Pls Help !!!

STATUS: FINISHEDComplete scanning result of "in32.exe", received in VirusTotal at 05.28.2007, 09:11:36 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.24.0 05.28.2007 no virus found
AntiVir 7.4.0.27 05.27.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.27.2007 no virus found
AVG 7.5.0.467 05.27.2007 no virus found
BitDefender 7.2 05.28.2007 no virus found
CAT-QuickHeal 9.00 05.26.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 05.28.2007 no virus found
DrWeb 4.33 05.28.2007 no virus found
eSafe 7.0.15.0 05.27.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3670 05.28.2007 no virus found
Ewido 4.0 05.27.2007 no virus found
FileAdvisor 1 05.28.2007 no virus found
Fortinet 2.85.0.0 05.28.2007 suspicious
F-Prot 4.3.2.48 05.25.2007 no virus found
F-Secure 6.70.13030.0 05.28.2007 no virus found
Ikarus T3.1.1.8 05.28.2007 no virus found
Kaspersky 4.0.2.24 05.28.2007 no virus found
McAfee 5039 05.25.2007 no virus found
Microsoft 1.2503 05.28.2007 no virus found
NOD32v2 2293 05.27.2007 no virus found
Norman 5.80.02 05.25.2007 no virus found
Panda 9.0.0.4 05.27.2007 Suspicious file
Prevx1 V2 05.28.2007 no virus found
Sophos 4.18.0 05.25.2007 no virus found
Sunbelt 2.2.907.0 05.26.2007 no virus found
Symantec 10 05.28.2007 Backdoor.Rustock.B
TheHacker 6.1.6.123 05.25.2007 no virus found
VBA32 3.12.0 05.26.2007 no virus found
VirusBuster 4.3.23:9 05.27.2007 no virus found
Webwasher-Gateway 6.0.1 05.28.2007 Win32.Malware.gen!84 (suspicious)
 
I got problem where i cannot surf the internet after running killbox...do help?
Click to expand...

Hi

Did you run LSPFix before Killbox as instructed? Killbox removes this file c:\windows\system32\jbiqcwkxunjhb.dll and if lspfix hasn't been run before it then loss of internet connection may be followed. So, if you lose internet connection after killbox then you need to run LSPFix (download it here if needed). Click the "I know what I'm doing" button. In the left hand pane, hilite all instances of iuqcqwosrvc.dll (and nothing else), move them to the "Remove" pane and by clicking the >> button. Click Finish.
 
LSP-FIX shown at Keep Panel:
mswsock.dll
winrnr.dll
nwprovau.dll
jbiqcwkxunjhb.dll
rsvpsp.dll


Don't have "iuqcqwosrvc.dll "... i think because in previous post you have ask mi to remove it....
 
:oops: I meant this jbiqcwkxunjhb.dll. Please post those fresh Combofix log and hjt log after you're ready. :)
 
I am gonna redo the steps again...I'll stop until KillBox....(pls guide mi thru from KillBox)


STATUS: FINISHEDComplete scanning result of "in32.exe", received in VirusTotal at 05.29.2007, 07:25:47 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.29.0 05.28.2007 no virus found
AntiVir 7.4.0.27 05.28.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.28.2007 no virus found
AVG 7.5.0.467 05.28.2007 no virus found
BitDefender 7.2 05.29.2007 no virus found
CAT-QuickHeal 9.00 05.28.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 05.29.2007 no virus found
DrWeb 4.33 05.28.2007 no virus found
eSafe 7.0.15.0 05.28.2007 Win32.Rustock.B
eTrust-Vet 30.7.3670 05.28.2007 no virus found
Ewido 4.0 05.28.2007 no virus found
FileAdvisor 1 05.29.2007 no virus found
Fortinet 2.85.0.0 05.29.2007 suspicious
F-Prot 4.3.2.48 05.25.2007 no virus found
F-Secure 6.70.13030.0 05.29.2007 no virus found
Ikarus T3.1.1.8 05.29.2007 no virus found
Kaspersky 4.0.2.24 05.29.2007 no virus found
McAfee 5040 05.28.2007 no virus found
Microsoft 1.2503 05.29.2007 no virus found
NOD32v2 2294 05.28.2007 no virus found
Norman 5.80.02 05.28.2007 no virus found
Panda 9.0.0.4 05.28.2007 Suspicious file
Prevx1 V2 05.29.2007 no virus found
Sophos 4.18.0 05.28.2007 no virus found
Sunbelt 2.2.907.0 05.26.2007 no virus found
Symantec 10 05.29.2007 Backdoor.Rustock.B
TheHacker 6.1.6.124 05.28.2007 no virus found
VBA32 3.12.0 05.28.2007 no virus found
VirusBuster 4.3.23:9 05.28.2007 no virus found
Webwasher-Gateway 6.0.1 05.29.2007 Win32.Malware.gen!84 (suspicious)
 
1. Killbox: Do i "Delete File" on a Single File or All File?
Click to expand...
Choose all files.

2. ComboFix: Again my internet icon lost after running it.
Click to expand...
If you lose Internet connection run LSPFix. Then Click the "I know what I'm doing" button. In the left hand pane, hilite all instances of iuqcqwosrvc.dll look-alikes and nothing else (it isn't necessarily exactly same name but is almost same length and is randomly named.), move them to the "Remove" pane and by clicking the >> button. Click Finish.



PS. You don't need to do that upload to Virustotal anymore since you've already done it. :)
 
Still Lose my Internet Connection

"Cecilia" - 2007-05-29 15:30:44 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Cecilia\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\nvstatld.dll"
"C:\WINDOWS\system32\iuqcqwosrvc.dll"
"C:\WINDOWS\system32\praosyavj.dll"
"C:\WINDOWS\system32\sgl.dll"
"C:\cp2282.nls"

Infected copy of C:\WINDOWS\system32\drivers\ndis.sys was found & disinfected
Restored copy from - "c:\I386\NDIS.SY_"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NTLDR.SYS


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))


2007-05-28 14:42 <DIR> d-------- C:\!KillBox
2007-05-28 10:10 <DIR> d-------- C:\WINDOWS\ERDNT(2)
2007-05-25 11:35 <DIR> d-------- C:\HijackThis
2007-05-22 08:14 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-11 16:13 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-15 06:54:31 -------- d-----w C:\DOCUME~1\Cecilia\APPLIC~1\Skype
2007-04-26 03:31:04 -------- d-----w C:\Program Files\PC Tools AntiVirus
2007-04-25 08:10:32 -------- d-----w C:\Program Files\Skype
2007-04-25 08:10:32 -------- d-----w C:\Program Files\Common Files\Skype
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 01:20:45 74,752 ----a-w C:\WINDOWS\in32.exe
2007-04-03 04:10:18 -------- d-----w C:\Program Files\AgentRansack
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2004-08-04 12:00:00 88,868 --sh--r C:\WINDOWS\system32\cmdctunj.exe
2004-08-04 12:00:00 88,868 --sh--r C:\WINDOWS\system32\autodmwl.exe
2004-08-04 12:00:00 88,431 --sh--r C:\WINDOWS\system32\dllqepfe.exe
2004-08-04 12:00:00 88,281 --sh--r C:\WINDOWS\system32\regegygj.exe
2004-08-04 12:00:00 88,281 --sh--r C:\WINDOWS\system32\fxsxyfhp.exe
2004-08-04 12:00:00 88,281 --sh--r C:\WINDOWS\system32\clitbdeu.exe
2004-08-04 12:00:00 75,302 --sh--r C:\WINDOWS\system32\wsmmlog.exe
2004-08-04 12:00:00 72,957 --sh--r C:\WINDOWS\system32\smcntlwio.exe
2004-08-04 12:00:00 72,844 --sh--r C:\WINDOWS\system32\plsitctl.exe
2004-08-04 12:00:00 71,420 --sh--r C:\WINDOWS\system32\sdservss.exe
2004-08-04 12:00:00 71,004 --sh--r C:\WINDOWS\system32\osskhbd.exe
2004-08-04 12:00:00 44,804 --sh--r C:\WINDOWS\system32\netbikfo.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-05-27 10:01 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" []
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-14 05:34 C:\WINDOWS\system32\ico.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-13 20:20]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-21 21:07]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli pwdmon



Contents of the 'Scheduled Tasks' folder
2007-05-29 06:37:09 C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 15:37:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-29 15:38:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-29 15:38
C:\ComboFix2.txt ... 2007-05-29 08:27

--- E O F ---
 
Logfile of HijackThis v1.99.1
Scan saved at 5:22:46 PM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LorraineSpy] C:\WINDOWS\LorraineSpyingOnCecilia.vbs
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168476246375
O16 - DPF: {7238A364-D686-4A88-B1AF-1223D6E9497A} (SFClientFree Object) - https://skyfexfree.net/Client/ClientFree.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/70efdf/games/files/606/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C99D4C47-DB9A-4BC0-BFA9-E6DDFDACDC62}: NameServer = 202.75.129.101,202.75.129.102
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 
Hi

How's your internet connection now?


If it's working then follow these instructions otherwise please let me know.



Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Don't run AVG yet. Will do it a bit later.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Don't run ATF yet. Will do it a bit later.


Start hjt, click do a system scan only, check:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/70efdf/games...ploader_v6.cab

Close all browsers and other windows. Click fix checked.


I assume you have still Killbox installation left. However, if you've removed Killbox download it here.
Unzip it to the desktop but do NOT run it yet.



Copy the text to a Notepad file and save it to your desktop! We will need the file later.



Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.




Running temp cleaner & AVG Anti-Spyware
---------------------------------------



Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the
    Save Scan Report
    button before you did hit the
    Apply all Actions
    button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.


After that please run Killbox.

Select "Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\cmdctunj.exe
C:\WINDOWS\system32\autodmwl.exe
C:\WINDOWS\system32\dllqepfe.exe
C:\WINDOWS\system32\regegygj.exe
C:\WINDOWS\system32\fxsxyfhp.exe
C:\WINDOWS\system32\clitbdeu.exe
C:\WINDOWS\system32\wsmmlog.exe
C:\WINDOWS\system32\smcntlwio.exe
C:\WINDOWS\system32\plsitctl.exe
C:\WINDOWS\system32\sdservss.exe
C:\WINDOWS\system32\osskhbd.exe
C:\WINDOWS\system32\netbikfo.exe
Click to expand...

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.


Post AVG Anti-spyware log & a fresh hjt log.
 
Hi Blade,

My connection is Fine..

So are there any still ALOT problem in my pc after posting the lastest HJT? so i can proceed to the next steps that you just provided? ??
 
Hi Cecilia

I can guarantee that your latest log looks MUCH better than the one in the beginning :) As connection works now you can safely follow my latest instructions.
 
C:\Program Files\MSN Messenger\msnmsgr(2).exe -> Backdoor.MSNMaker.w : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dllqepfe.exe -> Backdoor.Sdbot : Cleaned with backup (quarantined).
C:\IBMTOOLS\DRIVERS\MOUSE\SP_OPT\MS98.CAB/PMUninst.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\WINDOWS\system32\PMUNINST.EXE -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ms98.cab/PMUninst.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0124605.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0128633.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0128698.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0135698.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0138698.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0139698.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0154751.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0155751.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0156790.dll -> Logger.Agent.fr : Cleaned with backup (quarantined).
C:\HijackThis\backups\backup-20070530-104549-874.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP301\A0632552.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0121599.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0123598.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0124600.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0128598.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0128695.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0130694.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0135694.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0138694.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0139694.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0143694.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0151694.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0154725.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0154747.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0155746.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0155747.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0155748.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0156746.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0156747.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0156748.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0158787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0158788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0163787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0163788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0165787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0165788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0166787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0166788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0167787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0168789.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0168790.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0169788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0169789.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0170787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0170788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0173787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0173788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0175787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0175788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0176787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0178787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0182787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0184787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0184788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0186787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
 
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0187787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0187788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0191787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0199787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0200787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0200788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0206787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0215787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0217787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0217788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0218787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0240787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0241787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0243787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0253787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0260787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0266787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0267787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0269787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0271787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0272787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0274787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0276787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0285787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0286787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0286788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0287788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0287789.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0295787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP273\A0295788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0308787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0313787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0314788.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0317787.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0324792.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0330792.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0337791.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0337792.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP279\A0369123.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP279\A0369127.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP279\A0369129.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP279\A0369131.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\WINDOWS\system32\osskhbd.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\WINDOWS\system32\plsitctl.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sdservss.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smcntlwio.exe -> Proxy.Slaper.p : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP275\A0350792.exe -> Proxy.Slaper.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP279\A0369125.exe -> Proxy.Slaper.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP266\A0082827.exe -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0085206.exe -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP269\A0101449.exe -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\!KillBox\jbiqcwkxunjhb.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\jbiqcwkxunjhb.dll.vir -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\praosyavj.dll.vir -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\zcblo.dll.vir -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP294\A0575485.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP295\A0576508.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP297\A0583718.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP299\A0622092.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP300\A0631252.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP301\A0631477.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP301\A0631544.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\u.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\nvstatld.dll.vir -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0130698.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0165791.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0182791.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0259791.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP291\A0539771.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP292\A0547161.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP297\A0583716.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP299\A0621998.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP300\A0631292.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nvstatld.dll -> Trojan.Susear.a : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\iuqcqwosrvc.dll.vir -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP291\A0539772.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP292\A0547162.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP297\A0583717.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP299\A0621999.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP300\A0631293.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iuqcqwosrvc.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\sgl.dll.vir -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP291\A0539773.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP292\A0547163.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP297\A0583719.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP299\A0622000.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP300\A0631294.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sgl.dll -> Trojan.Vqten.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP259\A0066468.exe -> Worm.Limar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP259\A0066643.exe -> Worm.Limar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP261\A0068096.exe -> Worm.Limar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP247\A0063488.dll -> Worm.Stration : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP248\A0063635.dll -> Worm.Stration : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP247\A0063489.exe -> Worm.Stration.dn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP251\A0064614.dll -> Worm.Warezov.ai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP260\A0066776.exe -> Worm.Warezov.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0073094.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
 
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0076145.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0076264.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0077321.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0079402.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0081407.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0081451.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0081457.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP266\A0082743.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0085140.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0169784.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP281\A0369215.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP281\A0369217.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP281\A0369219.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\appperf.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP232\A0061207.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP233\A0061217.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP233\A0061294.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP234\A0061399.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP235\A0061601.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP236\A0061696.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP236\A0061841.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP237\A0062051.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP241\A0062199.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP241\A0062208.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP241\A0062338.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP241\A0062401.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP242\A0062487.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP243\A0062623.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP244\A0062812.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP245\A0062836.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP245\A0063061.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP246\A0063191.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP247\A0063407.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP248\A0063630.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP248\A0063640.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP248\A0063666.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP248\A0063778.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP249\A0064011.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP249\A0064161.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP250\A0064336.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP250\A0064476.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP251\A0064607.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP251\A0064617.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP251\A0064719.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP251\A0064846.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP252\A0064865.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP253\A0065007.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP253\A0065011.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP253\A0065191.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP254\A0065371.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP255\A0065540.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP256\A0065647.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP256\A0065738.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP257\A0065942.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP257\A0066063.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP257\A0066083.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP257\A0066155.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP259\A0066474.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP259\A0066502.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP259\A0066647.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP260\A0066780.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP261\A0066960.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP261\A0066965.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP261\A0067966.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP261\A0068089.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP261\A0068106.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP262\A0068453.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP262\A0068486.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP262\A0068651.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP264\A0068856.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0070827.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0071828.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0073083.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0073102.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0076149.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0076166.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0076221.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0076257.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0076267.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0076286.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0077286.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0077304.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0077325.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0079365.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0079396.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0079406.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0081440.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
 
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0081461.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0081490.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0081555.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP266\A0082709.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP266\A0082846.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP266\A0082912.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP267\A0084981.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0084995.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0085211.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0085248.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0088280.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0095280.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0096336.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP268\A0097389.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP269\A0100446.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP269\A0101457.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0102457.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0111457.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0111513.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0112527.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0115547.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0115597.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0124597.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0128693.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP270\A0151724.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0154745.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP271\A0156786.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP272\A0185786.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP279\A0369112.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP279\A0369117.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP281\A0369145.exe -> Worm.Warezov.ka : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP259\A0066644.dll -> Worm.Warezov.ln : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP248\A0063634.exe -> Worm.Warezov.lx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP236\A0061693.exe -> Worm.Warezov.md : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP236\A0061837.exe -> Worm.Warezov.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP236\A0061838.dll -> Worm.Warezov.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP246\A0063188.exe -> Worm.Warezov.mk : Cleaned with backup (quarantined).
C:\!KillBox\IoCNAW2v.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\!KillBox\i2VKVg.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP251\A0064713.exe -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP294\A0575482.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP294\A0575483.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP295\A0576505.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP295\A0576506.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP300\A0631249.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP300\A0631250.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP301\A0631474.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP301\A0631475.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP301\A0631541.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP301\A0631542.dll -> Worm.Warezov.mo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP265\A0070824.exe -> Worm.Warezov.ne : Cleaned with backup (quarantined).


::Report end
 
Logfile of HijackThis v1.99.1
Scan saved at 2:50:52 PM, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LorraineSpy] C:\WINDOWS\LorraineSpyingOnCecilia.vbs
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ailkmokisub.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168476246375
O16 - DPF: {7238A364-D686-4A88-B1AF-1223D6E9497A} (SFClientFree Object) - https://skyfexfree.net/Client/ClientFree.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C99D4C47-DB9A-4BC0-BFA9-E6DDFDACDC62}: NameServer = 202.75.129.101,202.75.129.102
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 
Hi

Well..still something left.

Run LSPFix. Click the "I know what I'm doing" button. In the left hand pane, hilite all instances of ailkmokisub.dll (and nothing else), move them to the "Remove" pane and by clicking the >> button. Click Finish.

==================
Reboot into safe mode


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Delete following file:
c:\windows\system32\ailkmokisub.dll

Reboot back into normal mode and post a fresh hjt log.
 
You must log in or register to reply here.
Back
Top