Wow. I don't know what happened. I had these in two different tabs so maybe the logs got cut off.
Sorry!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:57 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\XLegion.exe
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.mhhs.org
O15 - Trusted Zone:
www.newphysicianlink.org
O15 - ESC Trusted Zone:
http://*.update.microsoft.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 4086 bytes
----------------------------------------------------------------
ComboFix 08-07-17.4 - feng 2008-07-18 15:18:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.273 [GMT -5:00]
Running from: C:\Documents and Settings\feng\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\feng\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp
C:\WINDOWS\system32\lqcgfrcg.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\BM73b1e5c7.xml
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp
C:\WINDOWS\system32\lqcgfrcg.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.
2008-07-12 21:06 . 2008-07-12 21:06 167,976 --a--c--- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-07-12 19:01 . 2008-07-12 19:01 <DIR> d----c--- C:\Program Files\microsoft frontpage
2008-07-11 09:31 . 2008-07-11 09:31 81,408 -----c--- C:\WINDOWS\system32\~.exe
2008-07-09 22:21 . 2008-07-09 22:21 139,264 --a--c--- C:\WINDOWS\War3Unin.exe
2008-07-09 22:21 . 2008-07-10 20:23 23,454 --a--c--- C:\WINDOWS\War3Unin.dat
2008-07-09 22:21 . 2008-07-09 22:21 2,829 --a--c--- C:\WINDOWS\War3Unin.pif
2008-07-09 18:44 . 2008-07-09 22:15 <DIR> d----c--- C:\Program Files\Magic Workstation
2008-07-09 08:53 . 2008-07-09 08:53 <DIR> d----c--- C:\Documents and Settings\Michael\Application Data\Canon
2008-07-07 22:21 . 2008-07-07 22:21 <DIR> d--hsc--- C:\WINDOWS\YWRtaW4
2008-07-04 23:47 . 2008-07-04 23:47 <DIR> d----c--- C:\Nexon
2008-07-04 19:14 . 2008-07-10 21:05 <DIR> d----c--- C:\Program Files\Warcraft III
2008-06-19 07:57 . 2008-06-19 07:57 <DIR> d----c--- C:\Documents and Settings\Michael\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 04:22 --------- dc----w C:\Program Files\Java
2008-07-09 13:48 --------- dc----w C:\Program Files\Common Files\Adobe
2008-07-07 17:48 --------- dc----w C:\Documents and Settings\feng\Application Data\Canon
2008-07-02 22:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-01 19:47 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-06-18 02:08 --------- dc----w C:\Program Files\Yahoo!
2008-06-18 02:07 --------- dc----w C:\Documents and Settings\feng\Application Data\My Games
2008-06-18 02:05 --------- dc----w C:\Program Files\Google
2008-06-18 01:59 --------- dc----w C:\Program Files\Common Files\AOL
2008-06-18 01:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-13 13:10 272,128 -c----w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 03:04 --------- dc----w C:\Documents and Settings\feng\Application Data\mIRC
2008-05-27 22:09 --------- dc----w C:\Documents and Settings\feng\Application Data\InstallShield
2008-05-07 05:18 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2006-11-13 03:22 1,467,532 -csha-w C:\WINDOWS\Fonts\evwaglo.bak1
2006-11-12 02:21 1,468,514 -csha-w C:\WINDOWS\Fonts\evwaglo.bak2
2005-08-02 21:46 187,904 -csha-r C:\WINDOWS\YWRtaW4\asappsrv.dll
2005-08-02 21:58 373,248 -csha-r C:\WINDOWS\YWRtaW4\command.exe
2005-07-29 21:24 472 -csha-r C:\WINDOWS\YWRtaW4\sqlQuqb.vbs
.
------- Sigcheck -------
2007-06-13 05:23 1043968 4860d4698c7c5445719e9f57b2202bb1 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1043968 0e843a8a558841a52ba842d1117a7236 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 07:00 1042944 094349c4f7cb60a2b7b45df2056f7bce C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 1076736 2360e182877f97c0ce0232861f1c623b C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 07:00 26112 1ae736278d000c0f3e71925676e88576 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 07:00 26112 c3a0fcca05694621a1f87fa601f276c5 C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-10 19:17 101376 7776607dfcd955fb9fe8cb091f0989ae C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 07:00 101376 1f2353c458bbb36774e4d924cf318fa6 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-10 18:53 68608 b7856078b278dd7b21dce677c0fb7693 C:\WINDOWS\system32\spoolsv.exe
2005-06-10 18:53 68608 2d4b5a2bbb382baf9e4235698ac17ca8 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-18_12.22.29.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-06-11 00:17:13 57,856 -c--a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2005-06-11 00:17:13 101,376 -c--a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
- 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2007-06-13 11:26:03 1,043,968 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
- 2004-08-04 12:00:00 57,856 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
+ 2004-08-04 12:00:00 101,376 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
- 2004-08-04 12:00:00 1,032,192 -c----w C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
+ 2004-08-04 12:00:00 1,042,944 -c----w C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
- 2005-10-21 01:02:28 163,328 -c--a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 01:02:28 177,664 -c--a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 13:00:00 89,504 -c--a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 13:00:00 101,792 -c--a-w C:\WINDOWS\fdsv.exe
- 2000-08-31 13:00:00 80,412 -c--a-w C:\WINDOWS\grep.exe
+ 2000-08-31 13:00:00 91,164 -c--a-w C:\WINDOWS\grep.exe
- 2000-08-31 13:00:00 41,472 -c--a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 -c--a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 13:00:00 98,816 -c--a-w C:\WINDOWS\sed.exe
+ 2000-08-31 13:00:00 109,568 -c--a-w C:\WINDOWS\sed.exe
- 2000-08-31 13:00:00 136,704 -c--a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 13:00:00 148,480 -c--a-w C:\WINDOWS\swsc.exe
- 2000-08-31 13:00:00 212,480 -c--a-w C:\WINDOWS\swxcacls.exe
+ 2000-08-31 13:00:00 223,232 -c--a-w C:\WINDOWS\swxcacls.exe
- 2008-07-18 17:18:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-18 20:14:52 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-18 17:18:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-18 20:14:52 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-18 17:18:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-18 20:14:52 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2000-08-31 13:00:00 68,096 -c--a-w C:\WINDOWS\zip.exe
+ 2000-08-31 13:00:00 78,848 -c--a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 26112]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3817472]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 07:00 221240]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 07:00 498688]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 07:00 498688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-22 19:44 192557]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 167936]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-12 02:09 1908224]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 05:15 251376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 26112]
"SfKg6wIP"="C:\Documents and Settings\feng\Application Data\Microsoft\Windows\ewwkfr.exe" [2008-07-07 22:17 146944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Magic Workstation\\MWSPlay.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
R1 hidclasss;hidclasss;C:\WINDOWS\system32\drivers\hidclasss.sys [2008-04-08 23:19]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d851317-5cf1-11dc-a4b9-000d875455f7}]
\Shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9441085-25a8-11db-a452-000d875455f7}]
\Shell\AutoRun\command - F:\setupSNK.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-18 15:19:51
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-18 15:20:47
ComboFix-quarantined-files.txt 2008-07-18 20:20:34
ComboFix2.txt 2008-07-18 17:23:02
Pre-Run: 17,541,668,864 bytes free
Post-Run: 17,523,662,848 bytes free
175 --- E O F --- 2008-06-20 05:51:12
---------------------------------------
Malwarebytes' Anti-Malware 1.20
Database version: 930
Windows 5.1.2600 Service Pack 2
4:20:51 PM 7/18/2008
mbam-log-7-18-2008 (16-20-51).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102170
Time elapsed: 20 minute(s), 25 second(s)
Memory Processes Infected: 5
Memory Modules Infected: 3
Registry Keys Infected: 19
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 52
Memory Processes Infected:
C:\Program Files\Sakora\Sakora.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\feng\Application Data\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Unloaded process successfully.
C:\Documents and Settings\feng\Application Data\F¦Ïnts\mmc.exe (Adware.ClickSpring) -> Unloaded process successfully.
C:\Program Files\Common Files\riff\riffm.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Common Files\riff\riffa.exe (Trojan.Downloader) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\Common Files\riff\riffd\riffc.dll (Adware.TargetServer) -> Unloaded module successfully.
C:\Program Files\Webtools\webtools.dll (Adware.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\rfqjkjq.dll (Adware.ClickSpring) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab6ebc3e-2288-292b-fe39-7ca2e0ec42b3} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab6ebc3e-2288-292b-fe39-7ca2e0ec42b3} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sakora (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\speedrunner (Adware.SpeedRunner) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\riff (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.DownLoader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mjc (Adware.MJC) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ExTmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IDE2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pinz1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio01 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Sakora (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\mjc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\feng\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Sakora\Sakora.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\feng\Application Data\SpeedRunner\SpeedRunner.exe (Adware.SpeedRunner) -> Quarantined and deleted successfully.
C:\Documents and Settings\feng\Application Data\F¦Ïnts\mmc.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\riff\riffm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\riff\riffa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\riff\riffd\riffc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\rfqjkjq.dll (Adware.ClickSpring) -> Delete on reboot.
C:\WINDOWS\system32\drivers\hidclasss.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\mrofinu1001186.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\mjc\mjc.exe (Adware.MJC) -> Quarantined and deleted successfully.
C:\Documents and Settings\feng\Application Data\SpeedRunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\feng\Local Settings\Temporary Internet Files\Content.IE5\OXHV1Z8U\sruninstaller.prod.v12000.11jan2008.exe[1].1ac39aea6b22cdb4e6ed0c75f1d83467 (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\feng\Local Settings\Temporary Internet Files\Content.IE5\PTD37TNJ\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\riff\riffl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\riff\riffp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\feng\Application Data\SpeedRunner\SRUninstall.exe.vir (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Common Files\riff\riffp.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Common Files\riff\riffd\riffc.dll.vir (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2FC368-8553-4082-B359-97F32659A678}\RP2\A0000007.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2FC368-8553-4082-B359-97F32659A678}\RP2\A0000035.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2FC368-8553-4082-B359-97F32659A678}\RP2\A0000042.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2FC368-8553-4082-B359-97F32659A678}\RP2\A0000043.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2FC368-8553-4082-B359-97F32659A678}\RP3\A0000439.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2FC368-8553-4082-B359-97F32659A678}\RP3\A0000440.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CE2FC368-8553-4082-B359-97F32659A678}\RP3\A0000441.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1001186.exe.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\VRR2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\VRR5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\YWRtaW4\asappsrv.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Documents and Settings\feng\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.