Spoolsv.exe, Versclid.exe and other problems.

meekonfire · Jul 8, 2009

Hey guys

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:44 AM, on 7/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [16826524] C:\Documents and Settings\All Users\Application Data\16826524\16826524.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [nvd32_r] rundll32.exe "C:\Documents and Settings\Owner\Application Data\unobi.dll" s
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: cablki.dll ymwazv.dll wwqozw.dll chklvr.dll whynme.dll ozyhkl.dll lvvsjl.dll vdjmdi.dll xjewlj.dll pvqygx.dll xicnhs.dll omhxxv.dll cmxrqj.dll qlylfv.dll bjoaeb.dll wmpepn.dll rnhqoj.dll tberkr.dll nsanpc.dll lraiak.dll uszpgu.dll tbiind.dll hdwmym.dll yrevto.dll mdmfyl.dll xlxhmp.dll C:\WINDOWS\system32\kijazere.dll c:\windows\system32\ c:\windows\system32\ c:\windows\system32\
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

--
End of file - 3626 bytes

*********
when i start my computer, it becomes really slow on my log in screen
and takes even longer once i log on and windows is starting up at the
bottom of the screen.

i ran spybot S&D numerous times even when rebooting my computer.
it mainly deleted Virtumonde a bunch of times and some new trojans
came up such as "Security Microsoft Something" and others I can't really remember.

Afterwards, my computer freezes, an older version of Windows xp takes
place, causing my audio to not work on websites (only on games installed on the computer) and says I have no audio device installed.

Then usually a prompt comes up saying "Windows has files that have recently been replaced, please reinstall the windows.exe with your discs" (I lost my discs a while ago.. this is an old Dell) I click off the window and it keeps reappearing. Maybe this is all the same virus?

I checked my Task Manager and I see a lot of these .exe processees that i try and end before it takes over and changes my windows settings.

Known processees are:
versclid.exe
spoolsv.exe (these first two always pop up when my windows xp becomes the older version and the audio hardware doesn't work)
alg.exe
0134246.exe (not exactly the same but two usually come up with random numbers)
wsctfy.exe
backweb-2349084.exe (once again an example)

& then a BUNCH of svchost.exe files which leads into my next problem

I open up the internet browser i use currently(which is Google Chrome).
and my internet works for just a little bit
and then I'll get pop ups saying Application Error - the instruction at "0x00f2220e" referenced memory at "0x3138e000" couldn't not be written. Svchost.exe has an unsuspecting error and has to terminate. Click OK to terminate the program.

*When I check the taskmanager, a few of the svchost.exe files start increasing drasticaly with Mem usage causing my internet to crash. If I end that process, it turns my internet back to being fast but then when I open up a new page it comes back and slows it down again. If I delete the wrong exe it countdown a restart on my computer.. this becomes an enormous pain.

I saved a back up registry in case you guys need it.

Any help would be greatly appreciated

Thanks!

Blade81 · Jul 9, 2009

Hi there,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

meekonfire · Jul 11, 2009

Here it is

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 20:28:48.78 on Fri 07/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.347 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.com
C:\WINDOWS\system32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {77a7b88b-f640-4d9c-af34-ba60f1610bce} - c:\windows\system32\iiffGASM.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [nvd32_r] rundll32.exe "c:\documents and settings\owner\application data\unobi.dll" s
uRun: [DiskChk help] rundll32.exe "c:\documents and settings\all users\proto.dll" run
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
SSODL: SSODL - - No File
SEH: {f675f70d-70d3-a908-f934-4d26faabbc09}: {90cbbaaf-62d4-439f-809a-3d07d07f576f} - c:\windows\system32\gmwamp.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\iiffGASM
LSA: Notification Packages = scecli c:\windows\system32\kijazere.dll

============= SERVICES / DRIVERS ===============

R1 driverdrv;driverdrv;c:\program files\driver\driver.sys [2009-6-17 9472]
R1 podmenadrv;podmenadrv;c:\program files\podmena\podmena.sys [2009-6-15 9472]
S2 driver;driver;c:\windows\system32\svchost.exe -k driver [2008-8-21 14336]
S2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [2008-8-21 14336]

=============== Created Last 30 ================

2009-07-08 08:21 483 a--sh--- c:\windows\system32\MSAGffii.ini2
2009-07-08 08:21 483 a--sh--- c:\windows\system32\MSAGffii.ini
2009-07-08 00:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-18 01:10 <DIR> --d----- c:\docume~1\owner\applic~1\IrfanView
2009-06-17 10:18 <DIR> --d----- c:\program files\driver
2009-06-17 10:18 2 a------- c:\windows\104116116112584747.dat
2009-06-17 10:17 2 a------- c:\windows\010112010146118114.dat
2009-06-17 10:16 164 a------- C:\nm8912.bat
2009-06-15 14:16 <DIR> --d----- c:\program files\podmena
2009-06-15 14:15 2 ----h--- c:\windows\zaponce53173.dat
2009-06-15 14:15 2 ----h--- c:\windows\zaponce53290.dat
2009-06-15 14:15 159 a------- C:\d45.bat
2009-06-14 14:14 49,152 a------- c:\windows\system32\clrhtnes.dll
2009-06-14 02:11 49,152 a------- c:\windows\system32\hxuigyxb.dll
2009-06-13 14:08 49,152 a------- c:\windows\system32\hsomrasq.dll
2009-06-11 12:54 <DIR> --d----- c:\program files\common files\speechengines
2009-06-11 12:54 <DIR> --d----- c:\program files\common files\mssoap
2009-06-11 02:49 227 a------- c:\windows\PowerReg.dat
2009-06-11 02:49 45,568 a------- c:\windows\UniFish3.exe
2009-06-11 02:48 <DIR> --d----- c:\program files\Hasbro Interactive
2009-06-11 02:29 221,184 a------- c:\windows\system32\wmpns.dll

==================== Find3M ====================

2009-07-10 20:29 110,284 a------- c:\windows\system32\drivers\beep.sys
2009-06-19 14:39 15,360 a--sh--- c:\windows\system32\tohuredu.exe
2009-06-18 16:31 15,360 a--sh--- c:\windows\system32\fodehofi.exe
2009-06-18 04:31 15,360 a--sh--- c:\windows\system32\papupona.exe
2009-06-17 22:16 15,360 a--sh--- c:\windows\system32\pakaride.exe
2009-06-17 10:16 15,360 a--sh--- c:\windows\system32\rowesezo.exe
2009-06-15 14:14 15,360 a--sh--- c:\windows\system32\zegipaso.exe
2009-06-15 14:14 79,360 -------- c:\windows\system32\haliwoya.dll
2009-06-15 02:14 79,360 -------- c:\windows\system32\gifekuwe.dll
2009-06-14 02:14 80,384 -------- c:\windows\system32\sagezoju.dll
2009-06-13 14:14 79,872 -------- c:\windows\system32\henowosa.dll
2009-06-08 00:52 120,832 a------- c:\windows\system32\gmwamp.dll
2009-06-08 00:52 120,832 a------- c:\windows\system32\ahvfihpk.dll
2009-06-06 11:08 120,832 a------- c:\windows\system32\ucyugpne.dll
2009-06-06 11:08 120,832 a------- c:\windows\system32\naemef.dll
2009-06-05 23:05 120,832 a------- c:\windows\system32\jkqkackv.dll
2009-06-05 23:05 120,832 a------- c:\windows\system32\djncng.dll
2009-06-05 11:08 206,852 a------- c:\windows\system32\msxml71.dll
2009-06-05 11:08 115,716 a------- c:\windows\msa.exe
2009-06-05 11:05 120,832 a------- c:\windows\system32\wkcdql.dll
2009-06-05 11:05 120,832 a------- c:\windows\system32\aduwitxb.dll
2009-06-04 15:41 120,832 a------- c:\windows\system32\uveycrvm.dll
2009-06-04 15:41 120,832 a------- c:\windows\system32\fkvvbk.dll
2009-06-04 13:50 36,352 a------- c:\documents and settings\all users\proto.dll
2009-06-04 03:39 120,832 a------- c:\windows\system32\qyhxmokw.dll
2009-06-04 03:39 120,832 a------- c:\windows\system32\pdyeig.dll
2009-06-03 13:23 120,832 a------- c:\windows\system32\pgsafgou.dll
2009-06-03 13:23 120,832 a------- c:\windows\system32\kfepvd.dll
2009-06-03 00:55 27,648 a------- c:\windows\system32\__c00C839A.dat
2009-06-03 00:41 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-06-02 06:10 120,832 a------- c:\windows\system32\xpmrywig.dll
2009-06-02 06:10 120,832 a------- c:\windows\system32\liitdb.dll
2009-06-01 18:13 92,060 a------- c:\windows\system32\ogxrjwwo.exe
2009-06-01 18:10 120,832 a------- c:\windows\system32\hxprciwa.dll
2009-06-01 18:10 120,832 a------- c:\windows\system32\dnxojq.dll
2009-06-01 06:10 120,832 a------- c:\windows\system32\umiekufx.dll
2009-06-01 06:10 120,832 a------- c:\windows\system32\tolnwz.dll
2009-05-31 18:07 120,832 a------- c:\windows\system32\gkoetyip.dll
2009-05-31 18:07 120,832 a------- c:\windows\system32\dkokfz.dll
2009-05-31 06:07 120,832 a------- c:\windows\system32\xwstet.dll
2009-05-31 06:07 120,832 a------- c:\windows\system32\oswdvtuu.dll
2009-05-30 18:07 120,832 a------- c:\windows\system32\ygwmsb.dll
2009-05-30 18:07 120,832 a------- c:\windows\system32\gjstfmnt.dll
2009-05-30 06:07 120,832 a------- c:\windows\system32\ypvyjbph.dll
2009-05-30 06:07 120,832 a------- c:\windows\system32\qpzpam.dll
2009-05-29 18:07 120,832 a------- c:\windows\system32\qqwmfsrp.dll
2009-05-29 18:07 120,832 a------- c:\windows\system32\guzhip.dll
2009-05-29 06:07 120,832 a------- c:\windows\system32\thgyvags.dll
2009-05-29 06:07 120,832 a------- c:\windows\system32\rwqdcl.dll
2009-05-28 18:05 120,832 a------- c:\windows\system32\tkibnifj.dll
2009-05-28 18:05 120,832 a------- c:\windows\system32\pnsftn.dll
2009-05-28 06:04 120,832 a------- c:\windows\system32\xrfhwbfa.dll
2009-05-28 06:04 120,832 a------- c:\windows\system32\vcnfho.dll
2009-05-27 18:08 120,832 a------- c:\windows\system32\rvvunwqs.dll
2009-05-27 18:08 120,832 a------- c:\windows\system32\lpzbkl.dll
2009-05-27 18:05 123,904 a------- c:\windows\system32\cdsnz.dll
2009-05-27 18:05 155,648 a------- c:\windows\system32\ujesejqh.exe
2009-05-27 06:05 120,832 a------- c:\windows\system32\rvvvmyru.dll
2009-05-27 06:05 120,832 a------- c:\windows\system32\efebst.dll
2009-05-26 18:07 120,832 a------- c:\windows\system32\swlcykhs.dll
2009-05-26 18:07 120,832 a------- c:\windows\system32\rbaupe.dll
2009-05-26 13:30 55,808 a------- c:\docume~1\owner\applic~1\unobi.dll
2009-05-26 06:07 120,832 a------- c:\windows\system32\jhcorx.dll
2009-05-26 06:07 120,832 a------- c:\windows\system32\axvvdspe.dll
2009-05-25 18:06 120,832 a------- c:\windows\system32\rertgy.dll
2009-05-25 18:06 120,832 a------- c:\windows\system32\donyqrvd.dll
2009-05-25 06:03 120,832 a------- c:\windows\system32\khrdjucv.dll
2009-05-25 06:03 120,832 a------- c:\windows\system32\cuudbu.dll
2009-05-24 18:03 120,832 a------- c:\windows\system32\nsvybk.dll
2009-05-24 18:03 120,832 a------- c:\windows\system32\cbtgikni.dll
2009-05-24 06:03 120,832 a------- c:\windows\system32\yfuicn.dll
2009-05-24 06:03 120,832 a------- c:\windows\system32\ctibmtqq.dll
2009-05-23 18:03 120,832 a------- c:\windows\system32\sextdfyt.dll
2009-05-23 18:03 120,832 a------- c:\windows\system32\cdsnzh.dll
2009-05-23 06:03 120,832 a------- c:\windows\system32\qcdwad.dll
2009-05-23 06:03 120,832 a------- c:\windows\system32\jaaldtqc.dll
2009-05-22 18:02 120,832 a------- c:\windows\system32\hoaivtlt.dll
2009-05-22 18:02 120,832 a------- c:\windows\system32\gnpfen.dll
2009-05-22 06:03 120,832 a------- c:\windows\system32\twoyhrcw.dll
2009-05-22 06:03 120,832 a------- c:\windows\system32\ryyiek.dll
2009-05-21 21:33 120,832 a------- c:\windows\system32\vlhgoc.dll
2009-05-21 21:33 120,832 a------- c:\windows\system32\nmafjnjd.dll
2009-05-21 12:10 120,832 a------- c:\windows\system32\ycmhge.dll
2009-05-21 12:10 120,832 a------- c:\windows\system32\phqgvigx.dll
2009-05-20 17:58 120,832 a------- c:\windows\system32\qnqvvv.dll
2009-05-20 17:58 120,832 a------- c:\windows\system32\flqejkqu.dll
2009-05-20 15:22 120,832 a------- c:\windows\system32\xumynd.dll
2009-05-20 15:22 120,832 a------- c:\windows\system32\uupdluqo.dll
2009-05-20 01:29 120,832 a------- c:\windows\system32\ffyujtuc.dll
2009-05-20 01:29 120,832 a------- c:\windows\system32\agidky.dll
2009-05-19 13:30 120,832 a------- c:\windows\system32\mhlvjwth.dll
2009-05-19 13:30 120,832 a------- c:\windows\system32\bljiln.dll
2009-05-19 01:30 120,832 a------- c:\windows\system32\spgehdib.dll
2009-05-19 01:30 120,832 a------- c:\windows\system32\obvebx.dll
2009-05-18 13:28 120,832 a------- c:\windows\system32\xlfxswes.dll
2009-05-18 13:28 120,832 a------- c:\windows\system32\nzsphb.dll
2009-05-18 01:28 120,832 a------- c:\windows\system32\kyfksuxp.dll
2009-05-18 01:28 120,832 a------- c:\windows\system32\djravm.dll
2009-05-17 13:28 120,832 a------- c:\windows\system32\sacietdx.dll
2009-05-17 13:28:39 A------- 120,832 c:\windows\system32\fvtvpf.dll

============= FINISH: 20:32:54.96 ===============

meekonfire · Jul 11, 2009

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2008 8:12:45 PM
System Uptime: 7/10/2009 8:23:35 PM (0 hours ago)

Motherboard: Intel Corporation | | CA810E
Processor: Intel Pentium III processor | J5H1 | 796/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 128 GiB total, 93.998 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 21 GiB total, 20.987 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP256: 7/10/2009 8:25:26 PM - System Checkpoint
RP257: 7/10/2009 8:25:27 PM - Restore Operation
RP258: 7/10/2009 8:25:28 PM - a
RP259: 7/10/2009 8:25:30 PM - Removed Logitech QuickCam
RP260: 7/10/2009 8:25:30 PM - System Checkpoint
RP261: 7/10/2009 8:25:31 PM - Last known good configuration
RP262: 7/10/2009 8:25:31 PM - Last known good configuration
RP263: 7/10/2009 8:25:32 PM - System Checkpoint
RP264: 7/10/2009 8:25:33 PM - Last known good configuration
RP265: 7/10/2009 8:26:27 PM - Last known good configuration

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
AIM 6
Google Chrome
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IrfanView (remove only)
Java(TM) 6 Update 11
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MSXML 4.0 SP2 (KB954430)
Power Tab Editor 1.7
Roll
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Spybot - Search & Destroy
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Ventrilo Client
WebFldrs XP
Windows XP Service Pack 3
World of Warcraft

==== Event Viewer Messages From Past Week ========

7/10/2009 8:29:33 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/10/2009 8:29:26 PM, error: DCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
7/10/2009 8:28:54 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 8:28:54 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 8:28:54 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 8:27:10 PM, error: Service Control Manager [7031] - The podmena service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2009 8:27:01 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2009 8:26:33 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 8:26:33 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 8:26:33 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 8:26:25 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 8:25:49 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2009 8:25:29 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/10/2009 8:25:28 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/10/2009 8:24:37 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the path specified.
7/10/2009 8:24:37 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
7/10/2009 8:19:39 PM, error: Service Control Manager [7031] - The driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2009 8:14:47 PM, information: Windows File Protection [64004] - The protected system file beep.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x000006ba [The RPC server is unavailable. ].
7/10/2009 8:14:05 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

==== End Of File ===========================

Blade81 · Jul 12, 2009

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

meekonfire · Jul 12, 2009

ComboFix 09-07-11.01 - Owner 07/12/2009 3:09.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.266 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\96836516.ini
c:\documents and settings\Owner\Application Data\unobi.dll
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\driver
c:\program files\driver\driver.dll
c:\program files\driver\driver.sys
c:\program files\podmena
c:\program files\podmena\podmena.dll
c:\program files\podmena\podmena.sys
c:\windows\010112010146118114.dat
c:\windows\command
c:\windows\desktop
c:\windows\msa.exe
c:\windows\system32\__c00C839A.dat
c:\windows\system32\addlml.dll
c:\windows\system32\aderpt.dll
c:\windows\system32\adlsmnqh.dll
c:\windows\system32\aduwitxb.dll
c:\windows\system32\afkoaggm.ini
c:\windows\system32\afwvef.dll
c:\windows\system32\agidky.dll
c:\windows\system32\ahvfihpk.dll
c:\windows\system32\aisjmi.dll
c:\windows\system32\akeyfvkb.dll
c:\windows\system32\akgdemlv.dll
c:\windows\system32\aklqnwie.ini
c:\windows\system32\aknguq.dll
c:\windows\system32\akpekepr.dll
c:\windows\system32\alygmcng.dll
c:\windows\system32\aoapwbda.dll
c:\windows\system32\arwkyewd.dll
c:\windows\system32\arwthl.dll
c:\windows\system32\atqjdvth.ini
c:\windows\system32\auzmbi.dll
c:\windows\system32\avrzzd.dll
c:\windows\system32\avuihj.dll
c:\windows\system32\axofpfqh.dll
c:\windows\system32\axvvdspe.dll
c:\windows\system32\aybtablp.ini
c:\windows\system32\bbhcckld.dll
c:\windows\system32\bbwowynx.dll
c:\windows\system32\beggtn.dll
c:\windows\system32\bemduy.dll
c:\windows\system32\bjoaeb.dll
c:\windows\system32\bljiln.dll
c:\windows\system32\bmuhpo.dll
c:\windows\system32\bmvjdiei.dll
c:\windows\system32\bogijkog.dll
c:\windows\system32\bovceeuq.ini
c:\windows\system32\bpglup.dll
c:\windows\system32\bplyjnrv.dll
c:\windows\system32\bqahoqyd.dll
c:\windows\system32\brlarjbx.dll
c:\windows\system32\bswagm.dll
c:\windows\system32\buliugae.ini
c:\windows\system32\bwafkhpx.dll
c:\windows\system32\cablki.dll
c:\windows\system32\caoguvri.dll
c:\windows\system32\cbtgikni.dll
c:\windows\system32\cdidvbml.dll
c:\windows\system32\cdsnzh.dll
c:\windows\system32\cedodq.dll
c:\windows\system32\chklvr.dll
c:\windows\system32\ciyyau.dll
c:\windows\system32\clcccv.dll
c:\windows\system32\clrhtnes.dll
c:\windows\system32\clxxrscl.dll
c:\windows\system32\cmxrqj.dll
c:\windows\system32\cnnjpjeu.ini
c:\windows\system32\coconpmf.dll
c:\windows\system32\cqnuly.dll
c:\windows\system32\crmheytj.dll
c:\windows\system32\csuxcfdk.ini
c:\windows\system32\ctibmtqq.dll
c:\windows\system32\ctnwywsp.dll
c:\windows\system32\cuobsm.dll
c:\windows\system32\cuudbu.dll
c:\windows\system32\cvmjlfgu.dll
c:\windows\system32\cwwznw.dll
c:\windows\system32\dawecj.dll
c:\windows\system32\dblifvdn.dll
c:\windows\system32\dcvojc.dll
c:\windows\system32\deeccitt.dll
c:\windows\system32\deypgygf.dll
c:\windows\system32\dfggdvvt.dll
c:\windows\system32\dgbuffkb.dll
c:\windows\system32\dhwpbshv.ini
c:\windows\system32\djiqeflu.ini
c:\windows\system32\djncng.dll
c:\windows\system32\djravm.dll
c:\windows\system32\dkokfz.dll
c:\windows\system32\dkywxx.dll
c:\windows\system32\dlkcchbb.ini
c:\windows\system32\dmsrqg.dll
c:\windows\system32\dnlvqxrk.ini
c:\windows\system32\dnpjfd.dll
c:\windows\system32\dnxojq.dll
c:\windows\system32\donyqrvd.dll
c:\windows\system32\doogtz.dll
c:\windows\system32\dosrsx.dll
c:\windows\system32\drivers\beep.sys
c:\windows\system32\dwhhkrau.dll
c:\windows\system32\dypjyy.dll
c:\windows\system32\eapehm.dll
c:\windows\system32\edelrf.dll
c:\windows\system32\edpvalvu.dll
c:\windows\system32\eeshuani.exe
c:\windows\system32\efebst.dll
c:\windows\system32\efffht.dll
c:\windows\system32\efpssk.dll
c:\windows\system32\efwqsxox.dll
c:\windows\system32\eiiijbnq.dll
c:\windows\system32\eiwnqlka.dll
c:\windows\system32\ejbxbiwx.dll
c:\windows\system32\ejtodfjv.ini
c:\windows\system32\elucgv.dll
c:\windows\system32\ephtqwlk.dll
c:\windows\system32\eqexfc.dll
c:\windows\system32\euxmwv.dll
c:\windows\system32\evgozu.dll
c:\windows\system32\evxfdpws.dll
c:\windows\system32\ewwcmx.dll
c:\windows\system32\exyulfqn.dll
c:\windows\system32\ezayau.dll
c:\windows\system32\ezydce.dll
c:\windows\system32\faqpbu.dll
c:\windows\system32\fbbjerdn.dll
c:\windows\system32\fcdvtjwg.ini
c:\windows\system32\fcovmouq.exe
c:\windows\system32\fdhqhxyr.dll
c:\windows\system32\fekstu.dll
c:\windows\system32\ffvwxfnt.ini
c:\windows\system32\ffyujtuc.dll
c:\windows\system32\fgmcnq.dll
c:\windows\system32\fjhilbfh.dll
c:\windows\system32\fkvvbk.dll
c:\windows\system32\fkyogo.dll
c:\windows\system32\flqejkqu.dll
c:\windows\system32\flujecli.dll
c:\windows\system32\fmklnfam.dll
c:\windows\system32\fndqld.dll
c:\windows\system32\fquxbf.dll
c:\windows\system32\frsxomcf.dll
c:\windows\system32\fswoof.dll
c:\windows\system32\fugsgiqq.dll
c:\windows\system32\fuiqvdcj.dll
c:\windows\system32\fvdcuuun.dll
c:\windows\system32\fvtvpf.dll
c:\windows\system32\fwpcpiaw.dll
c:\windows\system32\fxqftxfn.dll
c:\windows\system32\fxtpjvkx.dll
c:\windows\system32\fybxhs.dll
c:\windows\system32\fyenpi.dll
c:\windows\system32\fyptgvhn.ini
c:\windows\system32\gbxtjw.dll
c:\windows\system32\gdrdoden.dll
c:\windows\system32\gehdwupv.dll
c:\windows\system32\gekgtq.dll
c:\windows\system32\gfyvsr.dll
c:\windows\system32\gggqioqx.ini
c:\windows\system32\ggjeqhqt.dll
c:\windows\system32\ggjimi.dll
c:\windows\system32\ggtamqmk.dll
c:\windows\system32\ghettf.dll
c:\windows\system32\gifekuwe.dll
c:\windows\system32\gjabns.dll
c:\windows\system32\gjoahy.dll
c:\windows\system32\gjstfmnt.dll
c:\windows\system32\gkhuwh.dll
c:\windows\system32\gkoetyip.dll
c:\windows\system32\glattjfl.dll
c:\windows\system32\glctoueq.dll
c:\windows\system32\gmhtmsvn.dll
c:\windows\system32\gmwamp.dll
c:\windows\system32\gncmgyla.ini
c:\windows\system32\gnpfen.dll
c:\windows\system32\gnprtdro.ini
c:\windows\system32\goruvopj.dll
c:\windows\system32\gpcqqocq.dll
c:\windows\system32\guuxpf.dll
c:\windows\system32\guzhip.dll
c:\windows\system32\gwjdrwnw.dll
c:\windows\system32\gwurik.dll
c:\windows\system32\gxxilv.dll
c:\windows\system32\haahyijn.dll
c:\windows\system32\hagbyi.dll
c:\windows\system32\haliwoya.dll
c:\windows\system32\hbtjtyax.dll
c:\windows\system32\hcuaoh.dll
c:\windows\system32\hdwmym.dll
c:\windows\system32\henowosa.dll
c:\windows\system32\hhespbtp.dll
c:\windows\system32\hhpvsu.dll
c:\windows\system32\hidqijrp.dll
c:\windows\system32\hiikie.dll
c:\windows\system32\hmdxnf.dll
c:\windows\system32\hoaivtlt.dll
c:\windows\system32\hpuwbjtc.dll
c:\windows\system32\hsomrasq.dll
c:\windows\system32\htoalhav.dll
c:\windows\system32\hxprciwa.dll
c:\windows\system32\hxuigyxb.dll
c:\windows\system32\ieidjvmb.ini
c:\windows\system32\igejsutr.dll
c:\windows\system32\ihadhbeg.ini
c:\windows\system32\ihdrefew.dll
c:\windows\system32\ihvpcomw.dll
c:\windows\system32\iiffGASM.dll
c:\windows\system32\imdepo.dll
c:\windows\system32\inuvegkn.dll
c:\windows\system32\iogrqtge.dll
c:\windows\system32\iqierw.dll
c:\windows\system32\iswujtba.dll
c:\windows\system32\iuckbvwg.dll
c:\windows\system32\iuvbuifg.dll
c:\windows\system32\iuysyfsq.dll
c:\windows\system32\ivjnxpwt.dll
c:\windows\system32\ixvewqjo.dll
c:\windows\system32\iypugt.dll
c:\windows\system32\jaaldtqc.dll
c:\windows\system32\jbyrbdib.dll
c:\windows\system32\jdjocqii.dll
c:\windows\system32\jemmlmry.dll
c:\windows\system32\jeyhiues.dll
c:\windows\system32\jgqwzx.dll
c:\windows\system32\jgxbbf.dll
c:\windows\system32\jhcorx.dll
c:\windows\system32\jiyktixx.dll
c:\windows\system32\jkqkackv.dll
c:\windows\system32\jpblhk.dll
c:\windows\system32\jqtbsj.dll
c:\windows\system32\jrhbijvr.dll
c:\windows\system32\jshhjyaw.ini
c:\windows\system32\jslgbjtm.ini
c:\windows\system32\jtmxpvtn.dll
c:\windows\system32\jvsqxysf.dll
c:\windows\system32\jvtrkter.dll
c:\windows\system32\jxpcxj.dll
c:\windows\system32\jxyaoa.dll
c:\windows\system32\jzdfjg.dll
c:\windows\system32\kajwkv.dll
c:\windows\system32\kayoqnes.dll
c:\windows\system32\kbinljno.dll
c:\windows\system32\kdkuucda.ini
c:\windows\system32\keduphbl.dll
c:\windows\system32\kfepvd.dll
c:\windows\system32\khrdjucv.dll
c:\windows\system32\kioyvj.dll
c:\windows\system32\kiwtjbtm.dll
c:\windows\system32\kkbmsz.dll
c:\windows\system32\kkefhafe.dll
c:\windows\system32\klbblgdr.dll
c:\windows\system32\klspxh.dll
c:\windows\system32\kmevadnu.ini
c:\windows\system32\kmqutkki.dll
c:\windows\system32\kncfoiri.dll
c:\windows\system32\kolrgnqd.dll
c:\windows\system32\kssmtevt.dll
c:\windows\system32\ktepvamy.dll
c:\windows\system32\ktqqgoup.dll
c:\windows\system32\kvaplx.dll
c:\windows\system32\kxgkgrnl.dll
c:\windows\system32\kyfksuxp.dll
c:\windows\system32\leenue.dll
c:\windows\system32\lhzlxg.dll
c:\windows\system32\liitdb.dll
c:\windows\system32\ljqllm.dll
c:\windows\system32\llcggiwb.dll
c:\windows\system32\lpiihdok.dll
c:\windows\system32\lpzbkl.dll
c:\windows\system32\lqxmpb.dll
c:\windows\system32\lraiak.dll
c:\windows\system32\ltnhbkcn.dll
c:\windows\system32\lujusmfv.dll
c:\windows\system32\lvvsjl.dll
c:\windows\system32\lwfxee.dll
c:\windows\system32\lxtkhqip.dll
c:\windows\system32\lytpqskx.dll
c:\windows\system32\lywuegpe.dll
c:\windows\system32\lyyttimu.dll
c:\windows\system32\mavqanml.dll
c:\windows\system32\mbhyge.dll
c:\windows\system32\mbkqcoxl.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mdmfyl.dll
c:\windows\system32\meskeeuk.dll
c:\windows\system32\mggaokfa.dll
c:\windows\system32\mhlvjwth.dll
c:\windows\system32\mhsffmhl.dll
c:\windows\system32\miladxsp.dll
c:\windows\system32\mizwsk.dll
c:\windows\system32\mjgfrivx.ini
c:\windows\system32\mjkllt.dll
c:\windows\system32\mlcslujs.ini
c:\windows\system32\mnnvtchr.dll
c:\windows\system32\mohdic.dll
c:\windows\system32\mojrvaaq.dll
c:\windows\system32\mpqpdnlx.dll
c:\windows\system32\mprjhdwd.dll
c:\windows\system32\mpsbkkwr.ini
c:\windows\system32\mqltxkfj.dll
c:\windows\system32\MSAGffii.ini
c:\windows\SYSTEM32\MSAGffii.ini2
c:\windows\system32\msxml71.dll
c:\windows\system32\msyebg.dll
c:\windows\system32\mwoctolx.dll
c:\windows\system32\mwsehtap.dll
c:\windows\system32\mwwclqnd.dll
c:\windows\system32\myahlpjd.dll
c:\windows\system32\myevougn.dll
c:\windows\system32\naaugjac.ini
c:\windows\system32\naemef.dll
c:\windows\system32\nawrqc.dll
c:\windows\system32\nbkyas.dll
c:\windows\system32\nbocll.dll
c:\windows\system32\neghfwwv.ini
c:\windows\system32\njorgw.dll
c:\windows\system32\nmafjnjd.dll
c:\windows\system32\nmtenj.dll
c:\windows\system32\nnyrmp.dll
c:\windows\system32\nocvanua.dll
c:\windows\system32\npimetyn.ini
c:\windows\system32\npycrs.dll
c:\windows\system32\nqfhhdjw.ini
c:\windows\system32\nsanpc.dll
c:\windows\system32\nstgxacj.dll
c:\windows\system32\nsvybk.dll
c:\windows\system32\ntlhjrap.ini
c:\windows\system32\ntvpxmtj.ini
c:\windows\system32\nwccpd.dll
c:\windows\system32\nwxqsanj.exe
c:\windows\system32\nxjlyc.dll
c:\windows\system32\nywhpfsp.dll
c:\windows\system32\nzdruk.dll
c:\windows\system32\nzsphb.dll
c:\windows\system32\oageqi.dll
c:\windows\system32\obvebx.dll
c:\windows\system32\ocukpajr.dll
c:\windows\system32\odcjdwet.dll
c:\windows\system32\oeeytahd.dll
c:\windows\system32\ofkfld.dll
c:\windows\system32\ofpemq.dll
c:\windows\system32\ofpjyr.dll
c:\windows\system32\ogiseh.dll
c:\windows\system32\ognpllxv.exe
c:\windows\system32\ogxrjwwo.exe
c:\windows\system32\ohidfbqn.dll
c:\windows\system32\ojrgdals.dll
c:\windows\system32\okghniku.exe
c:\windows\system32\okrpfg.dll
c:\windows\system32\okuyht.dll
c:\windows\system32\olvcwqjt.dll
c:\windows\system32\omhrqaeu.ini
c:\windows\system32\omhxxv.dll
c:\windows\system32\oppiqvdx.dll
c:\windows\system32\orvujl.dll
c:\windows\system32\oswdvtuu.dll
c:\windows\system32\otlajvur.dll
c:\windows\system32\otykklux.dll
c:\windows\system32\owbhxnvf.dll
c:\windows\system32\oxapxq.dll
c:\windows\system32\oygdxido.ini
c:\windows\system32\ozyhkl.dll
c:\windows\system32\pboeqcag.dll
c:\windows\system32\pboyqmwj.dll
c:\windows\system32\pbtsjogg.dll
c:\windows\system32\pdnqdogs.ini
c:\windows\system32\pdyeig.dll
c:\windows\system32\pebfjmem.dll
c:\windows\system32\pflimw.dll
c:\windows\system32\pgayvj.dll
c:\windows\system32\pgsafgou.dll
c:\windows\system32\pgswjiow.dll
c:\windows\system32\phcxswvo.dll
c:\windows\system32\phqgvigx.dll
c:\windows\system32\pjruew.dll
c:\windows\system32\pklnxkpp.dll
c:\windows\system32\pksijz.dll
c:\windows\system32\plbatbya.dll
c:\windows\system32\pleomn.dll
c:\windows\system32\pmpgdy.dll
c:\windows\system32\pnsftn.dll
c:\windows\system32\pofxjsbd.dll
c:\windows\system32\poqbas.dll
c:\windows\system32\porciedb.dll
c:\windows\system32\ppuhea.dll
c:\windows\system32\ppvmbz.dll
c:\windows\system32\prncykmw.dll
c:\windows\system32\psjmmtpq.dll
c:\windows\system32\puogqqtk.ini
c:\windows\system32\puywpgct.ini
c:\windows\system32\pveqnuxv.dll
c:\windows\system32\pvqygx.dll
c:\windows\system32\pxbbtteb.dll
c:\windows\system32\qaxnan.dll
c:\windows\system32\qbvnjhel.dll
c:\windows\system32\qcdwad.dll
c:\windows\system32\qckekwva.dll
c:\windows\system32\qemxar.dll
c:\windows\system32\qfgschim.dll
c:\windows\system32\qjbktl.dll
c:\windows\system32\qkghgz.dll
c:\windows\system32\qksuyrsx.ini
c:\windows\system32\qlkqljmv.dll
c:\windows\system32\qlylfv.dll
c:\windows\system32\qmjhxmcs.dll
c:\windows\system32\qnqvvv.dll
c:\windows\system32\qpzpam.dll
c:\windows\system32\qqhuja.dll
c:\windows\system32\qqigsguf.ini
c:\windows\system32\qqwmfsrp.dll
c:\windows\system32\qsfvpn.dll
c:\windows\system32\qsjuiuqv.dll
c:\windows\system32\qstiso.dll
c:\windows\system32\qtyetz.dll
c:\windows\system32\qukkdscs.dll
c:\windows\system32\quonmuyl.dll
c:\windows\system32\qvmyorvx.dll
c:\windows\system32\qwdjrk.dll
c:\windows\system32\qyhxmokw.dll
c:\windows\system32\ragycm.dll
c:\windows\system32\rajnqs.dll
c:\windows\system32\rbaupe.dll
c:\windows\system32\rdaygglx.ini
c:\windows\system32\rdtwevbd.dll
c:\windows\system32\rertgy.dll
c:\windows\system32\rhigwysl.dll
c:\windows\system32\rhysahwt.dll
c:\windows\system32\rigrqk.dll
c:\windows\system32\rixqkksb.dll
c:\windows\system32\rlfslkph.dll
c:\windows\system32\rnhqoj.dll
c:\windows\system32\roowhynj.dll
c:\windows\system32\rrytcxkn.dll
c:\windows\system32\rsrabfhv.ini
c:\windows\system32\ruvjalto.ini
c:\windows\system32\rvvunwqs.dll
c:\windows\system32\rvvvmyru.dll
c:\windows\system32\rvyvvx.dll
c:\windows\system32\rwqdcl.dll
c:\windows\system32\rxmmpc.dll
c:\windows\system32\rxzhsx.dll
c:\windows\system32\ryaviirp.dll
c:\windows\system32\ryyiek.dll
c:\windows\system32\sacietdx.dll
c:\windows\system32\sagezoju.dll
c:\windows\system32\sajwewvo.dll
c:\windows\system32\sarkos.dll
c:\windows\system32\sbimcr.dll
c:\windows\system32\sctysq.dll
c:\windows\system32\sextdfyt.dll
c:\windows\system32\sfmywt.dll
c:\windows\system32\sfnvto.dll
c:\windows\system32\sfnwvxxq.exe
c:\windows\system32\sjeukc.dll
c:\windows\system32\sjeyuowt.ini
c:\windows\system32\sjulsclm.dll
c:\windows\system32\sovntz.dll
c:\windows\system32\spgehdib.dll
c:\windows\system32\ssuftwjc.dll
c:\windows\system32\ssvpki.dll
c:\windows\system32\susybp.dll
c:\windows\system32\svlapjdy.dll
c:\windows\system32\svqkzp.dll
c:\windows\system32\swlcykhs.dll
c:\windows\system32\swxqgald.dll
c:\windows\system32\tacifivl.dll
c:\windows\system32\tbdrpnyt.dll
c:\windows\system32\tberkr.dll
c:\windows\system32\tbiind.dll
c:\windows\system32\tbwghors.dll
c:\windows\system32\tcgpwyup.dll
c:\windows\system32\tdswimdf.dll
c:\windows\system32\tergwqww.dll
c:\windows\system32\tewovx.dll
c:\windows\system32\tfannequ.dll
c:\windows\system32\tgjylz.dll
c:\windows\system32\tgzksb.dll
c:\windows\system32\thgyvags.dll
c:\windows\system32\tjqomc.dll
c:\windows\system32\tjxneeqh.dll
c:\windows\system32\tkgpeq.dll
c:\windows\system32\tkibnifj.dll
c:\windows\system32\tmjssruw.dll
c:\windows\system32\tmqkcuvy.ini
c:\windows\system32\tmulyljv.ini
c:\windows\system32\tnfxwvff.dll
c:\windows\system32\tolnwz.dll
c:\windows\system32\tqnqkavu.ini
c:\windows\system32\tqxxjl.dll
c:\windows\system32\trbdurib.dll
c:\windows\system32\trjjuplb.dll
c:\windows\system32\trwjwg.dll
c:\windows\system32\ttuupewu.ini
c:\windows\system32\tulfdt.dll
c:\windows\system32\tuudki.dll
c:\windows\system32\tvuxyq.dll
c:\windows\system32\twbqso.dll
c:\windows\system32\twjtwplq.dll
c:\windows\system32\twnoxlva.dll
c:\windows\system32\twnxxc.dll
c:\windows\system32\twoyhrcw.dll
c:\windows\system32\twtbtn.dll
c:\windows\system32\twuovn.dll
c:\windows\system32\twydofse.dll
c:\windows\system32\txooeftl.ini
c:\windows\system32\txqkkggo.dll
c:\windows\system32\tynprdbt.ini
c:\windows\system32\ubyyyqbq.dll
c:\windows\system32\ucyugpne.dll
c:\windows\system32\ugkwjxoy.dll
c:\windows\system32\ugrdwx.dll
c:\windows\system32\ujesejqh.exe
c:\windows\system32\ujmxzt.dll
c:\windows\system32\ukibacii.dll
c:\windows\system32\ulbpbish.dll
c:\windows\system32\uleirghf.dll
c:\windows\system32\ulsljefs.dll
c:\windows\system32\umiekufx.dll
c:\windows\system32\ummpqyqc.dll
c:\windows\system32\undavemk.dll
c:\windows\system32\uounphoc.dll
c:\windows\system32\utkrfywb.exe
c:\windows\system32\uupdluqo.dll
c:\windows\system32\uveycrvm.dll
c:\windows\system32\uvmqbe.dll
c:\windows\system32\uvmuffhy.dll
c:\windows\system32\uvqhldkq.dll
c:\windows\system32\uvwxysxu.ini
c:\windows\system32\uwepuutt.dll
c:\windows\system32\uwpiit.dll
c:\windows\system32\uxbhpdyo.dll
c:\windows\system32\vavbvfyn.ini
c:\windows\system32\vblnvcaa.dll
c:\windows\system32\vbxwnyve.ini
c:\windows\system32\vcnfho.dll
c:\windows\system32\vcpvvnnr.dll
c:\windows\system32\vdbaiugn.ini
c:\windows\system32\vdjmdi.dll
c:\windows\system32\vdjqvv.dll
c:\windows\system32\veeooyjo.ini
c:\windows\system32\veexhroi.dll
c:\windows\system32\vepravey.dll
c:\windows\system32\veshpyav.dll
c:\windows\system32\vfmsujul.ini
c:\windows\system32\vgtfpz.dll
c:\windows\system32\vheejbnm.dll
c:\windows\system32\vhfbarsr.dll
c:\windows\system32\vjsrgp.dll
c:\windows\system32\vjsyhylh.ini
c:\windows\system32\vlhgoc.dll
c:\windows\system32\vmvjle.dll
c:\windows\system32\volhdxvy.dll
c:\windows\system32\vqpbrrit.dll
c:\windows\system32\vqsgrqfn.exe
c:\windows\system32\vquiujsq.ini
c:\windows\system32\vtldgf.dll
c:\windows\system32\vtuplc.dll
c:\windows\system32\vxdamaad.dll
c:\windows\system32\vxqwyf.dll
c:\windows\system32\wcwxpbou.ini
c:\windows\system32\wdmqgn.dll
c:\windows\system32\wdofmkcn.ini
c:\windows\system32\wdsckhnr.dll
c:\windows\system32\wenwuv.dll
c:\windows\system32\weybnw.dll
c:\windows\system32\wffqba.dll
c:\windows\system32\wfsmxaty.dll
c:\windows\system32\wgvxmlys.dll
c:\windows\system32\whynme.dll
c:\windows\system32\wkcdql.dll
c:\windows\system32\wlxfpd.dll
c:\windows\system32\wmpepn.dll
c:\windows\system32\wnbqnlae.dll
c:\windows\system32\woxvsvng.ini
c:\windows\system32\wpv441229907565.cpx
c:\windows\system32\wpv741229907565.cpx
c:\windows\system32\wrsujwfa.dll
c:\windows\system32\wsfeivvi.dll
c:\windows\system32\wtgchpjr.dll
c:\windows\system32\wvlutmaj.dll
c:\windows\system32\wwqozw.dll
c:\windows\system32\wyovyw.dll
c:\windows\system32\xareliai.dll
c:\windows\system32\xbfbdlun.exe
c:\windows\system32\xbysfquq.exe
c:\windows\system32\xdcvsfxf.dll
c:\windows\system32\xdepjh.dll
c:\windows\system32\xgrwsawp.dll
c:\windows\system32\xhqowbgu.dll
c:\windows\system32\xicnhs.dll
c:\windows\system32\xjoltlyd.dll
c:\windows\system32\xkcxcvax.dll
c:\windows\system32\xlfxswes.dll
c:\windows\system32\xlxhmp.dll
c:\windows\system32\xmdqaujy.dll
c:\windows\system32\xnyanhel.dll
c:\windows\system32\xpmrywig.dll
c:\windows\system32\xpubrwvl.dll
c:\windows\system32\xqtkivpb.dll
c:\windows\system32\xrfhwbfa.dll
c:\windows\system32\xrgdsc.dll
c:\windows\system32\xtfnin.dll
c:\windows\system32\xumynd.dll
c:\windows\system32\xwibxbje.ini
c:\windows\system32\xwonhd.dll
c:\windows\system32\xwstet.dll
c:\windows\system32\xwxsvqjx.dll
c:\windows\system32\xxirix.dll
c:\windows\system32\yajono.dll
c:\windows\system32\ybuwunoq.dll
c:\windows\system32\ycguuohc.dll
c:\windows\system32\ycmhge.dll
c:\windows\system32\ydylzm.dll
c:\windows\system32\yeblukpf.dll
c:\windows\system32\yeonlnhk.dll
c:\windows\system32\yewkwx.dll
c:\windows\system32\yfrcul.dll
c:\windows\system32\yfsunoch.ini
c:\windows\system32\yfuicn.dll
c:\windows\system32\ygwmsb.dll
c:\windows\system32\yhoyvpbk.ini
c:\windows\system32\yiscohnv.ini
c:\windows\system32\yjynjfyj.dll
c:\windows\system32\ykdsyays.dll
c:\windows\system32\ykjzdx.dll
c:\windows\system32\ymwazv.dll
c:\windows\system32\ymycch.dll
c:\windows\system32\ynavhowh.dll
c:\windows\system32\ypmygpjl.ini
c:\windows\system32\ypvyjbph.dll
c:\windows\system32\yqrmpccb.dll
c:\windows\system32\ysdcps.dll
c:\windows\system32\yshkjo.dll
c:\windows\system32\yvhsbdmo.exe
c:\windows\system32\yvhuas.dll
c:\windows\system32\yvokydwy.dll
c:\windows\system32\yvucrc.dll
c:\windows\system32\ywtmqaik.dll
c:\windows\system32\yxpwsb.dll
c:\windows\system32\yyggjwlr.ini
c:\windows\system32\yytigpwb.ini
c:\windows\system32\zhykbd.dll
c:\windows\system32\zkhksw.dll
c:\windows\system32\zryjws.dll
c:\windows\system32\ztpbfk.dll
c:\windows\system32\zvccjt.dll
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
c:\windows\wiaserviv.log
c:\windows\zaponce53173.dat
c:\windows\zaponce53290.dat

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_driver
-------\Legacy_driverdrv
-------\Legacy_podmena
-------\Legacy_podmenadrv
-------\Service_driver
-------\Service_driverdrv
-------\Service_podmena
-------\Service_podmenadrv

((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-08 08:41 . 2009-07-08 08:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-08 04:48 . 2009-07-08 04:48 -------- d-----w- c:\program files\Trend Micro
2009-06-18 05:10 . 2009-06-18 05:10 -------- d-----w- c:\documents and settings\Owner\Application Data\IrfanView
2009-06-17 14:18 . 2009-06-17 14:18 2 ----a-w- c:\windows\104116116112584747.dat
2009-06-17 14:16 . 2009-06-19 18:40 164 ----a-w- C:\nm8912.bat
2009-06-15 18:15 . 2009-06-15 18:15 159 ----a-w- C:\d45.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 18:02 . 2008-08-21 17:57 110284 ----a-w- c:\windows\system32\drivers\Beep.SYS
2009-07-12 07:19 . 2008-08-21 17:59 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-08 04:02 . 2009-06-06 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\16826524
2009-06-19 18:39 . 2009-03-19 18:39 15360 --sha-w- c:\windows\system32\tohuredu.exe
2009-06-18 20:31 . 2009-03-18 20:31 15360 --sha-w- c:\windows\system32\fodehofi.exe
2009-06-18 08:31 . 2009-03-18 08:31 15360 --sha-w- c:\windows\system32\papupona.exe
2009-06-18 02:16 . 2009-03-18 02:16 15360 --sha-w- c:\windows\system32\pakaride.exe
2009-06-17 14:16 . 2009-03-17 14:16 15360 --sha-w- c:\windows\system32\rowesezo.exe
2009-06-15 18:14 . 2009-03-15 18:14 15360 --sha-w- c:\windows\system32\zegipaso.exe
2009-06-11 16:54 . 2009-06-11 16:54 -------- d-----w- c:\program files\microsoft frontpage
2009-06-11 06:49 . 2009-06-11 06:49 227 ----a-w- c:\windows\PowerReg.dat
2009-06-11 06:48 . 2009-06-11 06:48 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-11 06:41 . 1990-01-01 16:02 -------- d-----r- c:\program files\Accessories
2009-06-06 03:08 . 2009-06-06 03:08 47137 ----a-w- c:\documents and settings\All Users\Application Data\96836516\96836516.exe
2009-06-06 03:08 . 2009-06-06 03:08 368673 ----a-w- c:\documents and settings\All Users\Application Data\16826524\16826524.exe
2009-06-06 03:08 . 2009-06-06 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\96836516
2009-06-05 03:07 . 2008-09-02 21:14 -------- d-----w- c:\program files\World of Warcraft
2009-06-04 17:50 . 2009-06-04 17:50 36352 ----a-w- c:\documents and settings\All Users\proto.dll
2009-06-03 19:21 . 2009-06-03 17:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 17:35 . 2008-12-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-27 22:05 . 2009-05-27 22:05 123904 ----a-w- c:\windows\system32\cdsnz.dll
2009-04-20 05:41 . 2009-04-20 05:41 121 -csha-w- c:\windows\system32\nadtaykm.tmp
.

------- Sigcheck -------

[-] 2009-06-03 18:10 110284 5CED6DCF2E5FDAC76199B2B729C15A09 c:\windows\SYSTEM32\dllcache\beep.sys
[-] 2009-07-12 18:02 110284 5CED6DCF2E5FDAC76199B2B729C15A09 c:\windows\SYSTEM32\DRIVERS\Beep.SYS

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8085:TCP"= 8085:TCP:driver

.
Contents of the 'Scheduled Tasks' folder

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-789336058-1060284298-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-03 22:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{68b3d60e-5d13-4695-b3e7-83d3f1772dc6} - c:\windows\system32\iiffGASM.dll
HKCU-Run-Aim6 - (no file)
ShellExecuteHooks-{90cbbaaf-62d4-439f-809a-3d07d07f576f} - c:\windows\system32\gmwamp.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 14:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset006\Services\Beep]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\controlset006\Services\BITS\Parameters]
@DACL=(02 0000)
"ServiceDll"=expand:"c:\\WINDOWS\\system32\\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\controlset006\Services\BITS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-12 14:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-12 18:04

Pre-Run: 101,187,854,336 bytes free
Post-Run: 103,967,133,696 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=5 LastKnownGood=2 Sets=1,2,3,4,5,6
786 --- E O F --- 2008-12-18 08:04

Blade81 · Jul 12, 2009

Hi again,

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file & a fresh dds.txt log in your next reply.

meekonfire · Jul 12, 2009

Malwarebytes' Anti-Malware 1.38
Database version: 2413
Windows 5.1.2600 Service Pack 3

7/12/2009 2:57:27 PM
mbam-log-2009-07-12 (14-57-26).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 102782
Time elapsed: 20 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 352

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\16826524\16826524.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\96836516\96836516.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\driver\driver.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\driver\driver.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\podmena\podmena.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\podmena\podmena.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\msa.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\nocvanua.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\aisjmi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\aoapwbda.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\arwkyewd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\bbhcckld.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\bemduy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\bjoaeb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\bmvjdiei.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\brlarjbx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\bwafkhpx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\cablki.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\chklvr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\cmxrqj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\edelrf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ejbxbiwx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\fxqftxfn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\crmheytj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\doogtz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\dypjyy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\eeshuani.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\efwqsxox.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\eiwnqlka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\elucgv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ewwcmx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ezydce.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\faqpbu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\fbbjerdn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\fcovmouq.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\fugsgiqq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\fuiqvdcj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\fvdcuuun.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\gehdwupv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\gekgtq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ggjimi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ghettf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\glctoueq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\goruvopj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\gwurik.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\gxxilv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\hdwmym.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\hpuwbjtc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\htoalhav.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ihdrefew.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\iiffGASM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\jeyhiues.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\jgxbbf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\jiyktixx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\jtmxpvtn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\jvsqxysf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\jvtrkter.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\kioyvj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\klspxh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ktqqgoup.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\llcggiwb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\lraiak.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ltnhbkcn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\lujusmfv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\lxtkhqip.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\lywuegpe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\lyyttimu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\mbhyge.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\mggaokfa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\mizwsk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\mwoctolx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\hagbyi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\kiwtjbtm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\mdmfyl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\nsanpc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\nwxqsanj.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\nxjlyc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ocukpajr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\oeeytahd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ofkfld.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ognpllxv.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ogxrjwwo.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ohidfbqn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\okghniku.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\okrpfg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\omhxxv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\otlajvur.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\oxapxq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\pebfjmem.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\plbatbya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ppuhea.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\prncykmw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\psjmmtpq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\pveqnuxv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\qbvnjhel.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\qjbktl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\qlylfv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\qsjuiuqv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\quonmuyl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\rdtwevbd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\rhysahwt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\rlfslkph.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\rnhqoj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\sarkos.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\sbimcr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\sfnwvxxq.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\sjulsclm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\susybp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\svlapjdy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\svqkzp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tacifivl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tbdrpnyt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tberkr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tbwghors.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tcgpwyup.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tdswimdf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\pvqygx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tfannequ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tgzksb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tjxneeqh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tkgpeq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tmjssruw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tqxxjl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\trwjwg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tuudki.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\twydofse.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\txqkkggo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ujesejqh.exe.vir (Delf.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ukibacii.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\undavemk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\utkrfywb.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\vdjmdi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\veexhroi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\vepravey.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\veshpyav.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\vhfbarsr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\volhdxvy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\vtuplc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\wffqba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\wfsmxaty.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\wgvxmlys.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\whynme.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\wpv441229907565.cpx.vir (Adware.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\wpv741229907565.cpx.vir (Adware.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\wsfeivvi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\xbfbdlun.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\xbysfquq.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\xdcvsfxf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\xdepjh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\xlxhmp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\xpubrwvl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ycguuohc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ykjzdx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\tergwqww.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\uvqhldkq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\vgtfpz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\vqsgrqfn.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\wmpepn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\wwqozw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\xicnhs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\ymwazv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\yqrmpccb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\yvhsbdmo.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\zhykbd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\zryjws.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\zvccjt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\SYSTEM32\__c00C839A.dat.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP256\A0075400.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP256\A0076398.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP256\A0077400.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP256\A0077401.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077495.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077496.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077503.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077614.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077558.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077598.dll (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077600.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077602.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077606.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077607.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077608.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077612.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP257\A0077613.exe (Trojan.Winwebsec) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123037.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123038.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123039.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123041.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123050.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123057.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123070.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123083.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123090.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123040.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123058.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123095.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123099.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123134.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123143.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123275.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123304.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123313.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123317.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123330.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123345.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123349.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123355.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123356.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123362.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123365.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123369.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123370.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123371.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123373.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123374.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123378.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123385.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123393.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123403.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123412.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123416.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123417.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123420.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123425.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123429.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123441.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123449.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123452.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123455.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123456.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123478.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123481.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123486.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123487.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123488.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123491.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123493.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123495.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123496.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123497.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123498.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123500.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123502.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123514.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123517.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123520.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123529.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123531.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123537.exe (Delf.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123539.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123545.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123547.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123552.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123563.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123566.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123567.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123568.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123570.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123579.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123582.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123591.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123592.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123604.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123607.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123608.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123609.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123610.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123613.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123364.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123382.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123472.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123508.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123634.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123617.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123621.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123648.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123649.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123654.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123657.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123665.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{001605f9-64e2-4322-8e6e-9d4b9c500a6e}\RP265\A0123669.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\Beep.SYS (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\d45.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\nm8912.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\proto.dll (Trojan.Agent) -> Quarantined and deleted successfully.

So far everything is working a million times better

!!!

Blade81 · Jul 12, 2009

Please post a fresh dds.txt too

meekonfire · Jul 12, 2009

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 18:23:20.67 on Sun 07/12/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.149 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-07-12 14:30 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-07-12 14:30 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 14:30 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 14:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-12 14:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 14:02 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-12 03:08 <DIR> a-dshr-- C:\cmdcons
2009-07-12 03:06 212,992 a------- c:\windows\PEV.exe
2009-07-12 03:06 161,792 a------- c:\windows\SWREG.exe
2009-07-12 03:06 98,816 a------- c:\windows\sed.exe
2009-07-08 00:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-18 01:10 <DIR> --d----- c:\docume~1\owner\applic~1\IrfanView
2009-06-17 10:18 2 a------- c:\windows\104116116112584747.dat

==================== Find3M ====================

2009-07-12 03:19 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-06-19 14:39 15,360 a--sh--- c:\windows\system32\tohuredu.exe
2009-06-18 16:31 15,360 a--sh--- c:\windows\system32\fodehofi.exe
2009-06-18 04:31 15,360 a--sh--- c:\windows\system32\papupona.exe
2009-06-17 22:16 15,360 a--sh--- c:\windows\system32\pakaride.exe
2009-06-17 10:16 15,360 a--sh--- c:\windows\system32\rowesezo.exe
2009-06-15 14:14 15,360 a--sh--- c:\windows\system32\zegipaso.exe
2009-05-27 18:05 123,904 a------- c:\windows\system32\cdsnz.dll
2008-08-21 12:24 266 ---sh--- c:\program files\desktop.ini

============= FINISH: 18:26:47.15 ===============

Blade81 · Jul 13, 2009

Hi again

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\104116116112584747.dat
c:\windows\system32\tohuredu.exe
c:\windows\system32\fodehofi.exe
c:\windows\system32\papupona.exe
c:\windows\system32\pakaride.exe
c:\windows\system32\rowesezo.exe
c:\windows\system32\zegipaso.exe
c:\windows\system32\cdsnz.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-

Reglock::
[HKEY_LOCAL_MACHINE\System\controlset006\Services\BITS\Parameters]
[HKEY_LOCAL_MACHINE\System\controlset006\Services\BITS\Security]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

meekonfire · Jul 14, 2009

Kapersky said my computer doesn't meet the requirements to use the software even after I downloaded the new version of Java as well as removing the old versions.

here's my DDS:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 18:25:48.59 on Tue 07/14/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.252 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-07-14 18:16 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-14 18:04 <DIR> --ds---- C:\ComboFix
2009-07-14 17:58 <DIR> --d----- c:\documents and settings\owner\.SunDownloadManager
2009-07-12 14:30 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-07-12 14:30 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 14:30 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 14:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-12 14:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 14:02 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-12 03:08 <DIR> a-dshr-- C:\cmdcons
2009-07-12 03:06 219,648 a------- c:\windows\PEV.exe
2009-07-12 03:06 161,792 a------- c:\windows\SWREG.exe
2009-07-12 03:06 98,816 a------- c:\windows\sed.exe
2009-07-08 00:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-18 01:10 <DIR> --d----- c:\docume~1\owner\applic~1\IrfanView

==================== Find3M ====================

2009-07-14 18:15 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-12 03:19 182,656 a------- c:\windows\system32\drivers\ndis.sys
2008-08-21 12:24 266 ---sh--- c:\program files\desktop.ini

============= FINISH: 18:26:35.33 ===============

& combofix:

ComboFix 09-07-13.01 - Owner 07/14/2009 18:05.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.319 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\windows\104116116112584747.dat"
"c:\windows\system32\cdsnz.dll"
"c:\windows\system32\fodehofi.exe"
"c:\windows\system32\pakaride.exe"
"c:\windows\system32\papupona.exe"
"c:\windows\system32\rowesezo.exe"
"c:\windows\system32\tohuredu.exe"
"c:\windows\system32\zegipaso.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\104116116112584747.dat
c:\windows\system32\cdsnz.dll
c:\windows\system32\fodehofi.exe
c:\windows\system32\pakaride.exe
c:\windows\system32\papupona.exe
c:\windows\system32\rowesezo.exe
c:\windows\system32\tohuredu.exe
c:\windows\system32\zegipaso.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 21:58 . 2009-07-14 21:59 -------- d-----w- c:\documents and settings\Owner\.SunDownloadManager
2009-07-12 18:30 . 2009-07-12 18:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-12 18:30 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 18:30 . 2009-07-12 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-12 18:30 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 18:30 . 2009-07-12 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 08:41 . 2009-07-08 08:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-08 04:48 . 2009-07-08 04:48 -------- d-----w- c:\program files\Trend Micro
2009-06-18 05:10 . 2009-06-18 05:10 -------- d-----w- c:\documents and settings\Owner\Application Data\IrfanView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 18:57 . 2009-06-06 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\96836516
2009-07-12 18:57 . 2009-06-06 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\16826524
2009-07-12 07:19 . 2008-08-21 17:59 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-11 16:54 . 2009-06-11 16:54 -------- d-----w- c:\program files\microsoft frontpage
2009-06-11 06:49 . 2009-06-11 06:49 227 ----a-w- c:\windows\PowerReg.dat
2009-06-11 06:48 . 2009-06-11 06:48 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-11 06:41 . 1990-01-01 16:02 -------- d-----r- c:\program files\Accessories
2009-06-05 03:07 . 2008-09-02 21:14 -------- d-----w- c:\program files\World of Warcraft
2009-06-03 19:21 . 2009-06-03 17:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 17:35 . 2008-12-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-20 05:41 . 2009-04-20 05:41 121 -csha-w- c:\windows\system32\nadtaykm.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-07-12_18.01.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 18:06 . 2009-07-12 07:52 16384 c:\windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-789336058-1060284298-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-03 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 18:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-14 18:13
ComboFix-quarantined-files.txt 2009-07-14 22:13
ComboFix2.txt 2009-07-12 18:04

Pre-Run: 103,819,436,032 bytes free
Post-Run: 103,786,655,744 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=2 Sets=1,2,3,4,5,6
103 --- E O F --- 2008-12-18 08:04

Blade81 · Jul 15, 2009

Hi,

Chrome is not supported. If you tried to run scanner with it then please use Internet Explorer for scanning

Blade81 · Jul 22, 2009

Hi,

What's the status here?

Blade81 · Aug 1, 2009

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

Spoolsv.exe, Versclid.exe and other problems.

meekonfire

New member

Blade81

Security Expert: Emeritus

meekonfire

New member

meekonfire

New member

Blade81

Security Expert: Emeritus

meekonfire

New member

Blade81

Security Expert: Emeritus

meekonfire

New member

Blade81

Security Expert: Emeritus

meekonfire

New member

Blade81

Security Expert: Emeritus

meekonfire

New member

Blade81

Security Expert: Emeritus

Blade81

Security Expert: Emeritus

Blade81

Security Expert: Emeritus