This the Combofix log:
ComboFix 09-02-25.02 - test 2009-02-25 14:30:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1530 [GMT -8:00]
Running from: c:\documents and settings\test\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\test\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Norton Internet Security 2006 *disabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
FILE ::
c:\windows\Gyahapoyowu.dll
c:\windows\system32\bgl.exe
c:\windows\system32\clickfile.exe
c:\windows\system32\ddcBRJcd.dll
c:\windows\system32\lupwfbay.dll
c:\windows\system32\mvgaxhbg.dll
c:\windows\system32\noyywdjm.dll
c:\windows\system32\pcload.exe
c:\windows\system32\puxfgm.dll
c:\windows\system32\rxrynvtk.dll
c:\windows\system32\ssqNhGAR.dll
c:\windows\system32\tuvUoOHb.dll
c:\windows\system32\xrtknx.dll
c:\windows\Tasks\vkgkkjvx.job
c:\windows\temp\ntdll64.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Gyahapoyowu.dll
c:\windows\system32\bgl.exe
c:\windows\system32\clickfile.exe
c:\windows\system32\ddcBRJcd.dll
c:\windows\system32\lupwfbay.dll
c:\windows\system32\mvgaxhbg.dll
c:\windows\system32\noyywdjm.dll
c:\windows\system32\pcload.exe
c:\windows\system32\puxfgm.dll
c:\windows\system32\rxrynvtk.dll
c:\windows\system32\ssqNhGAR.dll
c:\windows\system32\tuvUoOHb.dll
c:\windows\system32\xrtknx.dll
c:\windows\Tasks\vkgkkjvx.job
c:\windows\temp\ntdll64.dll
c:\windows\system32\userinit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.
2009-02-25 14:28 . 2009-02-25 14:28 131,584 --a------ c:\windows\uziyitegigusobo.dll
2009-02-14 00:28 . 2009-02-14 00:28 <DIR> d-------- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 22:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-19 06:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-18 05:18 --------- d-----w c:\documents and settings\test\Application Data\U3
2009-01-13 07:18 --------- d-----w c:\program files\Norton Internet Security
2009-01-13 07:16 --------- d-----w c:\program files\Symantec
2009-01-04 04:50 --------- d-----w c:\program files\Total War
2009-01-04 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-01-04 02:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 02:04 --------- d-----w c:\program files\The Creative Assembly
2009-01-04 01:29 --------- d-----w c:\documents and settings\test\Application Data\Symantec
.
------- Sigcheck -------
2008-04-13 16:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2009-01-12 10:36 111616 be9f5da369dddc22224c053bbb27c64e c:\windows\system32\userinit.exe
2009-01-12 10:36 111616 be9f5da369dddc22224c053bbb27c64e c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-24_22.48.29.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\Driver Cache\ERDNT\Hiv-backup\ERDNT.EXE
+ 2009-02-25 06:45:44 229,376 ----a-w c:\windows\Driver Cache\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2009-02-25 06:45:44 8,192 ----a-w c:\windows\Driver Cache\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2009-02-25 06:45:44 233,472 ----a-w c:\windows\Driver Cache\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2009-02-25 06:45:44 8,192 ----a-w c:\windows\Driver Cache\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2009-02-25 06:45:44 5,058,560 ----a-w c:\windows\Driver Cache\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2009-02-25 06:45:44 196,608 ----a-w c:\windows\Driver Cache\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\Driver Cache\ERDNT\subs\ERDNT.EXE
- 2007-10-26 03:34:01 8,460,288 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\system32\dllcache\shell32.dll
- 2008-08-28 10:04:17 333,056 ------w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 ------w c:\windows\system32\dllcache\srv.sys
- 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\system32\shell32.dll
+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-05-27 36864]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-19 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-19 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2005-09-30 120464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"Vsabuh"="c:\windows\uziyitegigusobo.dll" [2009-02-25 131584]
"nwiz"="nwiz.exe" [2006-07-19 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]
c:\documents and settings\test\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-11-15 876544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Documents and Settings\\test\\Application Data\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"c:\\Documents and Settings\\test\\Application Data\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\test\\Application Data\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Documents and Settings\\test\\Application Data\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\MathCast089\\MathCast.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Launch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c89ae57-f157-11dc-8c1f-0016368f638e}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-14 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - test.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 12:13]
2009-02-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 13:21]
2008-05-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 13:21]
2009-01-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mikehuckabee.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\test\Application Data\Mozilla\Firefox\Profiles\cnqfkrp8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mikehuckabee.com/
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 14:36:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Y??????`?@?????L?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2064064411-1448673430-2148616383-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1c,cf,ca,88,a2,21,a5,47,a1,24,31,68,8c,8b,4f,e1,8d,b2,43,97,27,7a,2f,
4c,2e,ce,f1,a9,45,b0,e9,dd,8a,40,86,8f,c7,7c,44,15,30,32,87,de,be,cf,83,49,\
"??"=hex:99,ef,1e,ed,96,c8,5f,07,f5,e5,97,eb,e4,8e,85,b0
[HKEY_USERS\S-1-5-21-2064064411-1448673430-2148616383-1005\Software\SecuROM\License information*]
"datasecu"=hex:e3,40,a9,f6,02,9a,23,2b,58,bc,77,93,f9,34,88,79,c2,32,d0,0b,53,
38,cf,eb,0c,8f,c7,4e,d7,5c,7a,55,65,50,d7,0c,0c,69,83,b5,7c,4c,d3,77,ce,8f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\msdtc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\mqsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Messenger\msmsgs.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2009-02-25 14:40:31 - machine was rebooted [test]
ComboFix-quarantined-files.txt 2009-02-25 22:40:27
ComboFix2.txt 2009-02-25 06:49:53
Pre-Run: 10,166,566,912 bytes free
Post-Run: 10,154,848,256 bytes free
247 --- E O F --- 2009-02-25 21:48:12
This is the log from the online scanner:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 25, 2009 23:39:34
Records in database: 1844985
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 137971
Threat name: 48
Infected objects: 80
Suspicious objects: 0
Duration of the scan: 02:14:58
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\DOCUME~1\test\LOCALS~1\Temp\ntdll64.dll.vir Infected: Exploit.Win32.IMG-WMF.na 1
C:\Qoobox\Quarantine\C\WINDOWS\Gyahapoyowu.dll.vir Infected: Trojan-Downloader.Win32.Agent.bdlh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\998.exe.vir Infected: Trojan-Downloader.Win32.Murlo.abj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\abuaot.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jbf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\agiwuytv.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jyu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ajnergsj.dll.vir Infected: Trojan.Win32.Monder.bfmc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\aoyvabrd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jvb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\autedsac.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jpm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ayrtlhwa.dll.vir Infected: Trojan.Win32.Monder.awbk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bbcefr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jpm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bgl.exe.vir Infected: Backdoor.Win32.Frauder.aie 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bpoomsky.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iaw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\chert5-998.exe.vir Infected: Trojan-Downloader.Win32.Agent.bdlh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\cifpil.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jyu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\cjbmvywi.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jwe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\clickfile.exe.vir Infected: Trojan-Downloader.Win32.Boltolog.cd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dcxwyl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hdl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcBRJcd.dll.vir Infected: Trojan.Win32.Monderb.ailg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\djahwogn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gll 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dlpyfn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jlr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dobnvrbn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iye 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekawqjmexea.sys.vir Infected: Rootkit.Win32.Agent.gjw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dyagen.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iaw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ekeiep.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jmp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eqlveh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jwe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\etunpypl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jlr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eufpqavs.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jmp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\frmwrk32.exe.vir Infected: Trojan-Downloader.Win32.Murlo.abj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasjvcat.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jrv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gtcwjlnx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ivk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gwkvapxv.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hat 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\haxguo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hwc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hkpwsqek.dll.vir Infected: Trojan.Win32.Monder.aumg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hssdlqwn.dll.vir Infected: Trojan.Win32.Monder.bbhp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\htaywhea.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iaw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\itjiljxh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hdl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kqhmxvjh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jbf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\log.exe.vir Infected: Trojan.Win32.Agent.bktp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lrkejqsq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jiu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lupwfbay.dll.vir Infected: Trojan.Win32.Monder.agtu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\muevbqcg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.juu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mvgaxhbg.dll.vir Infected: Trojan.Win32.Monder.amky 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mvhtncfd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hcb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mwfivoyp.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jyy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ndtury.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hcb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nhatngkv.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.glo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\noyywdjm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gbc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ocwqom.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gou 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oknpmnns.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gou 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\owjtpx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hat 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pbujiy.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iaw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pckedw.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jvb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pcload.exe.vir Infected: Trojan-Downloader.Win32.Agent.bcst 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pcwjau.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gll 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir Infected: Trojan.Win32.Agent.bcbh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\puxfgm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qhhrhn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ivk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qixrlama.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jsg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRJBtSk.dll.vir Infected: Trojan.Win32.Monderb.ahhp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rxrynvtk.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekakltugnqg.dll.vir Infected: Trojan.Win32.Small.brl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekalwyjlkcf.dll.vir Infected: Trojan.Win32.Agent.aykk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekapwunweei.dll.vir Infected: Trojan-Downloader.Win32.Agent.bdqo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqNhGAR.dll.vir Infected: Trojan.Win32.Pakes.mmg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqPiifG.dll.vir Infected: Trojan.Win32.Agent.bktp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tcbtew.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iye 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvUoOHb.dll.vir Infected: Trojan.Win32.Monderb.ailg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tzdpuq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jyy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ucqxmovf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.hwc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\uqgxlu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jsg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wclcqqhj.dll.vir Infected: Trojan.Win32.Monder.bfmc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xatuyq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jiu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xrdkko.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.juu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xrtknx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gbc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyxyyxu.dll.vir Infected: Trojan.Win32.Monder.ahbh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ygxjls.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jrv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yuisuqio.dll.vir Infected: Trojan.Win32.Monder.avus 1
C:\Qoobox\Quarantine\C\WINDOWS\temp\ntdll64.dll.vir Infected: Exploit.Win32.IMG-WMF.na 1
C:\WINDOWS\system32\dllcache\userinit.exe Infected: Trojan.Win32.Agent.bgwt 1
C:\WINDOWS\system32\userinit.exe Infected: Trojan.Win32.Agent.bgwt 1
The selected area was scanned.