Malwarebytes isn't removing my malware attack

jakedajewler · May 17, 2010

Hi, I have been having huge problems with my laptop, in the last 3 weeks i've had 3 malware attacks the first 2 where the fake anti virus attacks which compeltey took over my computer and the only way i could get things back and running was to wipe it all out and put everything back on my computer start fresh, now 2 weeks after that i have another one, this time it isn't the fake virus alert but it's acting the same way except it's not quite as bad, I keep getting pages pop up on the screen that say things like truckurl.com, lumberart.com, thegoclick.biz stuff like this even when i'm not on interent explorer they'll just pop up on the screen over and over again. When i run malwarebytes it finds them and say's it deleted them succesfully but when i reboot and come back on they come back, What do I do to get rid of them? and how do i stop getting these attacks all the time?

extremeboy · May 18, 2010

Hello and welcome to the forums!

My name is Extremeboy (or EB for short), and I will be helping you with your log.

Pease take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don't hear from you in five days this thread will be closed.

With Regards,

Extremeboy

jakedajewler · May 19, 2010

DDS (Ver_10-03-17.01) - NTFSX64

Run by mike at 22:48:16.13 on Tue 05/18/2010

Internet Explorer: 7.0.6001.18000

Microsoft

ark.zip

Attach.zip

extremeboy · May 20, 2010

I see a few infections in the logs, let's see if Malwarebytes can disinfect/remove those.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
[*]Then click Finish.
[*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
[*]On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
[*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
[*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
[*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
[*]Click OK to close the message box and continue with the removal process.
[*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
[*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

jakedajewler · May 21, 2010

Hey thanks for the help, I ran malwarebytes and it came up with 12 itmes, but when i went to remove them a message came up saying not all items could be removed, I rebooted and here's the log.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4122

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

5/20/2010 9:51:37 PM

mbam-log-2010-05-20 (21-51-37).txt

Scan type: Quick scan

Objects scanned: 116017

Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\mike\AppData\Local\Temp\b8n8nse.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\mike\AppData\Local\Temp\imiyus.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\mike\AppData\Local\Temp\Kbj.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\mike\AppData\Local\Temp\ncrsaoexwm.exe (Rogue.APManager.Gen) -> Quarantined and deleted successfully.

C:\Users\mike\AppData\Local\Temp\rwt1dnst.exe (Worm.Pinit) -> Quarantined and deleted successfully.

C:\Users\mike\AppData\Local\Temp\tyysqcc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\mike\AppData\Local\Temp\xcsnowraem.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Windows\Temp\ncr5ED1.tmp (Rogue.APManager.Gen) -> Quarantined and deleted successfully.

C:\Users\mike\AppData\Local\Temp\win.exe (Trojan.Downloader) -> Delete on reboot.

C:\Users\mike\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

extremeboy · May 22, 2010

In that case, please run Malwarebytes once more.

Take a new DDS run afterward and post that log as well so I can take a look if it was actually removed or not.

Thanks and sorry for the delay.

jakedajewler · May 22, 2010

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe

C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe

C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Java\jre6\bin\jucheck.exe

C:\Program Files (x86)\Internet Explorer\IEUser.exe

C:\Windows\system32\DllHost.exe

C:\Users\mike\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

mRun: [OrderReminder] "c:\program files (x86)\hewlett-packard\orderreminder\OrderReminder.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\corelr~1.lnk - c:\program files (x86)\corel\wordperfect office 2000\register\Remind32.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\corelr~1.lnk - c:\program files (x86)\corel\wordperfect office 2000\register\Remind32.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\corelc~1.lnk - c:\program files (x86)\corel\wordperfect office 2000\programs\ccwin9.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\corelc~2.lnk - c:\program files (x86)\corel\wordperfect office 2000\programs\alarm.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files (x86)\corel\wordperfect office 2000\programs\dad9.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpotdd01.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun-x64: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun-x64: [igfxTray] c:\windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe

============= SERVICES / DRIVERS ===============

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-4-23 93184]

S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-16 50176]

=============== Created Last 30 ================

2010-05-22 22:45:52 0 ----a-w- c:\users\mike\defogger_reenable

2010-05-18 23:36:11 0 d-----w- c:\programdata\Adobe

2010-05-18 23:35:15 0 d-----w- c:\programdata\NOS

2010-05-18 02:08:55 0 d-----w- c:\program files (x86)\VideoLAN

2010-05-11 18:28:17 974848 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-11 18:28:16 738304 ----a-w- c:\windows\syswow64\inetcomm.dll

2010-05-09 06:20:45 0 d-----w- c:\program files (x86)\Microsoft

2010-05-09 06:19:51 0 d-----w- c:\windows\PCHEALTH

2010-05-09 02:17:59 0 d-----w- c:\program files (x86)\Veetle

2010-05-05 22:15:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-05-05 22:15:47 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2010-05-05 22:15:47 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll

2010-05-05 22:14:36 0 d-----w- c:\program files\iPod

2010-05-05 22:14:32 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2010-05-05 22:14:32 0 d-----w- c:\program files\iTunes

2010-05-05 22:14:32 0 d-----w- c:\program files (x86)\iTunes

2010-05-05 22:13:04 0 d-----w- c:\programdata\Apple Computer

2010-05-05 22:12:36 0 d-----w- c:\programdata\Google

2010-05-05 22:09:15 0 d-----w- c:\program files\common files\Apple

2010-05-05 22:08:50 0 d-----w- c:\program files\Bonjour

2010-05-05 22:08:50 0 d-----w- c:\program files (x86)\Bonjour

2010-05-05 22:08:35 0 d-----w- c:\programdata\Apple

2010-05-05 05:02:39 0 d-----w- c:\program files (x86)\common files\DivX Shared

2010-05-05 05:02:12 0 d-----w- c:\program files (x86)\DivX

2010-05-05 05:01:56 0 d-----w- c:\programdata\DivX

2010-04-26 22:04:42 353592 ----a-w- c:\windows\syswow64\DivXControlPanelApplet.cpl

2010-04-23 06:01:43 49160 ----a-w- c:\windows\system32\infocardcpl.cpl

2010-04-23 05:50:40 13824 ----a-w- c:\windows\system32\netfxperf.dll

2010-04-23 05:50:39 41984 ----a-w- c:\windows\syswow64\netfxperf.dll

2010-04-23 05:50:28 96760 ----a-w- c:\windows\syswow64\dfshim.dll

2010-04-23 05:50:28 112120 ----a-w- c:\windows\system32\dfshim.dll

2010-04-23 05:50:22 406528 ----a-w- c:\windows\system32\mscoree.dll

2010-04-23 05:50:22 282112 ----a-w- c:\windows\syswow64\mscoree.dll

2010-04-23 05:50:16 158720 ----a-w- c:\windows\syswow64\mscorier.dll

2010-04-23 05:50:16 158208 ----a-w- c:\windows\system32\mscorier.dll

2010-04-23 05:50:14 76288 ----a-w- c:\windows\system32\mscories.dll

2010-04-23 05:50:13 83968 ----a-w- c:\windows\syswow64\mscories.dll

2010-04-23 05:46:54 32768 ----a-w- c:\windows\system32\nshhttp.dll

2010-04-23 05:46:54 24064 ----a-w- c:\windows\syswow64\nshhttp.dll

2010-04-23 05:46:52 610304 ----a-w- c:\windows\system32\drivers\http.sys

2010-04-23 05:46:52 33792 ----a-w- c:\windows\system32\httpapi.dll

2010-04-23 05:46:52 31232 ----a-w- c:\windows\syswow64\httpapi.dll

==================== Find3M ====================

2010-05-12 13:51:16 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-05-05 22:11:58 86016 ----a-w- c:\windows\inf\infstor.dat

2010-05-05 22:11:58 51200 ----a-w- c:\windows\inf\infpub.dat

2010-05-05 22:11:57 86016 ----a-w- c:\windows\inf\infstrng.dat

2010-04-29 18:09:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-23 07:04:47 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-04-22 22:24:58 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-04-22 22:24:58 149280 ----a-w- c:\windows\syswow64\javaws.exe

2010-04-22 22:24:58 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-04-22 22:24:58 145184 ----a-w- c:\windows\syswow64\java.exe

2010-04-22 19:10:54 20460 ----a-w- c:\windows\hpoins01.dat

2010-04-22 06:15:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2010-04-16 18:00:00 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll

2010-04-16 11:03:36 50176 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2010-04-16 11:03:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-08 16:03:00 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 16:03:00 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-08 15:50:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-04-08 15:50:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-03-15 09:31:48 165376 ----a-w- c:\windows\syswow64\unrar.dll

2010-03-09 16:54:17 1032704 ----a-w- c:\windows\system32\wininet.dll

2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll

2010-03-09 16:28:40 833024 ----a-w- c:\windows\syswow64\wininet.dll

2010-03-09 16:28:27 1174528 ----a-w- c:\windows\syswow64\urlmon.dll

2010-03-09 16:27:21 146432 ----a-w- c:\windows\syswow64\occache.dll

2010-03-09 16:26:20 671232 ----a-w- c:\windows\syswow64\mstime.dll

2010-03-09 16:26:11 476672 ----a-w- c:\windows\syswow64\mshtmled.dll

2010-03-09 16:26:11 3586048 ----a-w- c:\windows\syswow64\mshtml.dll

2010-03-09 16:26:10 458240 ----a-w- c:\windows\syswow64\msfeeds.dll

2010-03-09 16:25:38 28160 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-03-09 16:25:24 270848 ----a-w- c:\windows\syswow64\iertutil.dll

2010-03-09 16:25:24 193024 ----a-w- c:\windows\syswow64\iepeers.dll

2010-03-09 16:25:23 6069248 ----a-w- c:\windows\syswow64\ieframe.dll

2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll

2010-03-09 16:25:21 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-03-09 16:25:21 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll

2010-03-09 16:25:21 230400 ----a-w- c:\windows\syswow64\ieaksie.dll

2010-03-09 14:28:42 32768 ----a-w- c:\windows\system32\ieUnatt.exe

2010-03-09 14:01:47 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe

2010-03-04 18:54:51 430080 ----a-w- c:\windows\syswow64\vbscript.dll

2010-03-04 18:45:31 603648 ----a-w- c:\windows\system32\vbscript.dll

2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini

2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini

2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:23:17.90 ===============

Attach__2_.zip

extremeboy · May 23, 2010

Did you run Malwarebytes once more? If not, please do so and post the log. If so, please post the log.

jakedajewler · May 24, 2010

yes I did, here is the log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4122

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

5/22/2010 8:21:18 PM

mbam-log-2010-05-22 (20-21-18).txt

Scan type: Quick scan

Objects scanned: 115922

Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

extremeboy · May 24, 2010

Hello.

Looking better. I see no anti-virus software's installed however. Having one installed is essential for safety while on the internet. Please go here: http://computermalwaresecurity.blogspot.co...tware-list.html and install an anti-virus software.

Update it upon completion and let me know how your computer is performing right now as well.

~Extremeboy

jakedajewler · May 24, 2010

Thanks so much for your help, my computer seems to be running fine now, all i'm worried about is the 2 items it said couldn't be removed, cause it seems i get a virus that's very similar every 2 or 3 weeks for the last couple months

jakedajewler · May 24, 2010

I just downloaded Avira and reboot my computer and it avira came up and said malware detected and then i just removed it, this is what i'm saying it's almost like this stuff hides and then when you think there's nothing on there cause it doesn't come up in malwarebytes scan, it pops back up

extremeboy · May 24, 2010

Can you show me what Avira detected and removed?

all i'm worried about is the 2 items it said couldn't be removed, cause it seems i get a virus that's very similar every 2 or 3 weeks for the last couple months

Which 2 items that couldn't be removed?

jakedajewler · May 24, 2010

ah just look at my post above it where it say's that i ran malwarebytes and 12 itmes came up but it said not all items could be removed but look at the log it only shows 10 items so 2 weren't removed, but i had no idea what they are or what that even means, haha

extremeboy · May 25, 2010

10 items were the files but the other two were registry related.

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 10

jakedajewler · May 26, 2010

so what does that mean? does that mean i'm good now?

extremeboy · May 26, 2010

Hello.

Nope, not yet.

Let's perform an online scan now.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Open the Kaspersky WebScanner
page.
Click on the button on the main page.
The program will launch and fill in the Information section on the left.
Read the "Requirements and Limitations" then press the button.
The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
Once the files have been downloaded, click on the ...button.
In the scan settings make sure the following are selected:
- Detect malicious programs of the following categories:
  Viruses, Worms, Trojan Horses, Rootkits
  Spyware, Adware, Dialers and other potentially dangerous programs
- Scan compound files (doesn't apply to the File scan area):
  Archives
  Mail databases
  By default the above items should already be checked.
- Click the button, if you made any changes.
[*]Now under the Scan section on the left:
Select My Computer
[*]The program will now start and scan your system. This will run for a while, be patient and let it finish.
[*]Once the scan is complete, click on View scan report
[*]Now, click on the Save Report as button.
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,

Extremeboy

jakedajewler · May 29, 2010

Friday, May 28, 2010

Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, May 27, 2010 17:33:33

Records in database: 4190279

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area My Computer

C:\

D:\

E:\

Scan statistics

Objects scanned 295381

Threats found 32

Infected objects found 601

Suspicious objects found 0

Scan duration 06:09:43

File name Threat Threats count

C:\Users\mike\AppData\Local\Temp\1066533628.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\mike\AppData\Local\Temp\2141401319.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\mike\AppData\Local\Temp\22838384.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\mike\AppData\Local\Temp\2801641088.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\mike\AppData\Local\Temp\3000732063.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\mike\AppData\Local\Temp\3106987203.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\mike\AppData\Local\Temp\492787068.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\mike\AppData\Local\Temp\avp.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\mike\AppData\Local\Temp\drweb.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\mike\AppData\Local\Temp\hexdump.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\mike\AppData\Local\Temp\khvcol.exe Infected: Trojan.Win32.FraudPack.awob 1

C:\Users\mike\AppData\Local\Temp\user.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\mike\AppData\Local\Temp\winamp.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\mike\AppData\Local\vrsbisaad\iwscqegtssd.exe Infected: Trojan.Win32.FraudPack.awob 1

C:\Users\mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7f7efc56-1704cadb Infected: Trojan-Downloader.Java.Agent.af 1

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RC9N9QW.zip Infected: Trojan-Downloader.Win32.VB.dck 1

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RCDB5F3.zip Infected: Trojan-Downloader.Win32.VB.tjh 2

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RQKEC93.zip Infected: Trojan.Win32.Pincav.aaiy 1

C:\Windows.old\Users\Mike\a.zip Infected: Trojan-Downloader.Win32.VB.dck 1

C:\Users\Mike\AppData\Local\Temp\1066533628.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\Mike\AppData\Local\Temp\2141401319.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\Mike\AppData\Local\Temp\22838384.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\Mike\AppData\Local\Temp\2801641088.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\Mike\AppData\Local\Temp\3000732063.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\Mike\AppData\Local\Temp\3106987203.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\Mike\AppData\Local\Temp\492787068.exe Infected: Trojan-Ransom.Win32.XBlocker.aba 1

C:\Users\Mike\AppData\Local\Temp\avp.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\Mike\AppData\Local\Temp\drweb.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\Mike\AppData\Local\Temp\hexdump.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\Mike\AppData\Local\Temp\khvcol.exe Infected: Trojan.Win32.FraudPack.awob 1

C:\Users\Mike\AppData\Local\Temp\user.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\Mike\AppData\Local\Temp\winamp.exe Infected: Trojan-Ransom.Win32.XBlocker.aat 1

C:\Users\Mike\AppData\Local\vrsbisaad\iwscqegtssd.exe Infected: Trojan.Win32.FraudPack.awob 1

C:\Windows.old\Users\Mike\AppData\Local\av.exe Infected: Trojan-Dropper.Win32.Pincher.aed 1

C:\Windows.old\Users\Mike\AppData\Local\ave.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNHOCMQM\video[1].exe Infected: Trojan.Win32.FraudPack.assz 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\2140137296.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\2147688592.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\2820522922.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\3239240111.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\336910724639893.exe Infected: Trojan.Win32.Inject.aora 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\429031331.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\5250711.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\70F1.exe Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\77wi.exe Infected: Backdoor.Win32.VB.lsr 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\amnxrwseoc.exe Infected: Trojan-Clicker.Win32.VBiframe.car 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\asd2B54.tmp.exe Infected: Trojan-Downloader.Win32.FraudLoad.xaqm 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\asd2BFF.tmp.exe Infected: Trojan-Downloader.Win32.FraudLoad.xaqm 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\asd5245.tmp.exe Infected: Trojan-Downloader.Win32.FraudLoad.xaqm 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\asdAE2C.tmp.exe Infected: Trojan-Downloader.Win32.FraudLoad.xaqm 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\asdBDE4.tmp.exe Infected: Trojan-Downloader.Win32.FraudLoad.xaqm 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\avp32.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\BN2FE5.tmp Infected: Trojan.Win32.Sasfis.afjs 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\BN5ADB.tmp Infected: Trojan.Win32.Sasfis.afjs 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\BN6086.tmp Infected: Trojan.Win32.Sasfis.afjs 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\BNC595.tmp Infected: Trojan.Win32.Sasfis.afjs 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\camnrwoxes.exe Infected: Trojan.Win32.VB.adxs 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\cmd.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\debug.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\dhdhtrdhdrtr5y Infected: Trojan-Downloader.Win32.FraudLoad.xaqm 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\Digital Protection\digext.dll Infected: Packed.Win32.Tdss.n 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\Digital Protection\dighook.dll Infected: Trojan-Downloader.Win32.FraudLoad.xatc 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\Digital Protection\digprot.exe Infected: Trojan-Downloader.Win32.FraudLoad.xatg 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\Digital Protection\Uninstall.exe Infected: Trojan-Downloader.Win32.FraudLoad.xati 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\geurge.exe Infected: Trojan.Win32.VB.adxs 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\hexdump.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\install.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\iq00dz9z7cf6x.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\jar_cache2964640147434890772.tmp Infected: Trojan-Downloader.Java.Agent.ah 2

C:\Windows.old\Users\Mike\AppData\Local\Temp\jar_cache3393659267323803980.tmp Infected: Exploit.Java.CVE-2009-3867.d 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\jar_cache5814991387739491737.tmp Infected: Exploit.Java.Agent.f 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\jnjyhf.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\Kbj.exe Infected: Trojan.Win32.Tdss.bbzy 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\Kbk.exe Infected: Packed.Win32.Katusha.m 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\Kbl.exe Infected: Packed.Win32.Katusha.m 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\login.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\mdm.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\MSWINSCK.exe Infected: Trojan-Downloader.Win32.FraudLoad.xamj 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\notepad.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\ntload.dll Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA105a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1099.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1183.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA122e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA124e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1338.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1366.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA13e3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA149e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA14cd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA15d6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1605.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1682.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA170e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA17aa.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1818.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1866.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1921.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA19cc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1a49.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1a59.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1b81.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1b91.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1c0e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1caa.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1d36.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1da.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1dc2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1e10.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1e4f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1eeb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1f0a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1fa6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA1ff4.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA20ce.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA211c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA213c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA217a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2264.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA228.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2310.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA235e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA238c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA23ac.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA24d4.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2512.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA261c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA263b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA26a8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2734.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA283e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA288c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2966.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA29b4.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2a12.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2a21.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2b0b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2ba7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2bf5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2c14.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2d1e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2d3d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2d4d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2df8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2e94.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2f7e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2fbc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA2fdc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3142.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA31fe.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA326b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA329a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA33a3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA33c2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA33e1.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3420.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA34ac.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3529.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3596.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA360.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3613.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3670.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3690.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA36f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA36fd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3799.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA37b8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3864.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3892.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3893.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA38f0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA399c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3a86.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3a95.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3aa5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3ae.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3b7f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3b8f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3c5a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3c98.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3ca8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3d44.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3dd0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3e7c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3e8b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3ed9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA3ee9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4002.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA407f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA40ec.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA40fb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA412a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4224.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA42c0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA430e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA438a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA43c9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4455.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4501.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA456e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA45cc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA45eb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4704.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4713.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4742.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA47fd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA488a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA48a9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA48e7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA498.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA49a2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4a10.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4a2f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4aac.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4adb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4b48.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4bb5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4bc5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4c8f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4c9f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4cbe.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4d5a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4df6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4e54.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4e63.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4ed1.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4f4d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA4ff9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5057.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5095.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA50b4.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA51cd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA51ec.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5288.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA52f5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5324.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA53c0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA546c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA54ba.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5517.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5546.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA55c3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA569d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA56dc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5768.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA582.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5871.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5891.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA58df.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA58fe.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA59e8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5a36.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5a84.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5ae1.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5b0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5bdb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5c0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5c0a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5c19.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5ca6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5d61.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5d9f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5ed7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5f25.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA5f73.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA607d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA60da.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6128.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6241.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA62be.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA62dd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6405.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6434.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6473.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA65f9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6618.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6627.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA67ad.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA67cd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA67fb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA680b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6953.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA69df.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6a2d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6ba.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6ba3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6be2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6c30.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6d1a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6db6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6dc5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6de5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6f4b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6f5b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA6fd8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA70b2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA70d1.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA71ac.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA71bb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA727.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7313.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7351.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA739f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7515.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7592.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA760f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7757.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7766.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA77f3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA793a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7979.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA79d6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7a43.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7b3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7b5c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7baa.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7bba.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7cb3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7d9d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7ddc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7deb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7f2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7f81.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA7fb0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8126.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8184.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA824f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA82cb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8367.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA83a6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8480.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA84fd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA85c8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8664.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA86a2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA876d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA879c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8867.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8886.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA89ae.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8a5a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8a98.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8ac7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8bd0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8c7c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8d18.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8d47.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8e11.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8eb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8eec.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8f49.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA8fd6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9014.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA90a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA912d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA915c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA91f8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9275.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9320.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA938d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9449.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA94b6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9504.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA95fd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA965b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA96e7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9774.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA981f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA988d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA989c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA99a5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9a13.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9a22.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9abe.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9b6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9bc7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9be7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9c25.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9ce0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9dca.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9df9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9eb4.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9f31.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMA9f7f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa03a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa163.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa172.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa1c0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa28b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa337.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa3b3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa411.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa50b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa52.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa539.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa5c6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa662.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa73c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa7c9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa90.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa910.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa920.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAa95e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAaaa6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAaab5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAab51.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAac0d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAac3b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAadd1.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAade1.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAae6d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAaf57.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAaf86.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb09f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb0fc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb10c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb1d7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb292.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb2ef.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb36c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb418.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb428.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb531.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb5bd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb5cd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb678.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb6b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb753.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb772.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb7ef.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb8aa.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb994.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb9e2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAb9f1.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbb29.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbb9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbbe5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbc23.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbc71.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbdc8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbdd8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbe55.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbf00.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAbf8d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc00a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc019.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc132.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc190.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc1ed.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc25a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc335.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc373.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc383.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc45.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc48c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc509.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc576.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc5e3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc6ec.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc6fc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc74.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc788.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc805.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc892.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc90e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAc95c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAca18.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAca85.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcb50.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcb5f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcbfb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcc68.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcd24.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcd91.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcddf.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAceaa.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcf36.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcf94.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAcfe2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd10a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd1b6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd1c5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd204.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd30d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd36a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd3c8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd3f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd416.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd510.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd54e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd5da.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd619.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd722.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd751.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd780.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd86a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd8e6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd934.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd9a2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAd9c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAda9b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdaba.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdae9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdbd3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdc9e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdd3a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdd4a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAde53.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdf7b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdfba.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAdfc9.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe0a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe0a4.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe17e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe1bc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe1cc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe323.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe342.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe390.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe46b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe526.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe545.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe5b2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe6cb.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe6fa.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe70a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe822.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe890.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe91c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAe93b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAea44.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAea54.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAeb8c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAec09.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAec28.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAec95.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAed4.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAed8f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAedcd.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAee0c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAeef6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAef82.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf02e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf05c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf194.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf1a4.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf1d3.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf22.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf30b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf32a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf3f5.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf414.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf51d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf56b.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf5d8.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf6c2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf6d2.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf7cc.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf80a.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf877.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf904.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAf9ee.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfa0d.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfa1c.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfaf.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfb35.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfbd1.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfc2f.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfc3e.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfd48.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfd76.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfe32.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfebe.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfeed.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAff.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAffd7.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\PRAGMAfff6.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xamo 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\smss.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\stwv22.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\TMP1BA0.tmp Infected: Trojan-Downloader.Win32.FraudLoad.xaqw 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\topwesitjh Infected: Trojan-Downloader.Win32.FraudLoad.xamj 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\user.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\win.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\win16.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\win32.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\Temp\winamp.exe Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\cooper.mine Infected: Trojan.Win32.Inject.aora 1

C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\net.net Infected: Trojan-Clicker.Win32.VBiframe.car 1

C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1c54f7d3-791c06d2 Infected: Trojan-Downloader.Java.Agent.ab 1

C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-6476c0a1 Infected: Exploit.Java.Agent.f 1

C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-5213703e Infected: Trojan-Downloader.Java.OpenConnection.at 1

C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-5213703e Infected: Exploit.Java.Agent.f 1

C:\Windows.old\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll Infected: Packed.Win32.Katusha.j 1

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5563938-broken social scene remixed by tiesto (omg, it really rocks!!).au Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5575156-05 50 cent - in da club.au Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5871753-teagan and sarah - hell.au Infected: Trojan-Downloader.WMA.GetCodec.s 1

C:\Windows.old\Users\Mike\Documents\FrostWire\Saved\arcade fire - wake up [extended concert version].mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

C:\Windows.old\Users\Mike\ntload.dll Infected: Packed.Win32.Katusha.j 1

Selected area has been scanned.

Attach.txt

DDS.txt

extremeboy · May 29, 2010

Hello.

Did you do a parallel install of Windows previously? I see a lot of temp files Kaspersky detected related to different infections.

Download and Run OTM

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop If you are running on Vista, right click on the file and choose Run As Administrator.

Paste the following code under the

area. Do not include the word "Code".

:files
C:\Users\mike\AppData\Local\Temp\*
C:\Windows.old\Users\Mike\AppData\Local\Temp\*
C:\Users\mike\AppData\Local\vrsbisaad\iwscqegtssd.exe
C:\Users\Mike\AppData\Local\vrsbisaad\iwscqegtssd.exe
C:\Windows.old\Users\Mike\AppData\Local\av.exe
C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\cooper.mine

C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\net.net

C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1c54f7d3-791c06d2

C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-6476c0a1

C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-5213703e

C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-5213703e

C:\Windows.old\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5563938-broken social scene remixed by tiesto (omg, it really rocks!!).au

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5575156-05 50 cent - in da club.au

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5871753-teagan and sarah - hell.au

C:\Windows.old\Users\Mike\Documents\FrostWire\Saved\arcade fire - wake up [extended concert version].mp3

C:\Windows.old\Users\Mike\ntload.dll

C:\Windows.old\Users\Mike\AppData\Local\ave.exe
C:\Windows.old\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNHOCMQM\video[1].exe

C:\Users\mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7f7efc56-1704cadb

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RC9N9QW.zip

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RCDB5F3.zip

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RQKEC93.zip

C:\Windows.old\Users\Mike\a.zip
:commands
[CREATERESTOREPOINT]
[emptytemp]

Click the large button.
If OTM requires are reboot, please allow it to do so.
Copy/Paste the contents under the line here in your next reply.

Note: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

jakedajewler · May 29, 2010

All processes killed

Error: Unable to interpret <C:\Users\mike\AppData\Local\Temp\*> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\Local\Temp\*> in the current context!

Error: Unable to interpret <C:\Users\mike\AppData\Local\vrsbisaad\iwscqegtssd.exe> in the current context!

Error: Unable to interpret <C:\Users\Mike\AppData\Local\vrsbisaad\iwscqegtssd.exe> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\Local\av.exe> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\cooper.mine> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\net.net> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1c54f7d3-791c06d2> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-6476c0a1> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-5213703e> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5563938-broken social scene remixed by tiesto (omg, it really rocks!!).au> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5575156-05 50 cent - in da club.au> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5871753-teagan and sarah - hell.au> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\Documents\FrostWire\Saved\arcade fire - wake up [extended concert version].mp3> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\ntload.dll> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\Local\ave.exe> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNHOCMQM\video[1].exe> in the current context!

Error: Unable to interpret <C:\Users\mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7f7efc56-1704cadb> in the current context!

Error: Unable to interpret <C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RC9N9QW.zip> in the current context!

Error: Unable to interpret <C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RCDB5F3.zip> in the current context!

Error: Unable to interpret <C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RQKEC93.zip> in the current context!

Error: Unable to interpret <C:\Windows.old\Users\Mike\a.zip> in the current context!

========== COMMANDS ==========

Restore point Set: OTM Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: mike

->Temp folder emptied: 184151 bytes

->Temporary Internet Files folder emptied: 152669771 bytes

->Java cache emptied: 35958991 bytes

->Flash cache emptied: 119837 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12248820 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33109 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 8994787366 bytes

Total Files Cleaned = 8,770.00 mb

OTM by OldTimer - Version 3.1.12.1 log created on 05292010_203423

Files moved on Reboot...

C:\Users\mike\AppData\Local\Temp\nsrbgxod.bak moved successfully.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJUWH12K\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH6WN4UG\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9ZR7839\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RKLXOZP\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

extremeboy · May 30, 2010

You didn't copy the full script. You forgot the:

:files in the beginning. Please follow my previous instructions once more.

jakedajewler · May 30, 2010

All processes killed

========== FILES ==========

C:\Users\mike\AppData\Local\Temp\000A27001D6EBA20 folder moved successfully.

C:\Users\mike\AppData\Local\Temp\AdobeARM.log moved successfully.

C:\Users\mike\AppData\Local\Temp\au-descriptor-1.6.0_20-b73.xml moved successfully.

C:\Users\mike\AppData\Local\Temp\div364B.tmp folder moved successfully.

C:\Users\mike\AppData\Local\Temp\hsperfdata_mike folder moved successfully.

C:\Users\mike\AppData\Local\Temp\jusched.log moved successfully.

C:\Users\mike\AppData\Local\Temp\Log folder moved successfully.

C:\Users\mike\AppData\Local\Temp\Low\Low folder moved successfully.

C:\Users\mike\AppData\Local\Temp\Low folder moved successfully.

C:\Users\mike\AppData\Local\Temp\MessengerCache\Sounds folder moved successfully.

C:\Users\mike\AppData\Local\Temp\MessengerCache folder moved successfully.

C:\Users\mike\AppData\Local\Temp\mike.bmp moved successfully.

C:\Users\mike\AppData\Local\Temp\wmplog00.sqm moved successfully.

C:\Users\mike\AppData\Local\Temp\WPDNSE folder moved successfully.

File/Folder C:\Windows.old\Users\Mike\AppData\Local\Temp\* not found.

File/Folder C:\Users\mike\AppData\Local\vrsbisaad\iwscqegtssd.exe not found.

File/Folder C:\Users\Mike\AppData\Local\vrsbisaad\iwscqegtssd.exe not found.

File/Folder C:\Windows.old\Users\Mike\AppData\Local\av.exe not found.

File/Folder C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\cooper.mine not found.

File/Folder C:\Windows.old\Users\Mike\AppData\Local\VirtualStore\Windows\SysWOW64\net.net not found.

File/Folder C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1c54f7d3-791c06d2 not found.

File/Folder C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-6476c0a1 not found.

File/Folder C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-5213703e not found.

File/Folder C:\Windows.old\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll not found.

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5563938-broken social scene remixed by tiesto (omg, it really rocks!!).au moved successfully.

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5575156-05 50 cent - in da club.au moved successfully.

C:\Windows.old\Users\Mike\Documents\FrostWire\Incomplete\T-5871753-teagan and sarah - hell.au moved successfully.

C:\Windows.old\Users\Mike\Documents\FrostWire\Saved\arcade fire - wake up [extended concert version].mp3 moved successfully.

LoadLibrary failed for C:\Windows.old\Users\Mike\ntload.dll

C:\Windows.old\Users\Mike\ntload.dll moved successfully.

C:\Windows.old\Users\Mike\AppData\Local\ave.exe moved successfully.

C:\Windows.old\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNHOCMQM\video[1].exe moved successfully.

File/Folder C:\Users\mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7f7efc56-1704cadb not found.

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RC9N9QW.zip moved successfully.

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RCDB5F3.zip moved successfully.

C:\Windows.old\$Recycle.Bin\S-1-5-21-4076600337-3693582299-3991521637-1000\$RQKEC93.zip moved successfully.

C:\Windows.old\Users\Mike\a.zip moved successfully.

========== COMMANDS ==========

Restore point Set: OTM Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: mike

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 64596301 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 6170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1174 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 75698822 bytes

Total Files Cleaned = 134.00 mb

OTM by OldTimer - Version 3.1.12.1 log created on 05302010_185219

Files moved on Reboot...

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJUWH12K\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH6WN4UG\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9ZR7839\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RKLXOZP\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

extremeboy · June 1, 2010

Let me know how your computer is running and if you have any more problems, issues or symptoms left.

extremeboy · June 5, 2010

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,

Extremeboy

Malwarebytes isn't removing my malware attack

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information