PDA

View Full Version : Malware created me a new user account Iadmin



mrtrojanap7
2008-09-11, 09:16
Hello everybody, I am really grateful this forum is here to help its users fix their issues.

Weird things that have happened to my pc:

1. spybot exe file is gone, can't run it or even find the file.
2. a new user has been created for me
3. random advertisements that are audio only play on my lappy

I read the "BEFORE you POST" thread, and I will remove limewire from my pc. thanks everybody, here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:26 PM, on 9/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AFinding.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\macidwe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\noxtcyr.exe
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\WServing.exe
C:\WINDOWS\system32\wsldoekd.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\inf\svchoct.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\atsxyzd.sys
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\udxfytw.sys

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [minyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_080909a.dll tan16d
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll
O15 - Trusted Zone: http://www.trendsecure.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe
O23 - Service: afisicx Co. Ltd. (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Internet Service - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: noxtcyr Co. Ltd. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: roxtctm Manages messages (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINDOWS\system32\sobicyt.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe
O23 - Service: wsldoekd Manages messages (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe

--
End of file - 11900 bytes

mrtrojanap7
2008-09-11, 17:10
if this helps any here is the kapersky scan:

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 11, 2008 07:07:17
Records in database: 1211231
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 94860
Threat name 38
Infected objects 130
Suspicious objects 0
Duration of the scan 02:05:47

File name Threat name Threats count
C:\WINDOWS\system32\Proxy.dll/C:\WINDOWS\system32\Proxy.dll Infected: Trojan-Proxy.Win32.Agent.awk 7
svchost.exe\mmchost.dll/svchost.exe\mmchost.dll Infected: Trojan.Win32.Agent.yhk 2
C:\WINDOWS\system32\mmchost.dll/C:\WINDOWS\system32\mmchost.dll Infected: Trojan.Win32.Agent.yhk 23
C:\WINDOWS\System32\Proxy.dll/C:\WINDOWS\System32\Proxy.dll Infected: Trojan-Proxy.Win32.Agent.awk 1
svchost.exe\6to4ex.dll/svchost.exe\6to4ex.dll Infected: Trojan.Win32.Dialer.bue 1
c:\windows\system32\6to4ex.dll/c:\windows\system32\6to4ex.dll Infected: Trojan.Win32.Dialer.aqm 1
C:\WINDOWS\system32\AFinding.exe/C:\WINDOWS\system32\AFinding.exe Infected: Trojan.Win32.Agent.ymq 1
C:\WINDOWS\system32\afisicx.exe/C:\WINDOWS\system32\afisicx.exe Infected: Trojan.Win32.Agent.abgv 1
AppleMobileDeviceService.exe\mmchost.dll/AppleMobileDeviceService.exe\mmchost.dll Infected: Trojan.Win32.Agent.yhk 1
mDNSResponder.exe\mmchost.dll/mDNSResponder.exe\mmchost.dll Infected: Trojan.Win32.Agent.yhk 1
C:\WINDOWS\system32\mabidwe.exe/C:\WINDOWS\system32\mabidwe.exe Infected: Trojan.Win32.Agent.ackj 1
C:\WINDOWS\system32\macidwe.exe/C:\WINDOWS\system32\macidwe.exe Infected: Trojan.Win32.Agent.zqp 1
C:\WINDOWS\system32\Nobicyt.exe/C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan.Win32.Agent.yxr 1
noxtcyr.exe\noxtcyr.exe/noxtcyr.exe\noxtcyr.exe Infected: Trojan.Win32.Agent.abll 1
C:\WINDOWS\system32\noxtcyr.exe/C:\WINDOWS\system32\noxtcyr.exe Infected: Trojan.Win32.Agent.abgp 1
C:\WINDOWS\system32\noytcyr.exe/C:\WINDOWS\system32\noytcyr.exe Infected: Trojan.Win32.Agent.acvh 1
C:\WINDOWS\system32\perfs.exe/C:\WINDOWS\system32\perfs.exe Infected: Trojan.Win32.Agent.ymp 1
C:\WINDOWS\system32\routing.exe/C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.acgh 1
C:\WINDOWS\system32\roxtctm.exe/C:\WINDOWS\system32\roxtctm.exe Infected: Trojan.Win32.Agent.abdi 1
C:\WINDOWS\system32\roytctm.exe/C:\WINDOWS\system32\roytctm.exe Infected: Trojan.Win32.Agent.aclf 1
C:\WINDOWS\system32\sobicyt.exe/C:\WINDOWS\system32\sobicyt.exe Infected: Trojan.Win32.Agent.zbc 1
C:\WINDOWS\system32\soxpeca.exe/C:\WINDOWS\system32\soxpeca.exe Infected: Trojan.Win32.Agent.aclh 1
C:\WINDOWS\system32\tdxdowkc.exe/C:\WINDOWS\system32\tdxdowkc.exe Infected: Trojan.Win32.Agent.zmz 1
C:\WINDOWS\system32\tdydowkc.exe/C:\WINDOWS\system32\tdydowkc.exe Infected: Trojan.Win32.Agent.acid 1
C:\WINDOWS\system32\WServing.exe/C:\WINDOWS\system32\WServing.exe Infected: Trojan.Win32.Agent.ymp 1
wsldoekd.exe\wsldoekd.exe/wsldoekd.exe\wsldoekd.exe Infected: Trojan.Win32.Agent.abll 1
C:\WINDOWS\system32\wsldoekd.exe/C:\WINDOWS\system32\wsldoekd.exe Infected: Trojan.Win32.Agent.abgt 1
C:\WINDOWS\system32\zordisa.dll/C:\WINDOWS\system32\zordisa.dll Infected: Trojan-GameThief.Win32.OnLineGames.tdtr 23
C:\WINDOWS\wftadfi16_080909a.dll/C:\WINDOWS\wftadfi16_080909a.dll Infected: Trojan-Spy.Win32.Pophot.chx 1
C:\WINDOWS\dcbdcatys32_080909a.dll/C:\WINDOWS\dcbdcatys32_080909a.dll Infected: Trojan-Spy.Win32.Pophot.chy 1
C:\Documents and Settings\Sam\Local Settings\Temp\dwbins.exe Infected: Trojan-Downloader.Win32.Delf.gff 1
C:\Documents and Settings\Sam\Local Settings\Temp\mf.exe Infected: Trojan-GameThief.Win32.WOW.byh 1
C:\Documents and Settings\Sam\Local Settings\Temp\WowInitcode.dll Infected: Trojan-GameThief.Win32.WOW.byg 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\8DU3GLQ7\as[1].exe Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\8DU3GLQ7\mf[1].exe Infected: Trojan-GameThief.Win32.WOW.byh 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\8DU3GLQ7\rondll32[1].exe Infected: Trojan.Win32.Agent.yhk 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\8DU3GLQ7\server[1].exe Infected: Trojan.Win32.Dialer.aql 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\8DU3GLQ7\svchost1[1].exe Infected: Trojan-Downloader.Win32.Agent.afto 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\G1AR0PEF\sss[1].exe Infected: Trojan-GameThief.Win32.OnLineGames.snmv 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\G1AR0PEF\us[1].exe Infected: Trojan-Spy.Win32.Pophot.chw 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\G9M7C9MN\dwb[1].exe Infected: Trojan-Downloader.Win32.Delf.ncs 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\KHIBWXUN\2[1].exe Infected: Trojan-GameThief.Win32.OnLineGames.tdqb 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\KHIBWXUN\pp[1].av Infected: Backdoor.Win32.Agent.ppc 1
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\WPWBIPCB\as[1].exe Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\WINDOWS\dcbdcatys32_080909a.dll Infected: Trojan-Spy.Win32.Pophot.chy 1
C:\WINDOWS\system\sgcxcxxaspf080909.exe Infected: Trojan-Spy.Win32.Pophot.chw 1
C:\WINDOWS\system32\6to4ex.dll Infected: Trojan.Win32.Dialer.aqm 1
C:\WINDOWS\system32\AFinding.exe Infected: Trojan.Win32.Agent.ymq 1
C:\WINDOWS\system32\afisicx.exe Infected: Trojan.Win32.Agent.abgv 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ELABCPKR\as[1].exe Infected: Trojan-Proxy.Win32.Agent.awp 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ELABCPKR\pp[1].av Infected: Backdoor.Win32.Agent.ppc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SNI723M5\pp[1].av Infected: Backdoor.Win32.Agent.ppc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SNI723M5\pp[2].av Infected: Backdoor.Win32.Agent.ppc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SNI723M5\pp[3].av Infected: Backdoor.Win32.Agent.ppc 1
C:\WINDOWS\system32\edtxfst.sys Infected: Trojan-Clicker.Win32.VB.bov 1
C:\WINDOWS\system32\fduvfct.sys Infected: Trojan-Clicker.Win32.VB.bus 1
C:\WINDOWS\system32\inf\scsys16_080909.dll Infected: Trojan-Spy.Win32.Pophot.chx 1
C:\WINDOWS\system32\inf\sppdcrs080909.scr Infected: Trojan-Spy.Win32.Pophot.chw 1
C:\WINDOWS\system32\mabidwe.exe Infected: Trojan.Win32.Agent.ackj 1
C:\WINDOWS\system32\macidwe.exe Infected: Trojan.Win32.Agent.zqp 1
C:\WINDOWS\system32\mmchost.dll Infected: Trojan.Win32.Agent.yhk 1
C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan.Win32.Agent.yxr 1
C:\WINDOWS\system32\noxtcyr.exe Infected: Trojan.Win32.Agent.abgp 1
C:\WINDOWS\system32\noytcyr.exe Infected: Trojan.Win32.Agent.acvh 1
C:\WINDOWS\system32\oduxftw.sys Infected: Trojan-Clicker.Win32.VB.bvk 1
C:\WINDOWS\system32\perfs.exe Infected: Trojan.Win32.Agent.ymp 1
C:\WINDOWS\system32\Proxy.dll Infected: Trojan-Proxy.Win32.Agent.awk 1
C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.acgh 1
C:\WINDOWS\system32\roxtctm.exe Infected: Trojan.Win32.Agent.abdi 1
C:\WINDOWS\system32\roytctm.exe Infected: Trojan.Win32.Agent.aclf 1
C:\WINDOWS\system32\sobicyt.exe Infected: Trojan.Win32.Agent.zbc 1
C:\WINDOWS\system32\soxpeca.exe Infected: Trojan.Win32.Agent.aclh 1
C:\WINDOWS\system32\tdxdowkc.exe Infected: Trojan.Win32.Agent.zmz 1
C:\WINDOWS\system32\tdydowkc.exe Infected: Trojan.Win32.Agent.acid 1
C:\WINDOWS\system32\WServing.exe Infected: Trojan.Win32.Agent.ymp 1
C:\WINDOWS\system32\wsldoekd.exe Infected: Trojan.Win32.Agent.abgt 1
C:\WINDOWS\system32\zordisa.dll Infected: Trojan-GameThief.Win32.OnLineGames.tdtr 1
C:\WINDOWS\system32\_Proxy.dll Infected: Trojan-Proxy.Win32.Agent.awk 1
C:\WINDOWS\wftadfi16_080909a.dll Infected: Trojan-Spy.Win32.Pophot.chx 1
The selected area was scanned.