Malware...Please Help Again!
Hi Sorry I timed out. I was out on holiday. Thanks again so much for your help!!!
Here is the last postings you requested:
ComboFix 09-08-10.06 - Jeff Richardson 08/13/2009 14:01.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.621 [GMT -4:00]
Running from: c:\documents and settings\Jeff Richardson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff Richardson\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ssqcmpb
c:\program files\ssqcmpb\AdmApp.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-12 17:15 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 15:52 . 2009-07-30 16:47 -------- d-----w- c:\program files\WebEx
2009-07-27 21:34 . 2009-07-27 21:34 -------- d-----w- c:\program files\iPod
2009-07-27 21:33 . 2009-07-27 21:34 -------- d-----w- c:\program files\iTunes
2009-07-27 21:26 . 2009-07-27 21:26 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-17 00:57 . 2009-07-17 00:57 -------- d-----w- c:\program files\Microsoft
2009-07-17 00:55 . 2009-07-17 00:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 00:53 . 2009-07-17 00:53 152576 ----a-w- c:\documents and settings\Jeff Richardson\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 17:58 . 2005-12-13 00:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-13 17:51 . 2006-06-10 12:44 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\Netscape
2009-08-13 17:47 . 2005-12-13 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-13 17:37 . 2005-12-06 00:23 -------- d-----w- c:\program files\Java
2009-08-13 17:36 . 2005-12-13 00:17 -------- d-----w- c:\program files\Sony Pictures Games
2009-08-13 15:10 . 2007-01-16 17:06 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\Skype
2009-08-13 15:08 . 2009-01-16 14:23 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\skypePM
2009-08-05 09:01 . 2005-12-05 20:19 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 21:34 . 2009-06-25 17:02 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 19:01 . 2005-12-05 20:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2005-12-05 20:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2005-12-05 20:19 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-12-05 20:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-12-05 20:18 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 19:21 . 2009-06-27 19:21 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\CopyTrans
2009-06-27 19:19 . 2009-06-27 19:19 -------- d-----w- c:\program files\WindSolutions
2009-06-27 19:18 . 2009-06-27 19:18 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\WindSolutions
2009-06-27 19:18 . 2009-06-27 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-06-25 17:56 . 2007-06-11 01:10 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\Apple Computer
2009-06-25 17:09 . 2009-06-25 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-25 17:06 . 2009-06-25 17:06 -------- d-----w- c:\program files\Bonjour
2009-06-25 17:06 . 2007-06-11 01:08 -------- d-----w- c:\program files\QuickTime
2009-06-25 17:03 . 2007-06-11 01:06 -------- d-----w- c:\program files\Apple Software Update
2009-06-25 17:03 . 2008-02-20 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-16 14:36 . 2005-12-05 20:19 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-12-05 20:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2005-12-05 20:19 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2005-12-05 20:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2005-12-05 21:32 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-09-23 14:52 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 15:42 . 2009-06-25 17:03 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-25 17:03 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:09 . 2005-12-05 20:19 1291264 ------w- c:\windows\system32\quartz.dll
2009-05-28 19:17 . 2009-05-28 19:17 38208 ----a-w- c:\documents and settings\Jeff Richardson\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-08-04_02.40.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 12:35 . 2009-08-13 12:35 16384 c:\windows\Temp\Perflib_Perfdata_214.dat
+ 2006-05-08 13:18 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
- 2006-05-08 13:18 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-08-13 17:48 . 2009-08-13 17:48 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2005-12-13 00:04 . 2009-08-13 12:28 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-12-13 00:04 . 2009-08-13 12:28 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-12-13 00:04 . 2009-08-13 12:28 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-12-13 00:04 . 2009-08-13 12:28 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-12-13 00:04 . 2009-08-13 12:28 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2005-12-05 13:25 . 2009-08-10 17:23 183424 c:\windows\system32\FNTCACHE.DAT
- 2005-12-05 13:25 . 2009-06-11 13:14 183424 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 03:43 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2005-12-13 00:04 . 2009-08-13 12:28 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-12-13 00:04 . 2009-08-13 12:28 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-12-13 00:04 . 2009-08-13 12:28 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-12-13 00:04 . 2009-08-13 12:28 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-12-13 00:04 . 2009-08-13 12:28 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-12-13 00:04 . 2009-07-17 01:19 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2003-07-15 11:18 . 2003-07-15 11:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-06-11 20:26 . 2009-06-11 20:26 6653952 c:\windows\Installer\c7ce6a3.msp
+ 2009-08-06 12:15 . 2009-08-06 12:15 1697792 c:\windows\Installer\c7ce6a2.msp
+ 2009-08-05 06:11 . 2009-08-05 06:11 5518848 c:\windows\Installer\52f124e.msp
+ 2009-07-01 17:21 . 2009-07-01 17:21 8891904 c:\windows\Installer\52f123b.msp
+ 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2005-12-05 20:19 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2006-06-01 14:37 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-01 17:19 . 2009-07-01 17:19 10607104 c:\windows\Installer\52f123c.msp
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-12-20 24262440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-17 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-09 14743552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Palo Alto Software Update Manager 9.0.lnk - c:\windows\Installer\{6B2D979E-216D-43A4-BAE2-71A185922CA1}\NewShortcut1.BDD3527A_D6D6_4DD6_AEAD_6B5236DA8F67.exe [2007-3-7 45056]
Service Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2006-5-8 110592]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/16/2007 1:45 PM 106808]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/5/2005 7:54 PM 28800]
S3 MSHUSBVideo;NX6000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [8/23/2006 8:33 PM 23552]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-08-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?36dc603e2f7f4730835acc9fc3028b36
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?36dc603e2f7f4730835acc9fc3028b36
Trusted Zone: apple.com\swdlp
Trusted Zone: wachovia.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 14:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-08-13 14:13
ComboFix-quarantined-files.txt 2009-08-13 18:12
ComboFix2.txt 2009-08-04 02:43
ComboFix3.txt 2008-10-14 17:46
Pre-Run: 56,587,063,296 bytes free
Post-Run: 56,920,436,736 bytes free
195 --- E O F --- 2009-08-13 12:28
And here is the next one::
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 13, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 13, 2009 20:49:52
Records in database: 2621911
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 61667
Threats found: 13
Infected objects found: 24
Suspicious objects found: 1
Scan duration: 04:10:18
File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\jozktcjs\hmfynkzk.exe.bak Infected: Trojan.Win32.Obfuscated.gx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E690C36.wmf Suspicious: Exploit.Win32.IMG-WMF 1
C:\Documents and Settings\Jeff Richardson\Application Data\Sun\Java\Deployment\cache\6.0\27\24172a9b-3b0b5520 Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Jeff Richardson\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-42a9c088 Infected: Trojan.Java.ClassLoader.as 3
C:\Documents and Settings\Jeff Richardson\Application Data\Sun\Java\Deployment\cache\6.0\47\66286ef-22b20cb1 Infected: Trojan-Downloader.Java.OpenConnection.ar 1
C:\Documents and Settings\Jeff Richardson\Application Data\Sun\Java\Deployment\cache\6.0\50\1c7c3df2-1c3e1ce9 Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\found.000\file0000.chk Infected: Exploit.Win32.Pidief.gx 1
C:\Qoobox\Quarantine\C\0xf9.exe.vir Infected: Trojan-Downloader.Win32.VB.hww 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Adviser\msavsc.exe.vir Infected: Trojan.Win32.Agent.aedv 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Adviser\msctrl.exe.vir Infected: Trojan.Win32.Agent.aedv 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Adviser\msfw.exe.vir Infected: Trojan.Win32.Agent.aedv 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Adviser\msiemon.exe.vir Infected: Trojan.Win32.Agent.aedv 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Adviser\mssadv.exe.vir Infected: Trojan-Clicker.Win32.VB.cgv 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Adviser\mssadv_sp.exe.vir Infected: Trojan-Downloader.Win32.Small.adud 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Adviser\msscan.exe.vir Infected: Trojan.Win32.Agent.aedv 1
C:\Qoobox\Quarantine\C\Program Files\ssqcmpb\AdmApp.dll.vir Infected: Trojan.Win32.Obfuscated.gx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pphcea4j0etca.exe.vir Infected: not-a-virus:FraudTool.Win32.XPAntivirus.qj 1
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\$NtServicePackUninstall$\lsass.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\$NtServicePackUninstall$\services.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe Infected: Trojan.Win32.Patched.aa 1
Selected area has been scanned.
THANKS!
