [A00F5F98A.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F5F98A.exe
O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [A00FBD9DF.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FBD9DF.exe
O4 - HKCU\..\Run: [A00F31CA1.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F31CA1.exe
O4 - HKCU\..\Run: [A00FA2C2F.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FA2C2F.exe
O4 - HKCU\..\Run: [A00FAAE31.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FAAE31.exe
O4 - HKCU\..\Run: [A00F2F17A.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F2F17A.exe
O4 - HKCU\..\Run: [A00F67438.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F67438.exe
O4 - HKCU\..\Run: [A00FF0B9F.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FF0B9F.exe
O4 - HKCU\..\Run: [A00F3AEDF.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F3AEDF.exe
O4 - HKCU\..\Run: [A00F31BA7.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F31BA7.exe
O4 - HKCU\..\Run: [A00F41F8A.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F41F8A.exe
O4 - HKCU\..\Run: [A00F2F67B.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F2F67B.exe
O4 - HKCU\..\Run: [A00F3ECC2.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F3ECC2.exe
O4 - HKCU\..\Run: [A00F2FCB5.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F2FCB5.exe
O4 - HKCU\..\Run: [A00F643F1.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F643F1.exe
O4 - HKCU\..\Run: [A00F3DBEA.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F3DBEA.exe
O4 - HKCU\..\Run: [A00F2FE9A.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F2FE9A.exe
O4 - HKCU\..\Run: [A00F5316C0.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F5316C0.exe
O4 - HKCU\..\Run: [A00F5425CF.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F5425CF.exe
O4 - HKCU\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKCU\..\Run: [A00FE2A77.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FE2A77.exe
O4 - HKCU\..\Run: [A00F1B2344.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F1B2344.exe
O4 - HKCU\..\Run: [A00F41672.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F41672.exe
O4 - HKCU\..\Run: [A00F49140.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F49140.exe
O4 - HKCU\..\Run: [A00F5579D.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F5579D.exe
O4 - HKCU\..\Run: [A00F142019.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F142019.exe
O4 - HKCU\..\Run: [A00F151F3A.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F151F3A.exe
O4 - HKCU\..\Run: [A00F50779.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F50779.exe
O4 - HKCU\..\Run: [A00F133617.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F133617.exe
O4 - HKCU\..\Run: [A00F180366.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F180366.exe
O4 - HKCU\..\Run: [A00F18E4CD.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F18E4CD.exe
O4 - HKCU\..\Run: [A00F49BD03.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F49BD03.exe
O4 - HKCU\..\Run: [A00F8C0A9.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F8C0A9.exe
O4 - HKCU\..\Run: [A00FDDE79.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FDDE79.exe
O4 - HKCU\..\Run: [A00F4BB6D.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F4BB6D.exe
O4 - HKCU\..\Run: [sysguard] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [A00FFAA12.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FFAA12.exe
O4 - HKCU\..\Run: [A00F5114D.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F5114D.exe
O4 - HKCU\..\Run: [A00FFFE1D.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00FFFE1D.exe
O4 - HKCU\..\Run: [A00F1849C6.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F1849C6.exe
O4 - HKCU\..\Run: [A00F7D30D.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F7D30D.exe
O4 - HKCU\..\Run: [A00F50854.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F50854.exe
O4 - HKCU\..\Run: [A00F80EAE.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\_A00F80EAE.exe
O4 - Global Startup: office.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{256BB56E-10EE-4BEB-AA15-49F444D132BD}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7EB3819-3812-4E2C-91CF-A606F639C246}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{256BB56E-10EE-4BEB-AA15-49F444D132BD}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{256BB56E-10EE-4BEB-AA15-49F444D132BD}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpnlobby32.dll,C:\WINDOWS\System32\dpnlobby32.dll sdfqxl.dll cnpvkf.dll xhedsz.dll zdnvjq.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
White Screen Blocking Center Of Screen, Swp2009
in Malware Removal
Posted
I've downloaded XP service pack 2, waiting on you!