hellow, ive done all what you have told me. But still whenever I try to install anti-virus programs the installation process still stops before the process is completed. And here is the logfile.
combofix log:
____________________________________________________________________
ComboFix 09-04-16.02 - Erwin 04/16/2009 18:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.689 [GMT 8:00]
Running from: c:\documents and settings\Erwin\Desktop\scanme.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows.0\IE4 Error Log.txt
c:\windows.0\system\msddll.exe
c:\windows.0\system\smsc.exe
c:\windows.0\system\svhost.exe
c:\windows.0\system32\AutoRun.inf
c:\windows.0\system32\drivers\sysdrv32.sys
c:\windows.0\system32\logondll.dll
c:\windows.0\system32\lx.exe.exe
c:\windows.0\system32\sysmgr.exe
c:\windows.0\system32\x.exe
c:\windows.0\Temp\
02.exe
c:\windows.0\Temp\
05.exe
c:\windows.0\Temp\21.exe
c:\windows.0\Temp\35.exe
c:\windows.0\Temp\38.exe
c:\windows.0\Temp\52.exe
c:\windows.0\Temp\70.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Legacy_MSDDLL
-------\Legacy_SYSDRV32
-------\Service_asc3360pr
-------\Service_msddll
-------\Service_sysdrv32
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.
2009-04-15 12:34 . 2005-01-04 18:43 4682 ----a-w c:\windows.0\system32\npptNT2.sys
2009-04-15 12:34 . 2003-07-21 03:17 5174 ----a-w c:\windows.0\system32\nppt9x.vxd
2009-04-15 03:04 . 2009-04-15 03:04 42499 ----a-w c:\windows.0\system32\80.scr
2009-04-15 02:58 . 2009-04-15 02:58 42499 ----a-w c:\windows.0\system32\68.scr
2009-04-11 16:30 . 2009-04-11 16:30 16299862 ------w C:\Persi0.sys
2009-04-11 16:08 . 2009-04-11 16:08 47755 ----a-w c:\windows.0\system32\44.scr
2009-04-06 09:19 . 2009-04-11 16:07 47755 --sh--r c:\windows.0\system\netmon.exe
2009-04-06 09:08 . 2009-04-15 12:33 -------- d---a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2009-04-06 09:06 . 2009-04-06 09:06 2560 ----a-w c:\windows.0\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 16:30 . 2009-02-08 03:48 0 ----a-w C:\dfinstall.log
2009-04-11 16:11 . 2009-02-08 03:26 2048 --s-a-w c:\windows.0\bootstet.dat
2009-03-28 15:42 . 2009-02-07 19:28 -------- d-----w c:\program files\Common Files\Adobe
2009-03-11 05:54 . 2009-03-11 00:54 41987 --sh--r c:\windows.0\system\msile.exe
2009-03-11 05:50 . 2009-03-11 05:50 41987 ----a-w c:\windows.0\system32\42.scr
2009-03-11 05:35 . 2009-03-11 05:35 52736 --sh--r c:\windows.0\system\VMwareService.exe
2009-03-11 05:29 . 2009-03-11 05:29 119811 ----a-w c:\documents and settings\Erwin\12367493871920.exe
2009-02-27 15:30 . 2009-02-27 15:30 -------- d-----w c:\program files\Level Up
2009-02-27 15:29 . 2009-02-27 15:29 142830 ----a-w c:\documents and settings\Erwin\12357485401948.exe
2009-02-21 13:01 . 2009-02-21 13:01 134638 ----a-w c:\documents and settings\Erwin\12352212721940.exe
2009-02-21 12:24 . 2009-02-21 12:24 142830 ----a-w c:\documents and settings\Erwin\12352190501964.exe
2009-02-21 12:19 . 2009-02-08 03:47 15768 ----a-w c:\documents and settings\Erwin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 12:19 . 2009-02-21 12:15 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\FLEXnet
2009-02-21 12:14 . 2009-02-21 12:14 142830 ----a-w c:\documents and settings\Erwin\12352184851964.exe
2009-02-21 11:50 . 2009-02-21 11:50 167406 ----a-w c:\documents and settings\Erwin\12352170422024.exe
2009-02-20 13:55 . 2009-02-20 13:55 134638 ----a-w c:\documents and settings\Erwin\1235138140232.exe
2009-02-20 13:50 . 2009-02-20 13:50 142830 ----a-w c:\documents and settings\Erwin\1235137853272.exe
2009-02-20 13:30 . 2009-02-20 13:30 138734 ----a-w c:\documents and settings\Erwin\1235136650200.exe
2009-02-20 13:03 . 2009-02-20 13:03 102400 ----a-w c:\windows.0\system32\msvcrt2.dll
2009-02-20 13:01 . 2009-02-20 13:01 9728 --sh--r c:\windows.0\system32\msr.exe
2009-02-20 13:01 . 2009-02-20 13:01 9728 --sh--r c:\windows.0\system32\msr.exe
2009-02-08 16:36 . 2009-02-08 16:36 134646 ----a-w c:\documents and settings\Erwin Velasquez\12341109941944.exe
2009-02-08 04:36 . 2006-01-13 02:02 146 ----a-w C:\desktop.ini
2009-02-08 03:47 . 2009-02-08 03:41 137607 ----a-w c:\windows.0\HPHins15.dat
2009-02-08 03:39 . 2009-02-07 20:25 522 ----a-w C:\RHDSetup.log
2009-02-08 03:38 . 2009-02-08 03:38 315392 ----a-w c:\windows.0\HideWin.exe
2009-02-08 03:34 . 2009-02-08 03:24 86339 ----a-w c:\windows.0\pchealth\helpctr\OfflineCache\index.dat
2009-02-08 03:25 . 2009-02-08 03:25 107132 ----a-w c:\windows.0\UninstallFirefox.exe
2009-02-08 03:25 . 2009-02-08 03:25 2293 ----a-w c:\windows.0\mozver.dat
2009-02-08 03:21 . 2009-02-08 03:21 21640 ----a-w c:\windows.0\system32\emptyregdb.dat
2009-02-08 02:58 . 2009-02-08 02:58 134646 ----a-w c:\documents and settings\Erwin Velasquez\12340619082036.exe
2009-02-08 02:56 . 2009-02-08 02:56 138742 ----a-w c:\documents and settings\Erwin Velasquez\12340617672016.exe
2009-02-08 02:55 . 2009-02-08 02:55 138742 ----a-w c:\documents and settings\Erwin Velasquez\12340617061976.exe
2009-02-08 02:42 . 2009-02-08 02:42 138742 ----a-w c:\documents and settings\Erwin Velasquez\12340609532012.exe
2009-02-08 02:31 . 2009-02-08 02:31 208374 ----a-w c:\documents and settings\Erwin Velasquez\12340602772012.exe
2009-02-08 02:24 . 2009-02-08 02:24 138742 ----a-w c:\documents and settings\Erwin Velasquez\12340598512024.exe
2009-02-08 01:35 . 2009-02-08 01:35 134646 ----a-w c:\documents and settings\Erwin Velasquez\12340569042756.exe
2009-02-08 01:29 . 2009-02-08 01:29 142838 ----a-w c:\documents and settings\Erwin Velasquez\12340565831920.exe
2009-02-08 01:26 . 2009-02-08 01:26 208374 ----a-w c:\documents and settings\Erwin Velasquez\12340564071868.exe
2009-02-08 01:02 . 2009-02-08 01:02 212470 ----a-w c:\documents and settings\Erwin Velasquez\12340549691836.exe
2009-02-08 00:52 . 2009-02-08 00:52 134646 ----a-w c:\documents and settings\Erwin Velasquez\12340543421936.exe
2009-02-08 00:20 . 2009-02-08 00:20 224372 ----a-w c:\documents and settings\Erwin Velasquez\12340524161840.exe
2009-02-08 00:18 . 2009-02-08 00:18 228468 ----a-w c:\documents and settings\Erwin Velasquez\12340523391832.exe
2009-02-08 00:07 . 2009-02-07 19:54 15928 ----a-w c:\documents and settings\Erwin Velasquez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-08 03:2009-02-07 19:28 25:27 . c:\program files\mozilla firefox\components\jar50.dll
2009-02-08 03:2009-02-07 19:28 25:29 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-08 03:2009-02-07 19:28 25:27 . c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[-] 2006-01-13 02:03 360448 2A4818AEA80ACD2C95D7D92D2F3155F8 c:\windows.0\system32\drivers\tcpip.sys
[-] 2006-01-13 02:04 2187904 C3B84871DECE94E335B96FAFD756316C c:\windows.0\system32\ntoskrnl.exe
[-] 2006-01-13 01:46 1157120 162C99978D999B6722D1DB61DA136C19 c:\windows.0\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4433136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"netmon"="c:\windows.0\system\netmon.exe" [2009-04-11 47755]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows.0\RTHDCPL.exe [2007-10-16 16855552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows.0\system32\msnsc.exe" [2006-01-13 62054]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows.0\system32\tscupgrd.exe" [2006-01-13 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k

*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSNETDED]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows.0\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-04-16 12:51 155648 ----a-w c:\windows.0\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-04-15 12:02 151552 ----a-w c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-04-16 12:51 135168 ----a-w c:\windows.0\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-04-15 12:06 7197744 ----a-w c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 237568 ----a-w c:\windows.0\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-04-16 12:51 131072 ----a-w c:\windows.0\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2009-04-15 05:36 135168 ----a-w c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-w c:\windows.0\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1900544 ----a-w c:\windows.0\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS.0\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\WINDOWS.0\\system\\svhost.exe"=
"c:\\WINDOWS.0\\system32\\wuauclt.exe"=
"c:\\WINDOWS.0\\system32\\cmd.exe"=
"c:\\WINDOWS.0\\system\\msile.exe"=
"c:\\Documents and Settings\\Erwin\\12367493871920.exe"=
"c:\\WINDOWS.0\\system\\VMwareService.exe"=
"c:\\WINDOWS.0\\System32\\42.scr"=
"c:\\WINDOWS.0\\system\\netmon.exe"=
"c:\\WINDOWS.0\\System32\\44.scr"=
"c:\\WINDOWS.0\\system32\\userinit.exe"=
"c:\\WINDOWS.0\\RTHDCPL.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS.0\\system32\\Macromed\\Flash\\NPSWF32_FlashUtil.exe"=
"c:\\WINDOWS.0\\System32\\80.scr"=
"c:\\WINDOWS.0\\system32\\dwwin.exe"=
"c:\\Program Files\\Faronics\\Deep Freeze\\Install C-0\\_$Df\\FrzState2k.exe"=
"c:\\Program Files\\e-Games\\CABAL Online (PH)\\update.exe"=
"c:\\WINDOWS.0\\system32\\CF12161.exe"=
"c:\\DOCUME~1\\Erwin\\LOCALS~1\\Temp\\34.exe"=
"c:\\DOCUME~1\\Erwin\\LOCALS~1\\Temp\\winpchj.exe"=
"c:\\DOCUME~1\\Erwin\\LOCALS~1\\Temp\\wingpkeu.exe"=
"c:\\DOCUME~1\\Erwin\\LOCALS~1\\Temp\\qunp.exe"=
R2 msile;microsoft install le;c:\windows.0\system\msile.exe [2009-03-11 41987]
R2 WindowsTelephony;Windows Telephony;c:\windows.0\system\svhost.exe [2009-04-16 42523]
S0 DeepFrz;DeepFrz; [x]
S1 BIOS;BIOS;c:\windows.0\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 msrpxy;Microsoft Reverse Proxy Service;c:\windows.0\system32\msr.exe [2009-02-20 9728]
S2 VMwareService;VMwareService;c:\windows.0\system\VMwareService.exe [2009-03-11 52736]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows.0\system32\DRIVERS\l251x86.sys [2007-07-03 29696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MSNETDED
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Microsoft(R) System Manager - c:\windows.0\system32\sysmgr.exe
HKLM-Run-WSSVC - c:\windows.0\system\smsc.exe
Notify-DfLogon - LogonDll.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Erwin\Application Data\Mozilla\Firefox\Profiles\noouy53z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-16 19:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
c:\windows.0\system\netmon.exe [1216] 0x8338A580
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1284227242-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\windows.0\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows.0\temp\67.exe
c:\docume~1\Erwin\LOCALS~1\temp\winpchj.exe
c:\docume~1\Erwin\LOCALS~1\temp\wingpkeu.exe
.
**************************************************************************
.
Completion time: 2009-04-16 19:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 11:05
Pre-Run: 28,933,816,320 bytes free
Post-Run: 29,728,370,688 bytes free
253
MBAM log:
_________________________________________________________________
Malwarebytes' Anti-Malware 1.36
Database version: 1989
Windows 5.1.2600 Service Pack 2
4/16/2009 7:56:22 PM
mbam-log-2009-04-16 (19-56-22).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 148142
Time elapsed: 35 minute(s), 16 second(s)
Memory Processes Infected: 8
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 60
Memory Processes Infected:
C:\WINDOWS.0\system\msile.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS.0\system\svhost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS.0\system32\msr.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS.0\system\svhost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS.0\system\msile.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS.0\system\msile.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS.0\temp\46.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS.0\system\VMwareService.exe (Backdoor.Bot) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msile (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msile (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msile (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msnetded (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msnetded (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msnetded (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windowstelephony (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windowstelephony (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windowstelephony (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msrpxy (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msrpxy (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msrpxy (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMwareService (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmwareservice (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vmwareservice (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netmon (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS.0\system\msile.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\msr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\temp\46.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system\netmon.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS.0\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\01234567\e2p[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\system32\x.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\system32\drivers\sysdrv32.sys.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\Temp\02.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\Temp\05.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\Temp\21.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\Temp\35.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\Temp\38.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\Temp\52.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\Temp\70.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0006768.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0007770.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0007785.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0008015.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0009022.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0010015.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0011015.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0012015.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0013015.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0013025.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0013038.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0014031.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0014032.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0014044.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0015149.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0015050.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0015109.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0015124.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0015136.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0016142.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0017142.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{65EE7E90-4F5A-4CE3-8688-65984C12125D}\RP4\A0018141.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7223A61-4D51-42A5-B143-1C253FE2CD90}\RP4\A0020203.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7223A61-4D51-42A5-B143-1C253FE2CD90}\RP4\A0020204.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7223A61-4D51-42A5-B143-1C253FE2CD90}\RP4\A0020205.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7223A61-4D51-42A5-B143-1C253FE2CD90}\RP4\A0020206.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7223A61-4D51-42A5-B143-1C253FE2CD90}\RP4\A0020301.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7223A61-4D51-42A5-B143-1C253FE2CD90}\RP4\A0020648.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7223A61-4D51-42A5-B143-1C253FE2CD90}\RP4\A0020792.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7223A61-4D51-42A5-B143-1C253FE2CD90}\RP4\A0020891.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system\VMwareService.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\x.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\sysdrv32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\11.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\38.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\56.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\67.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\88.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\44.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\drivers\sysdrv32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS.0\temp\55.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS.0\temp\67.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system\VMwareService.exe (Backdoor.Bot) -> Quarantined and deleted successfully.