Jump to content

MALWARE - Can't Fix


Recommended Posts

Hello, I picked up some kind of Malware/Virus thing a few days ago, not sure the "type" so I will just describe as much as I can.

I'm running Windows XP

Initially, a bunch of unwanted windows opened up in my IE7 & also certain links in google would turn into links they were not supposed to be & the malwarebytes forum & other would-be helpful sites came up as "could not be found" then I tried to open Malwarebytes & it didn't work. I was able to open SUPERAnti-Spyware but NOT able to run the update. I couldn't do this in safe mode either, however Mawarebytes DID run in safe mode, but I could not update. I ended up downloading the programs on a external drive from my work CPU & updating them & then bringing the External drive home & running updated versions of Malwarebytes, SUPERAnti-Spyware & Spybot in safe mode. Each of them found & destroyed several problems & the random IE windows that popped up seem to stop but I still couldn't run Malwarebytes or other recommended programs. HiJack this will NOT run in safe mode or regular mode. DeFogger & DDS will not run in regular mode either, I have not tried it in Safe Mode yet. I WAS able to run a program called RootRepeal in safe mode, I was NOT connected to the internet & I disabled my firewall when I ran these reports:

here is the report for the FILE part:

ROOTREPEAL

Link to post
Share on other sites

Hi dethsquad And Welcome to Malwarebytes Forum!

You might need a flash drive to download the following. Let me know?

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Hey Kenny,

Thanks for the reply, I CAN download dds(ssc & pif) but i cannot RUN it! I get this error no matter where I run it from(desktop, external drive, etc.) "Windows cannot access the specified device, path or file. You may not have the appropriate permission to access them". I tried renaming the file as well & did not work. Obviously I am the sole user of this cpu & have permissions to run files like these(& have run them in the past, pre-infection).

You mention "You may have to disable any script protection running if the scan fails to run." Is this what I need to do here, is whatever has infected me running some script that prevents me from running these files(even in SAFE MODE)? I will google "script protection" & see what I can do on my own, but can you give me some advice on it(if it's what I need to do to run this program)?

Thanks for your help

jared

Link to post
Share on other sites

Your system is severly infected.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Please post the log in your next reply.

Once you've gotten one of them to run then try to immediately run the following:

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

UGH, severely infected, not good.. none of these programs run for me.. the download for rkill.pif didn't work though, not sure if thats the virus or what. The rest downloaded & I got the same error for all of them. I tried combofix for the heck of it & that does not work either. Am I totally screwed? I am going to try in SAFE MODE but I doubt it will work.

Link to post
Share on other sites

I did safe mode w/command prompt & got rkill.exe to run & ran combofix, it was running & said it detected rootkey prescence & had to reboot the machine so it did that & ran in regular mode & completed, restarted one more time & made a log file, so thats good, but now I can't get online(i'm using a different cpu now). Does combo fix disable the internet somehow?

Link to post
Share on other sites

Look in your C: drive and post ComboFix.txt. As for combofix.exe does not disable the internet. Malware will. Be sure to restart your PC.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1.Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox

1.Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

2.Click the apply button and restart that computer in normal mode.

And let me know if this worked?

Link to post
Share on other sites

that didn't work, i still can't get online, but programs that wouldn't run before now work, so thats good, anyway, i put the log on my external drive & here it is(maybe this will explain why I can't get online):

ComboFix 10-08-07.02 - Jared Drace 08/08/2010 14:46:23.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.251 [GMT -4:00]

Running from: c:\documents and settings\Jared Drace\Desktop\ComboFix.exe

Command switches used :: Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\cleanbuild.exe

c:\cleanbuild.exe\cleanbuild.exe

c:\cleanbuild.exe\config.bin

c:\documents and settings\All Users\Application Data\Update\seupd.exe

c:\documents and settings\Jared Drace\Application Data\1879d3d7.exe

c:\documents and settings\Jared Drace\Application Data\Sky-Banners

c:\documents and settings\Jared Drace\Application Data\Sky-Banners\skb\log.xml

c:\documents and settings\Jared Drace\Application Data\Street-Ads

c:\documents and settings\Jared Drace\Local Settings\Application Data\{EEC12DD5-708A-432F-B3BF-AC6577BBC938}

c:\documents and settings\Jared Drace\Local Settings\Application Data\{EEC12DD5-708A-432F-B3BF-AC6577BBC938}\chrome.manifest

c:\documents and settings\Jared Drace\Local Settings\Application Data\{EEC12DD5-708A-432F-B3BF-AC6577BBC938}\chrome\content\_cfg.js

c:\documents and settings\Jared Drace\Local Settings\Application Data\{EEC12DD5-708A-432F-B3BF-AC6577BBC938}\chrome\content\overlay.xul

c:\documents and settings\Jared Drace\Local Settings\Application Data\{EEC12DD5-708A-432F-B3BF-AC6577BBC938}\install.rdf

c:\documents and settings\NetworkService\Application Data\Sky-Banners

c:\documents and settings\NetworkService\Application Data\Street-Ads

c:\program files\Mozilla Firefox\searchplugins\google_search.xml

C:\settingsxx.exe

c:\settingsxx.exe\cleansweepupd.exe

c:\settingsxx.exe\config.bin

c:\settingsxx.exe\settingsxx.exe

c:\windows\$NtUninstallMTF1011$

c:\windows\$NtUninstallMTF1011$\apUninstall.exe

c:\windows\$NtUninstallMTF1011$\zrpt.xml

c:\windows\aconudowubucudi.dll

c:\windows\ejazegix.dll

c:\windows\ijupevafi.dll

c:\windows\k3rstes.dll

c:\windows\ojimilapeyamole.dll

c:\windows\system32\drivers\ndisrd.sys

c:\windows\system32\drivers\srenum.sys

c:\windows\system32\ernel32.dll

c:\windows\system32\idvop.dll

c:\windows\system32\idwgp.dll

c:\windows\system32\Install.txt

c:\windows\system32\msrun.exe

c:\windows\system32\msvjidkm.dll

c:\windows\system32\service.sys

c:\windows\system32\spool\prtprocs\w32x86\y5cEI.dll

c:\windows\system32\szetyj67v.exe

c:\windows\system32\szetyj67v.txt

c:\windows\system32\Updata.exe

I:\Autorun.inf

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected

Restored copy from - Kitty had a snack :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ndisrd

-------\Legacy_srenum

-------\Service_srenum

((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))

.

2010-08-08 18:33 . 2010-08-08 18:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

2010-08-08 18:33 . 2010-08-08 18:33 -------- d-----w- c:\documents and settings\Administrator

2010-08-08 17:52 . 2010-08-08 17:52 -------- d--h--w- c:\windows\PIF

2010-08-06 05:21 . 2010-08-06 05:22 -------- d-----w- C:\Root Repeal

2010-08-06 00:42 . 2010-08-08 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-05 15:26 . 2010-08-06 00:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bpqkrsypb

2010-08-05 15:24 . 2010-08-05 15:24 453120 --sh--w- c:\windows\system32\commext.dll

2010-08-05 15:23 . 2010-08-05 15:23 37888 --sh--w- c:\windows\system32\dbgspl20.dll

2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\documents and settings\Jared Drace\Application Data\Yahoo!

2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\program files\Yahoo!

2010-08-05 03:42 . 2010-08-05 03:42 -------- d-----w- C:\spoolerlogs

2010-08-05 03:36 . 2010-08-04 17:08 177664 ----a-w- c:\windows\Ezetyb.exe

2010-08-04 17:33 . 2010-08-05 08:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-04 17:07 . 2010-08-04 17:07 210810 ----a-w- c:\windows\svc3.exe

2010-08-04 17:06 . 2010-08-08 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-08-04 17:05 . 2010-08-08 17:06 0 ----a-w- c:\windows\Rfusi.bin

2010-08-04 17:05 . 2010-08-08 02:27 120 ----a-w- c:\windows\Kgiwiwa.dat

2010-08-04 17:04 . 2010-08-08 18:57 781824 ----a-w- c:\windows\system32\drivers\jsrhy.sys

2010-08-04 17:04 . 2010-08-04 17:04 177664 ----a-w- c:\windows\Ezetya.exe

2010-08-04 17:04 . 2010-08-04 17:04 0 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll

2010-08-03 16:41 . 2010-08-03 16:41 294912 ----a-w- c:\windows\system32\mdwgp.dll

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\Jared Drace\Local Settings\Application Data\Cisco

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\program files\Cisco

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco

2010-07-14 00:43 . 2010-07-14 00:43 40581 ----a-w- c:\windows\system32\zdvop.exe

2010-07-13 22:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-11 17:30 . 2010-07-11 17:30 44056 ---ha-w- c:\windows\system32\mlfcache.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-08 18:30 . 2007-04-26 23:45 -------- d-----w- c:\documents and settings\Jared Drace\Application Data\uTorrent

2010-08-08 17:29 . 2003-04-30 23:33 36277 ----a-w- c:\windows\nsreg.dat

2010-08-08 02:27 . 2009-04-10 17:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-05 08:22 . 2010-01-19 05:10 117760 ----a-w- c:\documents and settings\Jared Drace\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-05 06:40 . 2009-04-10 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-05 06:38 . 2002-12-05 23:37 -------- d-----w- c:\program files\Common Files\Real

2010-08-05 06:37 . 2002-12-05 23:29 -------- d-----w- c:\program files\Real

2010-08-05 05:15 . 2009-04-10 17:24 -------- d-----w- c:\program files\CCleaner

2010-07-11 04:06 . 2010-07-11 04:06 2605008 ----a-w- c:\documents and settings\Jared Drace\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-06-14 14:31 . 2002-12-05 02:22 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-05-17 03:16 . 2007-04-26 23:45 322352 ----a-w- c:\program files\utorrent.exe

2008-10-21 14:25 . 2008-11-04 07:46 41335 -c--a-w- c:\program files\player.swf

2008-10-20 19:54 . 2008-11-04 07:46 3693 -c--a-w- c:\program files\readme.html

2008-10-20 14:04 . 2008-11-04 07:46 1187 -c--a-w- c:\program files\yt.swf

2008-10-15 18:41 . 2008-11-04 07:46 8295 -c--a-w- c:\program files\preview.jpg

2008-10-15 18:41 . 2008-11-04 07:46 6880 -c--a-w- c:\program files\swfobject.js

2008-10-15 18:41 . 2008-11-04 07:46 216278 -c--a-w- c:\program files\video.flv

2007-10-01 00:06 . 2007-10-20 20:00 10298 -c--a-w- c:\program files\Readme First.rtf

2007-10-01 00:00 . 2007-10-20 20:00 1041920 -c--a-w- c:\program files\MPEG_Streamclip.exe

2004-02-04 21:22 . 2004-01-29 01:41 13 --sh--r- c:\windows\system32\Mediav_6_4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

2007-07-31 21:33 1391640 ----a-w- c:\program files\D'Accord_Music_Software\tbD'Ac.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C4225628-E1F3-4FD1-AB0B-B24C84BCF12F}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AIM"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [2006-08-01 67112]

"Google Update"="c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]

"NetLog3"="c:\windows\svc3.exe" [2010-08-04 210810]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HTpatch"="c:\windows\htpatch.exe" [2002-10-31 28672]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]

"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]

"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]

"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]

"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]

"DeltTray"="DeltTray.exe" [2002-07-29 24576]

"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"Malwarebytes Anti-Malware (reboot)"="i:\malwarebytes' anti-malware\mbam.exe" [2010-04-29 1090952]

"bipro"="mdwgp.dll" [2010-08-03 294912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2005-10-19 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2004-08-16 20:45 45056 -c--a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-28 01:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=

"c:\\Program Files\\Netscape\\Communicator\\Program\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\utorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 12:45 PM 24652]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 6:32 PM 497856]

S0 hgqnfc;hgqnfc;c:\windows\system32\drivers\ptrkc.sys --> c:\windows\system32\drivers\ptrkc.sys [?]

S1 SABKUTIL;SABKUTIL;\??\i:\superantispyware\SABKUTIL.sys --> i:\superantispyware\SABKUTIL.sys [?]

S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys --> c:\windows\system32\Drivers\Parclass.sys [?]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [9/2/2004 9:01 PM 396480]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677]

--- Other Services/Drivers In Memory ---

*Deregistered* - jsrhy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841565102-1366171234-2308016983-1005Core.job

- c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 20:31]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841565102-1366171234-2308016983-1005UA.job

- c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 20:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://clinic.mcafee.com/clinic/vso/en-us/vso4/setexp.asp?register=yes&oemid=1794-656

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6522

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: aol.com\free

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Vpegeqari - c:\windows\k3rstes.dll

HKCU-Run-settingsxx.exe - c:\settingsxx.exe\settingsxx.exe

HKCU-Run-cleanbuild.exe - c:\cleanbuild.exe\cleanbuild.exe

HKLM-Run-sta - mdvop.dll

HKLM-Run-xyqzbz - c:\windows\system32\msvjidkm.dll

HKLM-Run-Ycafuqepiconihu - c:\windows\ojimilapeyamole.dll

HKLM-Run-szetyj67v - c:\windows\system32\szetyj67v.exe

AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-08 14:58

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d???????0G?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jsrhy]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(416)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2712)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\System32\nvsvc32.exe

c:\program files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

c:\windows\wanmpsvc.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\DeltTray.exe

c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-08-08 15:03:28 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-08 19:03

ComboFix2.txt 2009-04-10 17:45

Pre-Run: 934,735,872 bytes free

Post-Run: 913,342,464 bytes free

- - End Of File - - 229C037BFFD95162C52A0E7FDA86FA23

Link to post
Share on other sites

We need to look at some files and run another CFScript but lets get your PC online.

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

DDS::
uInternet Connection Wizard,ShellNext = hxxp://clinic.mcafee.com/clinic/vso/en-us/vso4/setexp.asp?register=yes&oemid=1794-656
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Next if you still can Not get online?

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH FIREWALL RESET

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH int ip reset c:\resetlog.txt

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C netsh winsock reset catalog

Next

Please read carefully and let me know if you have any questions.

Create a batch file:

Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computer

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 10
    del /f /q %0


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it runs it will automatically restart your computer
  • Once your computer boots again, check to see if your internet performance has improved

Please let me know how it went.

Link to post
Share on other sites

ok, the first thing w/the txt file & combofix merge didn't get me back online, but I posted the log below.

HOWEVER, the second suggestion(.bat, etc.) worked & I am back online! what now? Am I cured or does the dark force still lurk on my system?

ComboFix 10-08-07.02 - Jared Drace 08/08/2010 17:13:22.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.186 [GMT -4:00]

Running from: c:\documents and settings\Jared Drace\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jared Drace\Desktop\CFScript.txt

.

((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))

.

2010-08-08 18:33 . 2010-08-08 18:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

2010-08-08 18:33 . 2009-11-15 19:25 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-08 18:33 . 2010-08-08 18:33 -------- d-----w- c:\documents and settings\Administrator

2010-08-08 17:52 . 2010-08-08 17:52 -------- d--h--w- c:\windows\PIF

2010-08-06 05:21 . 2010-08-06 05:22 -------- d-----w- C:\Root Repeal

2010-08-06 00:42 . 2010-08-08 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-05 15:26 . 2010-08-06 00:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bpqkrsypb

2010-08-05 15:24 . 2010-08-05 15:24 453120 --sh--w- c:\windows\system32\commext.dll

2010-08-05 15:23 . 2010-08-05 15:23 37888 --sh--w- c:\windows\system32\dbgspl20.dll

2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\documents and settings\Jared Drace\Application Data\Yahoo!

2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\program files\Yahoo!

2010-08-05 03:42 . 2010-08-05 03:42 -------- d-----w- C:\spoolerlogs

2010-08-05 03:36 . 2010-08-04 17:08 177664 ----a-w- c:\windows\Ezetyb.exe

2010-08-04 17:33 . 2010-08-05 08:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-04 17:07 . 2010-08-04 17:07 210810 ----a-w- c:\windows\svc3.exe

2010-08-04 17:06 . 2010-08-08 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-08-04 17:05 . 2010-08-08 17:06 0 ----a-w- c:\windows\Rfusi.bin

2010-08-04 17:05 . 2010-08-08 02:27 120 ----a-w- c:\windows\Kgiwiwa.dat

2010-08-04 17:04 . 2010-08-08 21:22 781824 ----a-w- c:\windows\system32\drivers\jsrhy.sys

2010-08-04 17:04 . 2010-08-04 17:04 177664 ----a-w- c:\windows\Ezetya.exe

2010-08-04 17:04 . 2010-08-04 17:04 0 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll

2010-08-03 16:41 . 2010-08-03 16:41 294912 ----a-w- c:\windows\system32\mdwgp.dll

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\Jared Drace\Local Settings\Application Data\Cisco

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\program files\Cisco

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco

2010-07-14 00:43 . 2010-07-14 00:43 40581 ----a-w- c:\windows\system32\zdvop.exe

2010-07-13 22:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-11 17:30 . 2010-07-11 17:30 44056 ---ha-w- c:\windows\system32\mlfcache.dat

2010-07-11 04:06 . 2010-07-11 04:06 2605008 ----a-w- c:\documents and settings\Jared Drace\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-08 18:30 . 2007-04-26 23:45 -------- d-----w- c:\documents and settings\Jared Drace\Application Data\uTorrent

2010-08-08 17:29 . 2003-04-30 23:33 36277 ----a-w- c:\windows\nsreg.dat

2010-08-08 02:27 . 2009-04-10 17:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-05 08:22 . 2010-01-19 05:10 117760 ----a-w- c:\documents and settings\Jared Drace\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-05 06:40 . 2009-04-10 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-05 06:38 . 2002-12-05 23:37 -------- d-----w- c:\program files\Common Files\Real

2010-08-05 06:37 . 2002-12-05 23:29 -------- d-----w- c:\program files\Real

2010-08-05 05:15 . 2009-04-10 17:24 -------- d-----w- c:\program files\CCleaner

2010-06-14 14:31 . 2002-12-05 02:22 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-05-17 03:16 . 2007-04-26 23:45 322352 ----a-w- c:\program files\utorrent.exe

2008-10-21 14:25 . 2008-11-04 07:46 41335 -c--a-w- c:\program files\player.swf

2008-10-20 19:54 . 2008-11-04 07:46 3693 -c--a-w- c:\program files\readme.html

2008-10-20 14:04 . 2008-11-04 07:46 1187 -c--a-w- c:\program files\yt.swf

2008-10-15 18:41 . 2008-11-04 07:46 8295 -c--a-w- c:\program files\preview.jpg

2008-10-15 18:41 . 2008-11-04 07:46 6880 -c--a-w- c:\program files\swfobject.js

2008-10-15 18:41 . 2008-11-04 07:46 216278 -c--a-w- c:\program files\video.flv

2007-10-01 00:06 . 2007-10-20 20:00 10298 -c--a-w- c:\program files\Readme First.rtf

2007-10-01 00:00 . 2007-10-20 20:00 1041920 -c--a-w- c:\program files\MPEG_Streamclip.exe

2004-02-04 21:22 . 2004-01-29 01:41 13 --sh--r- c:\windows\system32\Mediav_6_4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

2007-07-31 21:33 1391640 ----a-w- c:\program files\D'Accord_Music_Software\tbD'Ac.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C4225628-E1F3-4FD1-AB0B-B24C84BCF12F}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AIM"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [2006-08-01 67112]

"Google Update"="c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]

"NetLog3"="c:\windows\svc3.exe" [2010-08-04 210810]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HTpatch"="c:\windows\htpatch.exe" [2002-10-31 28672]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]

"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]

"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]

"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]

"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]

"DeltTray"="DeltTray.exe" [2002-07-29 24576]

"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"bipro"="mdwgp.dll" [2010-08-03 294912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2005-10-19 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2004-08-16 20:45 45056 -c--a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-28 01:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 12:45 PM 24652]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 6:32 PM 497856]

S0 hgqnfc;hgqnfc;c:\windows\system32\drivers\ptrkc.sys --> c:\windows\system32\drivers\ptrkc.sys [?]

S1 SABKUTIL;SABKUTIL;\??\i:\superantispyware\SABKUTIL.sys --> i:\superantispyware\SABKUTIL.sys [?]

S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys --> c:\windows\system32\Drivers\Parclass.sys [?]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [9/2/2004 9:01 PM 396480]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677]

--- Other Services/Drivers In Memory ---

*Deregistered* - jsrhy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841565102-1366171234-2308016983-1005Core.job

- c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 20:31]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841565102-1366171234-2308016983-1005UA.job

- c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 20:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: aol.com\free

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-08 17:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d???????0G?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jsrhy]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(444)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2108)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\System32\nvsvc32.exe

c:\program files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

c:\windows\wanmpsvc.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\DeltTray.exe

c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-08-08 17:28:10 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-08 21:28

ComboFix2.txt 2010-08-08 20:50

ComboFix3.txt 2010-08-08 19:03

ComboFix4.txt 2009-04-10 17:45

Pre-Run: 887,558,144 bytes free

Post-Run: 874,229,760 bytes free

- - End Of File - - 384C5EFCD0AF37A7EB6F4286DB59EE10

Link to post
Share on other sites

We still have some malicious files to remove We need to look at these first:

Check a file/files

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to

c:\windows\Ezetyb.exe

c:\windows\system32\dbgspl20.dll

then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Link to post
Share on other sites

cool, for

c:\windows\Ezetyb.exe here are the results:

File Ezetyb.exe received on 2010.08.08 22:02:14 (UTC)

Current status: finished

Result: 28/42 (66.67%)

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.08.08.00 2010.08.07 Win-Trojan/Fakeav.177664.N

AntiVir 8.2.4.34 2010.08.08 TR/Renos.125952.2

Antiy-AVL 2.0.3.7 2010.08.06 -

Authentium 5.2.0.5 2010.08.08 W32/Renos.A!Generic

Avast 4.8.1351.0 2010.08.08 Win32:Trojan-gen

Avast5 5.0.332.0 2010.08.08 Win32:Trojan-gen

AVG 9.0.0.851 2010.08.08 Downloader.Generic10.HMN

BitDefender 7.2 2010.08.08 -

CAT-QuickHeal 11.00 2010.08.07 -

ClamAV 0.96.0.3-git 2010.08.08 -

Comodo 5688 2010.08.08 TrojWare.Win32.Trojan.Agent.~FGC

DrWeb 5.0.2.03300 2010.08.08 Trojan.Packed.221

Emsisoft 5.0.0.36 2010.08.08 Trojan-Downloader.Win32.FakeAlert.AQI!A2

eSafe 7.0.17.0 2010.08.08 -

eTrust-Vet 36.1.7773 2010.08.07 -

F-Prot 4.6.1.107 2010.08.08 W32/Renos.A!Generic

F-Secure 9.0.15370.0 2010.08.07 Suspicious:W32/Malware!Gemini

Fortinet 4.1.143.0 2010.08.08 -

GData 21 2010.08.08 Win32:Trojan-gen

Ikarus T3.1.1.84.0 2010.08.08 -

Jiangmin 13.0.900 2010.08.07 -

Kaspersky 7.0.0.125 2010.08.08 Packed.Win32.Katusha.o

McAfee 5.400.0.1158 2010.08.08 -

McAfee-GW-Edition 2010.1 2010.08.08 Heuristic.BehavesLike.Win32.Suspicious.H

Microsoft 1.6004 2010.08.08 TrojanDownloader:Win32/Renos.LX

NOD32 5349 2010.08.07 Win32/TrojanDownloader.FakeAlert.AQI

Norman 6.05.11 2010.08.08 Suspicious_Gen2.BURCX

nProtect 2010-08-08.01 2010.08.08 Trojan/W32.Katusha.177664.M

Panda 10.0.2.7 2010.08.08 Suspicious file

PCTools 7.0.3.5 2010.08.08 Trojan.FakeAV

Prevx 3.0 2010.08.09 Medium Risk Malware

Rising 22.59.05.04 2010.08.07 Trojan.Win32.Generic.5223C74D

Sophos 4.56.0 2010.08.08 Mal/FakeAV-CX

Sunbelt 6703 2010.08.08 VirTool.Win32.Obfuscator.hg!b (v)

SUPERAntiSpyware 4.40.0.1006 2010.08.08 Trojan.Agent/Gen-Deskryp

Symantec 20101.1.1.7 2010.08.08 Trojan.FakeAV!gen29

TheHacker 6.5.2.1.338 2010.08.08 -

TrendMicro 9.120.0.1004 2010.08.08 TROJ_FAKEAV.SMA2

TrendMicro-HouseCall 9.120.0.1004 2010.08.08 TROJ_FAKEAV.SMA2

VBA32 3.12.12.8 2010.08.04 -

ViRobot 2010.7.29.3961 2010.08.08 -

VirusBuster 5.0.27.0 2010.08.08 -

Additional information

File size: 177664 bytes

MD5...: 13f84fcf96fa4c8c7d37fd403fac6f52

SHA1..: cb885ec676e615b594af03215ffc675c91090295

SHA256: ba557deea479956e033633d5f14d439e692c65f1acf658f1195589a1b5348b4a

ssdeep: 3072:8HCWdSMlWRwK+7UAkcR7TdD+C+MaPLQ3mf7zlDFKZmdncn7S7:qx5d7p9R7

TFdF8DTcwc

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x3297

timedatestamp.....: 0x4b2ceb22 (Sat Dec 19 15:02:58 2009)

machinetype.......: 0x14c (I386)

( 6 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x55d6 0x5600 4.58 902b27686228e3a1f0fb182187edd2a0

.idata 0x7000 0x40154 0x22200 7.35 87de22dd5244dc8ff8a7e9ca420f9e84

.edata 0x48000 0xa79 0xc00 0.00 d2a70550489de356a2cd6bfc40711204

.data 0x49000 0x1fd 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

.tls 0x4a000 0x520 0x600 0.09 16b3771eae4ebce0845fd6d9cbd02f42

.rdata 0x4b000 0x2474 0x2600 3.42 dcda67e93a311caa744643cfd89c5013

( 5 imports )

> KERNEL32.dll: LocalAlloc, GetACP, GetOEMCP, VirtualAlloc, GetProcAddress, lstrlenA, FindResourceA, GetVersionExA, ExitThread, SetEvent, lstrcpyA, GetFullPathNameA, lstrcpynA, ExitProcess, GetProcessHeap, GetModuleHandleA

> SHELL32.dll: SHGetDiskFreeSpaceA, SHGetSpecialFolderLocation, DragQueryFileA, SHGetDesktopFolder

> gdi32.dll: GetDCOrgEx, GetCurrentPositionEx, GetBitmapBits

> user32.dll: DispatchMessageW, KillTimer, CharLowerBuffA, IsWindowEnabled, GetMenuItemInfoA, GetWindow, GetDC, SetWindowTextA, SetWindowLongA, PtInRect, OemToCharA, GetWindowLongA, DestroyCursor, GetKeyboardState, IsRectEmpty, GetKeyboardType, SetScrollInfo, EnumWindows, SetMenuItemInfoA, GetSystemMetrics, DrawIcon, InsertMenuItemA, SetScrollPos

> version.dll: VerInstallFileA, GetFileVersionInfoSizeA

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: ApexDC__ Development Team

copyright....: Based on StrongDC__

product......: Apex

description..: Apex

original name: Apex.exe

internal name: Apext

file version.: 0, 1, 2, 0

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=1C6C9553002A6F10B605027EBC307800574C15E2' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=1C6C9553002A6F10B605027EBC307800574C15E2</a>

& also did c:\windows\Ezetya.exe for obvious reasons here are the results(pretty much same as above):

File Ezetya.exe received on 2010.08.08 22:05:37 (UTC)

Current status: finished

Result: 28/42 (66.67%)

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.08.08.00 2010.08.07 Win-Trojan/Fakeav.177664.N

AntiVir 8.2.4.34 2010.08.08 TR/Renos.125952.2

Antiy-AVL 2.0.3.7 2010.08.06 -

Authentium 5.2.0.5 2010.08.08 W32/Renos.A!Generic

Avast 4.8.1351.0 2010.08.08 Win32:Trojan-gen

Avast5 5.0.332.0 2010.08.08 Win32:Trojan-gen

AVG 9.0.0.851 2010.08.08 Downloader.Generic10.HMN

BitDefender 7.2 2010.08.08 -

CAT-QuickHeal 11.00 2010.08.07 -

ClamAV 0.96.0.3-git 2010.08.08 -

Comodo 5688 2010.08.08 TrojWare.Win32.Trojan.Agent.~FGC

DrWeb 5.0.2.03300 2010.08.08 Trojan.Packed.221

Emsisoft 5.0.0.36 2010.08.08 Trojan-Downloader.Win32.FakeAlert.AQI!A2

eSafe 7.0.17.0 2010.08.08 -

eTrust-Vet 36.1.7773 2010.08.07 -

F-Prot 4.6.1.107 2010.08.08 W32/Renos.A!Generic

F-Secure 9.0.15370.0 2010.08.07 Suspicious:W32/Malware!Gemini

Fortinet 4.1.143.0 2010.08.08 -

GData 21 2010.08.08 Win32:Trojan-gen

Ikarus T3.1.1.84.0 2010.08.08 -

Jiangmin 13.0.900 2010.08.07 -

Kaspersky 7.0.0.125 2010.08.08 Packed.Win32.Katusha.o

McAfee 5.400.0.1158 2010.08.08 -

McAfee-GW-Edition 2010.1 2010.08.08 Heuristic.BehavesLike.Win32.Suspicious.H

Microsoft 1.6004 2010.08.08 TrojanDownloader:Win32/Renos.LX

NOD32 5349 2010.08.07 Win32/TrojanDownloader.FakeAlert.AQI

Norman 6.05.11 2010.08.08 Suspicious_Gen2.BURCX

nProtect 2010-08-08.01 2010.08.08 Trojan/W32.Katusha.177664.M

Panda 10.0.2.7 2010.08.08 Suspicious file

PCTools 7.0.3.5 2010.08.08 Trojan.FakeAV

Prevx 3.0 2010.08.09 Medium Risk Malware

Rising 22.59.05.04 2010.08.07 Trojan.Win32.Generic.5223C74D

Sophos 4.56.0 2010.08.08 Mal/FakeAV-CX

Sunbelt 6703 2010.08.08 VirTool.Win32.Obfuscator.hg!b (v)

SUPERAntiSpyware 4.40.0.1006 2010.08.08 Trojan.Agent/Gen-Deskryp

Symantec 20101.1.1.7 2010.08.08 Trojan.FakeAV!gen29

TheHacker 6.5.2.1.338 2010.08.08 -

TrendMicro 9.120.0.1004 2010.08.08 TROJ_FAKEAV.SMA2

TrendMicro-HouseCall 9.120.0.1004 2010.08.08 TROJ_FAKEAV.SMA2

VBA32 3.12.12.8 2010.08.04 -

ViRobot 2010.7.29.3961 2010.08.08 -

VirusBuster 5.0.27.0 2010.08.08 -

Additional information

File size: 177664 bytes

MD5...: f837ad9b0245218676f5db314832173f

SHA1..: c2ce5f58eac83ba469689596cdc9e8878d66f5e6

SHA256: bb638bbb887f98b15060e6bedc21f461be1db54f2a116a701272a648e94def2b

ssdeep: 3072:8HCWdSMlWRwK+7UAkcR7TdD+C+MaPLQ3mf7zlDFKZmdngn7S7:qx5d7p9R7

TFdF8DTcwg

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x3297

timedatestamp.....: 0x4b2ceb22 (Sat Dec 19 15:02:58 2009)

machinetype.......: 0x14c (I386)

( 6 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x55d6 0x5600 4.58 902b27686228e3a1f0fb182187edd2a0

.idata 0x7000 0x40154 0x22200 7.35 9d7b93ffe26d803fd08445a951dad134

.edata 0x48000 0xa79 0xc00 0.00 d2a70550489de356a2cd6bfc40711204

.data 0x49000 0x1fd 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

.tls 0x4a000 0x520 0x600 0.09 16b3771eae4ebce0845fd6d9cbd02f42

.rdata 0x4b000 0x2474 0x2600 3.42 dcda67e93a311caa744643cfd89c5013

( 5 imports )

> KERNEL32.dll: LocalAlloc, GetACP, GetOEMCP, VirtualAlloc, GetProcAddress, lstrlenA, FindResourceA, GetVersionExA, ExitThread, SetEvent, lstrcpyA, GetFullPathNameA, lstrcpynA, ExitProcess, GetProcessHeap, GetModuleHandleA

> SHELL32.dll: SHGetDiskFreeSpaceA, SHGetSpecialFolderLocation, DragQueryFileA, SHGetDesktopFolder

> gdi32.dll: GetDCOrgEx, GetCurrentPositionEx, GetBitmapBits

> user32.dll: DispatchMessageW, KillTimer, CharLowerBuffA, IsWindowEnabled, GetMenuItemInfoA, GetWindow, GetDC, SetWindowTextA, SetWindowLongA, PtInRect, OemToCharA, GetWindowLongA, DestroyCursor, GetKeyboardState, IsRectEmpty, GetKeyboardType, SetScrollInfo, EnumWindows, SetMenuItemInfoA, GetSystemMetrics, DrawIcon, InsertMenuItemA, SetScrollPos

> version.dll: VerInstallFileA, GetFileVersionInfoSizeA

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: ApexDC__ Development Team

copyright....: Based on StrongDC__

product......: Apex

description..: Apex

original name: Apex.exe

internal name: Apext

file version.: 0, 1, 2, 0

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=1C6C9553002A6F10B605027EBC307800574C15E2' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=1C6C9553002A6F10B605027EBC307800574C15E2</a>

&

finally, the results for c:\windows\system32\dbgspl20.dll:

File dbgspl20.dll received on 2010.08.08 22:08:35 (UTC)

Current status: finished

Result: 3/41 (7.32%)

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.08.08.00 2010.08.07 -

AntiVir 8.2.4.34 2010.08.08 -

Antiy-AVL 2.0.3.7 2010.08.06 -

Authentium 5.2.0.5 2010.08.08 -

Avast 4.8.1351.0 2010.08.08 -

Avast5 5.0.332.0 2010.08.08 -

AVG 9.0.0.851 2010.08.08 -

BitDefender 7.2 2010.08.08 -

CAT-QuickHeal 11.00 2010.08.07 -

ClamAV 0.96.0.3-git 2010.08.08 -

Comodo 5688 2010.08.08 -

DrWeb 5.0.2.03300 2010.08.08 -

Emsisoft 5.0.0.36 2010.08.08 -

eTrust-Vet 36.1.7773 2010.08.07 -

F-Prot 4.6.1.107 2010.08.08 -

F-Secure 9.0.15370.0 2010.08.07 -

Fortinet 4.1.143.0 2010.08.08 -

GData 21 2010.08.08 -

Ikarus T3.1.1.84.0 2010.08.08 -

Jiangmin 13.0.900 2010.08.07 -

Kaspersky 7.0.0.125 2010.08.08 -

McAfee 5.400.0.1158 2010.08.08 -

McAfee-GW-Edition 2010.1 2010.08.08 -

Microsoft 1.6004 2010.08.08 -

NOD32 5349 2010.08.07 -

Norman 6.05.11 2010.08.08 -

nProtect 2010-08-08.01 2010.08.08 -

Panda 10.0.2.7 2010.08.08 Suspicious file

PCTools 7.0.3.5 2010.08.08 -

Prevx 3.0 2010.08.09 -

Rising 22.59.05.04 2010.08.07 -

Sophos 4.56.0 2010.08.08 Sus/Virtum-C

Sunbelt 6703 2010.08.08 Trojan.Win32.Vundo.Gen (v)

SUPERAntiSpyware 4.40.0.1006 2010.08.08 -

Symantec 20101.1.1.7 2010.08.08 -

TheHacker 6.5.2.1.338 2010.08.08 -

TrendMicro 9.120.0.1004 2010.08.08 -

TrendMicro-HouseCall 9.120.0.1004 2010.08.08 -

VBA32 3.12.12.8 2010.08.04 -

ViRobot 2010.7.29.3961 2010.08.08 -

VirusBuster 5.0.27.0 2010.08.08 -

Additional information

File size: 37888 bytes

MD5...: b5b43a4e5238ee16381db74a3b1bc7d1

SHA1..: 072ea70c2b745c2e401cdbc58a0765be7b1a3c62

SHA256: c2e0203692ffc402df8d6a02dedabf8d106b55f54c45febf6ec9f5666f801ab6

ssdeep: 768:dTbiJ66LvbcWVeN3iLTbY3OOOOOOOI27D7ztpRynqDs:U60v4WVWUTyGXxpR

yqDs

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x1056

timedatestamp.....: 0x4c4d8dce (Mon Jul 26 13:29:50 2010)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x238a 0x2400 7.20 61ad3b60e617c3a9f408f0d31e64bb2a

.data 0x4000 0x178e 0x1800 7.88 d0905cd3b042ff1c0f211c07ee88f7c0

.rsrc 0x6000 0x5380 0x5400 5.74 881adf43fdcf92509d8e235b36a6df70

( 10 imports )

> KERNEL32.dll: EnterCriticalSection, ExitProcess, FlushFileBuffers, GetACP, GetCommandLineA, GetFileSize, GetLastError, GetLocalTime, GetModuleHandleA, GetOEMCP, GetStartupInfoA, GetSystemDirectoryA, GetVersion, HeapAlloc, MultiByteToWideChar, OpenFile, SetLastError, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, UnmapViewOfFile, VirtualAlloc, VirtualFree, lstrcmpA, lstrcpyA

> msvcrt.dll: wcscat, wcscpy, wcslen, __getmainargs, __p__commode, __set_app_type, exit, printf, rand, realloc, strpbrk, swscanf, isdigit

> ole32.dll: StgCreateDocfile, CoTaskMemFree, CoRegisterMessageFilter, CoInitialize, CoCreateInstance, WriteClassStm

> ntdll.dll: RtlEnterCriticalSection, RtlCreateUnicodeString, RtlInitUnicodeString, RtlLeaveCriticalSection, RtlNtStatusToDosError, NtSetInformationProcess, NtCreateDirectoryObject, RtlInitString

> shlwapi.dll: PathIsUNCW, StrToIntW, PathAppendW, PathIsUNCServerShareW

> comdlg32.dll: ChooseColorA, CommDlgExtendedError, LoadAlterBitmap, PageSetupDlgA, GetOpenFileNameW, ChooseFontA, FindTextA

> comctl32.dll: InitCommonControlsEx

> winmm.dll: mixerSetControlDetails, midiOutPrepareHeader, midiOutGetNumDevs, midiOutGetID, mmDrvInstall

> oleaut32.dll: SafeArrayDestroy, SysStringLen, SafeArrayAllocData

> user32.dll: CreateMenu, RegisterClassA, DrawMenuBar

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/...-021223-0550-99

sigcheck:

publisher....: Image-Line bvba

copyright....: Copyright © 2005-06 Image-Line bvba. All rights reserved.

product......: IL Download Manager

description..:

original name:

internal name:

file version.: 1.1.1.0

comments.....: (05-06) reflex

signers......: -

signing date.: -

verified.....: Unsigned

Whats next? The first 2 files scanned seem familiar to me, like I've deleted them before, but they reappear, hopefully we can get rid of them for good now!

Link to post
Share on other sites

Malwarebytes should remove the others.

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

File::
c:\windows\Ezetyb.exe
c:\windows\system32\dbgspl20.dll
c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll
c:\windows\svc3.exe
c:\windows\system32\commext.dll
c:\windows\system32\dbgspl20.dll

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt and the Malwarebytes report in your next reply.

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

combofix:

ComboFix 10-08-08.01 - Jared Drace 08/08/2010 18:40:25.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.265 [GMT -4:00]

Running from: c:\documents and settings\Jared Drace\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jared Drace\Desktop\CFScript.txt

FILE ::

"c:\windows\Ezetyb.exe"

"c:\windows\svc3.exe"

"c:\windows\system32\commext.dll"

"c:\windows\system32\dbgspl20.dll"

"c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Ezetyb.exe

c:\windows\svc3.exe

c:\windows\system32\commext.dll

c:\windows\system32\dbgspl20.dll

c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\kernel32.dll

.

((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))

.

2010-08-08 18:33 . 2010-08-08 18:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

2010-08-08 18:33 . 2010-08-08 18:33 -------- d-----w- c:\documents and settings\Administrator

2010-08-08 17:52 . 2010-08-08 17:52 -------- d--h--w- c:\windows\PIF

2010-08-06 05:21 . 2010-08-06 05:22 -------- d-----w- C:\Root Repeal

2010-08-06 00:42 . 2010-08-08 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-05 15:26 . 2010-08-06 00:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bpqkrsypb

2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\documents and settings\Jared Drace\Application Data\Yahoo!

2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\program files\Yahoo!

2010-08-05 03:42 . 2010-08-05 03:42 -------- d-----w- C:\spoolerlogs

2010-08-04 17:33 . 2010-08-05 08:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-04 17:06 . 2010-08-08 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-08-04 17:05 . 2010-08-08 17:06 0 ----a-w- c:\windows\Rfusi.bin

2010-08-04 17:05 . 2010-08-08 02:27 120 ----a-w- c:\windows\Kgiwiwa.dat

2010-08-04 17:04 . 2010-08-08 22:48 781824 ----a-w- c:\windows\system32\drivers\jsrhy.sys

2010-08-04 17:04 . 2010-08-04 17:04 177664 ----a-w- c:\windows\Ezetya.exe

2010-08-03 16:41 . 2010-08-03 16:41 294912 ----a-w- c:\windows\system32\mdwgp.dll

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\Jared Drace\Local Settings\Application Data\Cisco

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\program files\Cisco

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco

2010-07-14 00:43 . 2010-07-14 00:43 40581 ----a-w- c:\windows\system32\zdvop.exe

2010-07-13 22:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-11 17:30 . 2010-07-11 17:30 44056 ---ha-w- c:\windows\system32\mlfcache.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-08 18:30 . 2007-04-26 23:45 -------- d-----w- c:\documents and settings\Jared Drace\Application Data\uTorrent

2010-08-08 17:29 . 2003-04-30 23:33 36277 ----a-w- c:\windows\nsreg.dat

2010-08-08 02:27 . 2009-04-10 17:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-05 08:22 . 2010-01-19 05:10 117760 ----a-w- c:\documents and settings\Jared Drace\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-05 06:40 . 2009-04-10 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-05 06:38 . 2002-12-05 23:37 -------- d-----w- c:\program files\Common Files\Real

2010-08-05 06:37 . 2002-12-05 23:29 -------- d-----w- c:\program files\Real

2010-08-05 05:15 . 2009-04-10 17:24 -------- d-----w- c:\program files\CCleaner

2010-07-11 04:06 . 2010-07-11 04:06 2605008 ----a-w- c:\documents and settings\Jared Drace\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-06-14 14:31 . 2002-12-05 02:22 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-05-17 03:16 . 2007-04-26 23:45 322352 ----a-w- c:\program files\utorrent.exe

2008-10-21 14:25 . 2008-11-04 07:46 41335 -c--a-w- c:\program files\player.swf

2008-10-20 19:54 . 2008-11-04 07:46 3693 -c--a-w- c:\program files\readme.html

2008-10-20 14:04 . 2008-11-04 07:46 1187 -c--a-w- c:\program files\yt.swf

2008-10-15 18:41 . 2008-11-04 07:46 8295 -c--a-w- c:\program files\preview.jpg

2008-10-15 18:41 . 2008-11-04 07:46 6880 -c--a-w- c:\program files\swfobject.js

2008-10-15 18:41 . 2008-11-04 07:46 216278 -c--a-w- c:\program files\video.flv

2007-10-01 00:06 . 2007-10-20 20:00 10298 -c--a-w- c:\program files\Readme First.rtf

2007-10-01 00:00 . 2007-10-20 20:00 1041920 -c--a-w- c:\program files\MPEG_Streamclip.exe

2004-02-04 21:22 . 2004-01-29 01:41 13 --sh--r- c:\windows\system32\Mediav_6_4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

2007-07-31 21:33 1391640 ----a-w- c:\program files\D'Accord_Music_Software\tbD'Ac.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C4225628-E1F3-4FD1-AB0B-B24C84BCF12F}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AIM"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [2006-08-01 67112]

"Google Update"="c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HTpatch"="c:\windows\htpatch.exe" [2002-10-31 28672]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]

"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]

"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]

"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]

"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]

"DeltTray"="DeltTray.exe" [2002-07-29 24576]

"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"bipro"="mdwgp.dll" [2010-08-03 294912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2005-10-19 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2004-08-16 20:45 45056 -c--a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-28 01:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 12:45 PM 24652]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 6:32 PM 497856]

S0 hgqnfc;hgqnfc;c:\windows\system32\drivers\ptrkc.sys --> c:\windows\system32\drivers\ptrkc.sys [?]

S1 SABKUTIL;SABKUTIL;\??\i:\superantispyware\SABKUTIL.sys --> i:\superantispyware\SABKUTIL.sys [?]

S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys --> c:\windows\system32\Drivers\Parclass.sys [?]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [9/2/2004 9:01 PM 396480]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677]

--- Other Services/Drivers In Memory ---

*Deregistered* - jsrhy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841565102-1366171234-2308016983-1005Core.job

- c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 20:31]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841565102-1366171234-2308016983-1005UA.job

- c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 20:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: aol.com\free

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-NetLog3 - c:\windows\svc3.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-08 18:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d???????0G?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jsrhy]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(428)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3536)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\DeltTray.exe

c:\windows\System32\nvsvc32.exe

c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

c:\program files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

c:\windows\wanmpsvc.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-08-08 18:54:31 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-08 22:54

ComboFix2.txt 2010-08-08 21:28

ComboFix3.txt 2010-08-08 20:50

ComboFix4.txt 2010-08-08 19:03

ComboFix5.txt 2010-08-08 22:38

Pre-Run: 913,108,992 bytes free

Post-Run: 896,729,088 bytes free

- - End Of File - - 19374C4667161C9DC3EDA4B14AC8AE1B

malwarebytes:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4408

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

8/8/2010 8:11:02 PM

mbam-log-2010-08-08 (20-11-02).txt

Scan type: Quick scan

Objects scanned: 137817

Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 10

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 492

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c43e030e-fbc0-4a1f-abc0-89f0b2e9ec99} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\BSK91O3T6D (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\mdwgp.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zdvop.exe (Trojan.Adware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A1kU3m79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a31793yWS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a31e93k7y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a31e9a17e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A31eIQ1w9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a5k5y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a5kU5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A5kUO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A793s7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A79e1a.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A7k3y7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A7kU17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A7kU1m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A7kUO7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a931793.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A931s93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\A931s9e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a93e7aA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a93eIQ3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a9k1y93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\a9k1yWS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aA1793uO9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\AA179sK7y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aA1k9yW7u.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q3w793gM9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q3w7uO179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q3wSK3179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q3wSKUO79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q5555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q55c5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q55cE.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q5w55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q5wS5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q79317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q93179i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q93c7s3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I5q5w.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I5qGM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I79317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I931q93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I931qGM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ17cE17k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ17cEI7q.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ3179m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ317o3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ3wS9e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ55c.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ5wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ79c1sK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG3i7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQG5i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG79a1kU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQG7iQ17c.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQGM31wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQGM7gM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQGM9gM7g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQGMY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\IQGMY3c7s.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\iQGMY7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e17k3yW9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e1aAA179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e31k93gM9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\E31k93gMY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e31kUO1o9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e3a79eI79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e5555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e555e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\E55k5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e5a55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e7931s.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\E931e93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e93kUOC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\E9a1kUO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\E9aA7k3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EI17q3w79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U9mYWSK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO1793a7k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO179i17q.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO1o9o17m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO1oCE1aA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uO31793.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO3o7oC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO3oCE3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uO5o5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO79mYW9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uO9317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uO931i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO9o17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO9o1o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uO9oC7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UO9oCE.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uOC1sK3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uOC3s7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uOC9317g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uOC9sK7y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uOCE1a.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uOCE3a79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uOCE9aAA9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UOCEI.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UOCEI317q.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\UOCEI7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\MYWS7eI.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mYWSK9y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mYWSKUOC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\o1o931i9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\O1oC31u9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\O1oCE17k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\o5555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\o5oCE.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\o79317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\O79mY7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\o931iQG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\O93m7gM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\O9o179i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\oC17931wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\oC1s93179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OC3179g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\oC31u93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\oC3sKU3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OC5s5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\oC5sK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OC79uOCE.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aA1kU3mY9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c17u3mYW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\cE79k1yW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\E17k3179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY3c7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i5q55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k17gM179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\KU55i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m3gMY3cE9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mYWS31sK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\oC7s3e7a.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q317o317i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q93c7sK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG793kUO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\s7eI1q.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U1mYW17y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U9mYWS3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\uOCEIQ3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y1c9sKUO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y93o79m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQGM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\G17a3kU9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\g1iQ3wSK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\g317k31gM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\G31aA31e9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\G555k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\G5i5q.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\G5iQ5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\g7931e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\g7i317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\g93a7kU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\g9iQG9i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gM17w31y9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gM1gMY179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gM1gMY17o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\GM3gM93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gM3gM9g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gM5g5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\GM7g31a9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gMY1c93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y1cE31k9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y1cE31kU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y1cE3aAA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Y1cEI1qG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Y317mY179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y31o931i9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y31oC317y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Y31oC3s79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y31oCE1a9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y3c79317w.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y3c79uOC9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y3c7sK17g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y3cEI3qGM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y5c5s.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y5cE5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Y793m7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y7c31u.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y9317i3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG79a179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG7i3179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QG9i1q.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qGM1gMY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qGM31w.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QGM3gM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QGM7g3iQG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QGM7gM17w.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qGM93wS9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QGMY79o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QGMYWS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QGMYWS1eI.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\s179uO7o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\S17s3e7a.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\S17sK17g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\S1e9aA7k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\s317uOC79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\s31s93179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\S5555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\s555u.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\s793u7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\S79s17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\s7e317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\S7e3aA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c17uO17m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c31u9mYWS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C31uOC1s9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c3s79s179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c3sK93gMY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C3sK9yWS9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C3sK9yWSK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C3sKUOCE9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C55u5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c55uO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c5s5e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C5sK5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C5sKU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c79u17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C7s317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\c93u7m3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C9s1eIQ.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C9sK7yW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CE1a93e79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CE3aAA3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\cE55k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CE5a5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\KU5m5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\KU7m31wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\kU931a.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\KU9m17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\KU9mY7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\kU9mYW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\kUO3oC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\kUO55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\KUOCE93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\KUOCEI179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\kUOCEIQ.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m179cE79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m17w3u7m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M17w3uO9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M1g931k9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m1gM3gMY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M317cE179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m31w9uO7o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gMY3cE.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gMY55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY793m79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gMY79oC79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY9c1s9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gMYW9uO7o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gMYWS3e7a.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\gMYWS9e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I17931q9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i179q1w9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I179q1wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i17q3w79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i1qG31aA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I1qGMY7c.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i3179q1w9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i31q93cE9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i3q7wS17s.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\I3qG93a79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i3qGMY17o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\i55qG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CE7a3k79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CE93k7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CE9a17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CEI179q.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\cEI3q7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\cEI3qG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CEI55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\cEI7q3w7u.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CEI7qGMYW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\cEI93q79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CEIQ79c.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\cEIQ9317m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\cEIQ93cE9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\CEIQG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\e179e1aA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\E179eIQG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\S93sK9y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\SK31gMY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\sK5y5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\SK7yW179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\sK7yW1uO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\sKU5m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\sKU7931kU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU7m3179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\sKU93i79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU9m1g9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\sKUO1o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\sKUO3o79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\SKUOC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\sKUOC1s9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U179a1k9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U17i31q9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u1m9gM79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u1m9gMY9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\w1u93i79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\w1u93iQ9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W1u9m179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W1u9m1g9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W1u9mYW9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W3u793179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W3uO93mY9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\w3uOC3s7e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W3uOCE1aA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W555g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\w55y5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\w55yW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\w79317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W793gM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\W93y793.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\wS17s3e79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\wS3eIQ3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\WS55s.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\wS5e5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\wS5eI.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\WS7e31kU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\wS7eIQG9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\wSK317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\wSK7yWSKU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y1793iQ9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Y179m17w.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Y17o3oC9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y1c931yW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\AA1kUOCEI.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\AA31793.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aA3kUOC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aA5k5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\AA7931u9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\AA93e7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aA9k17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aA9k1y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\AA9kUO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aAA317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\AAA7kU1mY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\AAA7kUOC9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aAAA3179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aAAA9k1yW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aAAA9kU7m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\aAAAAAA9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C17931wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\C17u31i9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K1y9cEIQ.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k1yW3u7m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k1yWSKU9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K31793179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k3y7c3s7e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k3yWS3eI9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K555w.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K55gM.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k5y5c.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k7931c.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K793wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k79g1i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K7y31o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K7yWS7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K9y179m.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k9y17o3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\k9y1cE3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\K9yW7u3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\kU1mY31o9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\kU1mYWS79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\kU3m79w.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\KU555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OC7s3eIQ.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OC9317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OC9sK7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\oCE3aA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OCE55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OCEI5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OCEIQ.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OCEIQ1wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OCEIQ3wSK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\oCEIQGM79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\OCEIQGM7g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q1793m7g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q17cE17k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q17cE1aA.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q17cEIQG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q1w9u17i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q1wSKU79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q1wSKUO9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q317o3179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y93o7o3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Y93oC93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\y9c1s93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yW1793w79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YW17yWSKU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YW1u93179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yW31793.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YW31yW3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yW3uOC3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YW555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yW55y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yW5u5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YW5uO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yW7uOC7s.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YW93yW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yW9u17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS17sK.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS31s.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS3eI.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yWS55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS5e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yWSK3yWS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yWSK9y17o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\yWSKU179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\YWSKUO.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eI317qG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EI3q793.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eI3q7w3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eI555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eI5qG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EI7q317o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eI7qGM79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eI7qGM7g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eI931q.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQ1w9u.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQ3wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQ7931mY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eIQ79cEI9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eIQ7wSKU9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQ93c7s.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\eIQG17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQG931kU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u31i9q17c.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U31iQ31cE.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U31iQ3w79.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U31iQG17a.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u31iQGMY9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U3mY9317i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u3mYW3179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U5555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U555a.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U55i5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U55iQ.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U5m55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U5mY5.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U5mYW.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u79317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u7931k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U793a7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u79i17.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U79iQ7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u79iQG.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U9317kU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\u9m17wS.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\U9m1gMY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M3gMYWSK9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m5555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M5g55.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M5g5i.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M5gMY.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M7931o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m793cE.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m79w1u.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m7g3i7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M7gM1g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\M9317o3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m93wS93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\m9g179k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mY1c93uOC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\MY3cE93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mY555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mY55o.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mY793mY9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\MY79o1o9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mY7c3s7e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\MY9317.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\mYWS1e.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q93cE93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\Q93cEIQ.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q9w179g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\q9w17y3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG179k17g.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QG179kUOC.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG17a3k7y.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG31793.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QG317k3.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QG317kU.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG31a9k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG3iQ93.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG555.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\QG5iQ.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spool\prtprocs\w32x86\qG7931e9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Ezetya.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jared Drace\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jared Drace\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Now that we have breathing room....Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer

Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories.

Download Microsoft Security Essentials:

.

Next

I do not like to run ComboFix to many times. but your PC was VERY infected. Drag ComboFix Icon into the Recycle Bin. And download it again please. After you install Microsoft Security Essentials.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hey Kenny,

I installed the anti-virus you recommended, it found some more stuff that i got rid of, I also deleted & reinstalled combo fix & will post the log in a second.

2 quick things:

When I restart now I get this error - heading: "RUNDLL" message: "Error loading mdgwp.dll The specified module could not be found" then I hit "OK" & its done with. Is this a registry thing? Probably trying to run a file that got deleted because it was infected or bad

When combofix was running, I got this message - heading: "PEV.cfxxe" message "PEV.cfxxe has encountered a problem and needs to close. We are sorry for the inconvenience" Then I click either send or don't send & thats gone.

Is there a way to get rid of these?

Here is the latest combofix log:

ComboFix 10-08-08.03 - Jared Drace 08/09/2010 12:41:30.6.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.148 [GMT -4:00]

Running from: c:\documents and settings\Jared Drace\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))

.

2010-08-09 16:02 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-09 15:43 . 2010-08-09 15:44 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-08-09 02:18 . 2010-03-20 09:46 201968 ----a-w- c:\windows\system32\Isafprod.dll

2010-08-09 02:18 . 2010-03-20 09:46 95472 ----a-w- c:\windows\system32\Vetredir.dll

2010-08-09 02:18 . 2010-03-20 09:46 128240 ----a-w- c:\windows\system32\Isafeif.dll

2010-08-08 18:33 . 2010-08-08 18:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

2010-08-08 18:33 . 2010-08-08 18:33 -------- d-----w- c:\documents and settings\Administrator

2010-08-08 17:52 . 2010-08-08 17:52 -------- d--h--w- c:\windows\PIF

2010-08-06 05:21 . 2010-08-06 05:22 -------- d-----w- C:\Root Repeal

2010-08-06 00:42 . 2010-08-08 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-05 15:26 . 2010-08-06 00:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bpqkrsypb

2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\documents and settings\Jared Drace\Application Data\Yahoo!

2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\program files\Yahoo!

2010-08-05 03:42 . 2010-08-05 03:42 -------- d-----w- C:\spoolerlogs

2010-08-04 17:33 . 2010-08-05 08:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-04 17:06 . 2010-08-08 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-08-04 17:05 . 2010-08-08 17:06 0 ----a-w- c:\windows\Rfusi.bin

2010-08-04 17:05 . 2010-08-08 02:27 120 ----a-w- c:\windows\Kgiwiwa.dat

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\Jared Drace\Local Settings\Application Data\Cisco

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\program files\Cisco

2010-07-14 04:36 . 2010-07-14 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco

2010-07-13 22:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-11 17:30 . 2010-07-11 17:30 44056 ---ha-w- c:\windows\system32\mlfcache.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-09 16:33 . 2007-01-07 21:31 -------- d-----w- c:\program files\CA

2010-08-09 07:51 . 2007-04-26 23:45 -------- d-----w- c:\documents and settings\Jared Drace\Application Data\uTorrent

2010-08-09 02:26 . 2010-01-11 03:24 -------- d-----w- c:\program files\Google

2010-08-08 17:29 . 2003-04-30 23:33 36277 ----a-w- c:\windows\nsreg.dat

2010-08-08 02:27 . 2009-04-10 17:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-05 08:22 . 2010-01-19 05:10 117760 ----a-w- c:\documents and settings\Jared Drace\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-05 06:38 . 2002-12-05 23:37 -------- d-----w- c:\program files\Common Files\Real

2010-08-05 06:37 . 2002-12-05 23:29 -------- d-----w- c:\program files\Real

2010-08-05 05:15 . 2009-04-10 17:24 -------- d-----w- c:\program files\CCleaner

2010-07-11 04:06 . 2010-07-11 04:06 2605008 ----a-w- c:\documents and settings\Jared Drace\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-06-14 14:31 . 2002-12-05 02:22 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-05-17 03:16 . 2007-04-26 23:45 322352 ----a-w- c:\program files\utorrent.exe

2008-10-21 14:25 . 2008-11-04 07:46 41335 -c--a-w- c:\program files\player.swf

2008-10-20 19:54 . 2008-11-04 07:46 3693 -c--a-w- c:\program files\readme.html

2008-10-20 14:04 . 2008-11-04 07:46 1187 -c--a-w- c:\program files\yt.swf

2008-10-15 18:41 . 2008-11-04 07:46 8295 -c--a-w- c:\program files\preview.jpg

2008-10-15 18:41 . 2008-11-04 07:46 6880 -c--a-w- c:\program files\swfobject.js

2008-10-15 18:41 . 2008-11-04 07:46 216278 -c--a-w- c:\program files\video.flv

2007-10-01 00:06 . 2007-10-20 20:00 10298 -c--a-w- c:\program files\Readme First.rtf

2007-10-01 00:00 . 2007-10-20 20:00 1041920 -c--a-w- c:\program files\MPEG_Streamclip.exe

2004-02-04 21:22 . 2004-01-29 01:41 13 --sh--r- c:\windows\system32\Mediav_6_4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

2007-07-31 21:33 1391640 ----a-w- c:\program files\D'Accord_Music_Software\tbD'Ac.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C4225628-E1F3-4FD1-AB0B-B24C84BCF12F}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AIM"="c:\program files\Netscape\Communicator\Program\AIM\aim.exe" [2006-08-01 67112]

"Google Update"="c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HTpatch"="c:\windows\htpatch.exe" [2002-10-31 28672]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]

"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]

"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]

"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]

"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]

"DeltTray"="DeltTray.exe" [2002-07-29 24576]

"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2005-10-19 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

2004-08-16 20:45 45056 -c--a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-28 01:47 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\utorrent.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 12:45 PM 24652]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 6:32 PM 497856]

S0 hgqnfc;hgqnfc;c:\windows\system32\drivers\ptrkc.sys --> c:\windows\system32\drivers\ptrkc.sys [?]

S1 SABKUTIL;SABKUTIL;\??\i:\superantispyware\SABKUTIL.sys --> i:\superantispyware\SABKUTIL.sys [?]

S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys --> c:\windows\system32\Drivers\Parclass.sys [?]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [9/2/2004 9:01 PM 396480]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841565102-1366171234-2308016983-1005Core.job

- c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 20:31]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841565102-1366171234-2308016983-1005UA.job

- c:\documents and settings\Jared Drace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 20:31]

2010-08-09 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-08-09 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: aol.com\free

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-bipro - mdwgp.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-09 12:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d???????0G?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(496)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2056)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-08-09 13:02:12

ComboFix-quarantined-files.txt 2010-08-09 17:02

ComboFix2.txt 2010-08-08 22:54

ComboFix3.txt 2010-08-08 21:28

ComboFix4.txt 2010-08-08 20:50

ComboFix5.txt 2010-08-09 16:38

Pre-Run: 558,473,216 bytes free

Post-Run: 955,768,832 bytes free

- - End Of File - - BC210BDFC3A186354CE9E8C980E5B676

Link to post
Share on other sites

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

here are the DDS logs:

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86

Run by Jared Drace at 13:46:41.51 on Mon 08/09/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.135 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\DeltTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Jared Drace\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Jared Drace\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jared Drace\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe

C:\WINDOWS\system32\mstsc.exe

C:\Documents and Settings\Jared Drace\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uURLSearchHooks: D'Accord Music Software Toolbar: {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - c:\program files\d'accord_music_software\tbD'Ac.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx

BHO: D'Accord Music Software Toolbar: {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - c:\program files\d'accord_music_software\tbD'Ac.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: D'Accord Music Software Toolbar: {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - c:\program files\d'accord_music_software\tbD'Ac.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [AIM] c:\program files\netscape\communicator\program\aim\aim.exe -cnetwait.odl

uRun: [Google Update] "c:\documents and settings\jared drace\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [HTpatch] c:\windows\htpatch.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

mRun: [storageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r

mRun: [DeltTray] DeltTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{6dc47739-3bb0-4494-a43d-193bf54070ae}\Icon3E5562ED7.ico

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\netscape\communicator\program\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: aol.com\free

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: {21E99D79-E20C-4A2D-9E0A-0518BC13FD30} = 172.16.6.49,172.16.6.48

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]

S0 hgqnfc;hgqnfc;c:\windows\system32\drivers\ptrkc.sys --> c:\windows\system32\drivers\ptrkc.sys [?]

S1 SABKUTIL;SABKUTIL;\??\i:\superantispyware\sabkutil.sys --> i:\superantispyware\SABKUTIL.sys [?]

S2 Parclass;Parclass;c:\windows\system32\drivers\parclass.sys --> c:\windows\system32\drivers\Parclass.sys [?]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2004-9-2 396480]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-3 19677]

UnknownUnknown optbzlwg;optbzlwg; [x]

UnknownUnknown vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-08-09 16:02:56 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-09 15:43:33 0 d-----w- c:\program files\Microsoft Security Essentials

2010-08-09 02:18:34 95472 ----a-w- c:\windows\system32\Vetredir.dll

2010-08-09 02:18:34 201968 ----a-w- c:\windows\system32\Isafprod.dll

2010-08-09 02:18:34 128240 ----a-w- c:\windows\system32\Isafeif.dll

2010-08-08 18:37:46 77312 ----a-w- c:\windows\MBR.exe

2010-08-08 18:37:45 256512 ----a-w- c:\windows\PEV.exe

2010-08-08 17:52:53 0 d--h--w- c:\windows\PIF

2010-08-06 05:21:57 0 d-----w- C:\Root Repeal

2010-08-06 00:42:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-08-05 05:15:46 0 d-----w- c:\program files\Yahoo!

2010-08-05 03:42:12 0 d-----w- C:\spoolerlogs

2010-08-04 17:33:36 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-04 17:06:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Update

2010-08-04 17:06:01 5 ----a-w- C:\zrpt.xml

2010-08-04 17:05:15 120 ----a-w- c:\windows\Kgiwiwa.dat

2010-08-04 17:05:15 0 ----a-w- c:\windows\Rfusi.bin

2010-07-14 04:36:25 0 d-----w- c:\program files\Cisco

2010-07-14 04:36:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Cisco

2010-07-13 22:33:00 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-11 17:30:35 44056 ---ha-w- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2010-05-17 03:16:03 322352 ----a-w- c:\program files\utorrent.exe

2008-10-21 14:25:28 41335 -c--a-w- c:\program files\player.swf

2008-10-20 19:54:44 3693 -c--a-w- c:\program files\readme.html

2008-10-20 14:04:18 1187 -c--a-w- c:\program files\yt.swf

2008-10-15 18:41:30 8295 -c--a-w- c:\program files\preview.jpg

2008-10-15 18:41:30 6880 -c--a-w- c:\program files\swfobject.js

2008-10-15 18:41:30 216278 -c--a-w- c:\program files\video.flv

2007-10-01 00:06:30 10298 -c--a-w- c:\program files\Readme First.rtf

2007-10-01 00:00:54 1041920 -c--a-w- c:\program files\MPEG_Streamclip.exe

2004-02-04 21:22:57 13 --sh--r- c:\windows\system32\Mediav_6_4.dll

2008-09-12 14:12:13 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 13:47:34.28 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/30/2003 7:27:58 PM

System Uptime: 8/9/2010 12:29:32 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S533VL

Processor: Intel® Pentium® 4 CPU 2.40GHz | PGA 478 | 2394/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 14 GiB total, 0.887 GiB free.

D: is FIXED (NTFS) - 61 GiB total, 4.335 GiB free.

E: is Removable

F: is CDROM ()

G: is CDROM ()

H: is FIXED (NTFS) - 112 GiB total, 3.61 GiB free.

I: is FIXED (NTFS) - 932 GiB total, 796.534 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0001

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0001

Service: CVirtA

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: WinpkFilter Miniport

Device ID: ROOT\NT_NDISRDMP\0000

Manufacturer: NTKR

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows - WinpkFilter Miniport

PNP Device ID: ROOT\NT_NDISRDMP\0000

Service: Ndisrd

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: WinpkFilter Miniport

Device ID: ROOT\NT_NDISRDMP\0001

Manufacturer: NTKR

Name: Cisco Systems VPN Adapter - WinpkFilter Miniport

PNP Device ID: ROOT\NT_NDISRDMP\0001

Service: Ndisrd

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: WinpkFilter Miniport

Device ID: ROOT\NT_NDISRDMP\0002

Manufacturer: NTKR

Name: Realtek RTL8139/810x Family Fast Ethernet NIC - WinpkFilter Miniport

PNP Device ID: ROOT\NT_NDISRDMP\0002

Service: Ndisrd

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: WinpkFilter Miniport

Device ID: ROOT\NT_NDISRDMP\0003

Manufacturer: NTKR

Name: WAN Miniport (IP) - WinpkFilter Miniport

PNP Device ID: ROOT\NT_NDISRDMP\0003

Service: Ndisrd

==== System Restore Points ===================

RP1529: 8/8/2010 4:34:43 PM - ComboFix created restore point

RP1530: 8/8/2010 10:15:11 PM - CA Internet Security Suite

RP1531: 8/9/2010 11:40:21 AM - CA Internet Security Suite

RP1532: 8/9/2010 12:02:55 PM - Software Distribution Service 3.0

RP1533: 8/9/2010 12:34:15 PM - CA Internet Security Suite

==== Installed Programs ======================

Link to post
Share on other sites

  • Click the "Run Cleaner that you already have installed" button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click "OK"
  • CCleaner will scan and clean your system.
  • When cleaning is complete:
  • Click "Exit".
  • Repeat for all usernames.

Next

You have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Next

There are some older versions of Java on your computer. These can be a source of infection.

[javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 21 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u121 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_21 from Sun Microsystems Inc.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Link to post
Share on other sites

Hey Kenny,

I won't be able to do this next part until tonight as I'm at work now, but a quick question: the first thing you say to do here is "Click the "Run Cleaner that you already have installed" button." Where is that button coming from? I do have CC cleaner on my cpu, should I just run that, or is this button from DDS or another program? Do I need to run DDS or something else again & then I will see the button?

Also, I wanted to take the time to say thank you for helping me through this, I truly appreciate the time & effort you are putting into this.

-Jared

Link to post
Share on other sites

What error message are you receiving? Try ESET Online Scanner:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

that worked better than the other one, here is the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=366734fd5c61c0468fbe892c3f346a75

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-08-10 03:55:16

# local_time=2010-08-09 11:55:16 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776869 100 100 0 10919170 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=93750

# found=29

# cleaned=0

# scan_time=4729

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRotator5.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentsc.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I

C:\Program Files\Fixes\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I

C:\Program Files\Fixes\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I

C:\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll probably a variant of Win32/Agent.HNCJWDG trojan 00000000000000000000000000000000 I

C:\Program Files\TMPGENC\TMPGEnc-2.57.41.146-Plus-EN\kal-tmpg257.exe Win32/Tool.Embryo.A application 00000000000000000000000000000000 I

C:\Program Files\TMPGENC\TMPGEnc-2.57.41.146-Plus-EN\crack\TMPGEnc+Patch.exe a variant of Win32/Tool.TPE.A application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\[4]-Submit_2010-08-08_18.40.14.zip multiple threats 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Documents and Settings\Jared Drace\Application Data\1879d3d7.exe.vir a variant of Win32/Kryptik.FXN trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\settingsxx.exe\cleansweepupd.exe.vir a variant of Win32/Injector.CLB trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\settingsxx.exe\settingsxx.exe.vir a variant of Win32/Injector.CLB trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\k3rstes.dll.vir a variant of Win32/Cimag.DB trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\ojimilapeyamole.dll.vir a variant of Win32/Cimag.CK trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir a variant of Win32/Kryptik.FXN trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxvxumyxwqhexhfmmlrvcvqsstbqxewdee.dll.vir Win32/TrojanClicker.Agent.NGF trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\idvop.dll.vir Win32/Adware.Lifze.N application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\idwgp.dll.vir Win32/Adware.Lifze.N application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\msvjidkm.dll.vir probably a variant of Win32/PSW.WOW.NNZ trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\szetyj67v.exe.vir Win32/Refpron.LB trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\updata.exe.vir a variant of Win32/TrojanClicker.VB.NFM trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ftdisk.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gaopdxwxymehqymobcxnberrfpjimputfwhowf.sys.vir Win32/TrojanClicker.Agent.NGF trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\srenum.sys.vir Win32/Rootkit.Agent.NTI trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\Y5cEI.dll.vir a variant of Win32/Kryptik.FXN trojan 00000000000000000000000000000000 I

C:\System Volume Information\_restore{39B55467-8C7E-46C6-B32A-C58455643C25}\RP1530\A0110210.dll Win32/Adware.Lifze.N application 00000000000000000000000000000000 I

C:\System Volume Information\_restore{39B55467-8C7E-46C6-B32A-C58455643C25}\RP1532\A0110356.sys a variant of Win32/Bubnix.AY trojan 00000000000000000000000000000000 I

C:\WINDOWS\Drivers\Audio2\COMMON\CtSpkHlp.dll probably a variant of Win32/Spy.Agent.CVQMXMH trojan 00000000000000000000000000000000 I

C:\WINDOWS\system32\ctspkhlp.dll probably a variant of Win32/Spy.Agent.CVQMXMH trojan 00000000000000000000000000000000 I

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.