Jump to content

Another recurring trojan


Recommended Posts

Downloaded malwarebytes software and has got rid of some nasty sh*t for me. Although, i'm having a problem with a recurring trojan, 'svchost.exe'

Seems to slow the CPU down quite noticably and wondering how i get rid of such a thing. Below is my MB log.

Thanks.

Malwarebytes' Anti-Malware 1.25

Database version: 1088

Windows 5.1.2600 Service Pack 2

13:53:21 2008-10-17

mbam-log-10-17-2008 (13-53-21).txt

Scan type: Quick Scan

Objects scanned: 46177

Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\WINDOWS\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:06:01, on 2008-10-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\StormII\stormliv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\StormII\Codec\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: sploov.exe.lnk = C:\WINDOWS\system32\slpoov.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: 使用WEB迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm

O8 - Extra context menu item: 使用WEB迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm

O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm

O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)

O9 - Extra 'Tools' menuitem: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab

O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab

O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab

O16 - DPF: {F3E70CEA-956E-49CC-B444-73AFE593AD7F} (XPPlayer Class) - http://down.sandai.net/kankan/KanKanPlayer.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O24 - Desktop Component 0: Privacy Protection - (no file)

--

End of file - 5585 bytes

Link to post
Share on other sites

Hi There.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to cd or memory stick and take it to the other computer, please do so. Either way, it's important; The logs have to be made by the computer with the problem.

I need you to follow the instructions provided here http://www.malwarebytes.org/forums/index.php?showtopic=2936 first.

I also need for you to download this program http://oldtimer.geekstogo.com/OTListIt.exe to your desktop.

* Close all applications and windows so that you have nothing open and are at your Desktop

* Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

* Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

* Click the Run Scan button

Note: Please be patient and let the scan run without using the computer

* When the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)

* In Notepad, click Edit > Select all then Edit > Copy

* Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log

* Submit your reply and close the Notepad window with OTList.txt

* Also OTListIt's Extras.txt log file will be minimised in the Taskbar (and located on your Desktop) - click on this and maximise the window

* In Notepad, click Edit > Select all then Edit > Copy

* Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log

If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad; they will be on your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Link to post
Share on other sites

Ahh, yes this is the affected computer ofcourse. The log files are quite long.. anyhow.

OTListIt logfile created on: 2008-10-17 17:32:18 - Run

OTListIt by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\HWH\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy-M-d

766.04 Mb Total Physical Memory | 516.72 Mb Available Physical Memory | 67.45% Memory free

1.83 Gb Paging File | 1.63 Gb Available in Paging File | 89.11% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 27.93 Gb Total Space | 13.13 Gb Free Space | 47.00% Space Free | Partition Type: FAT32

Drive D: | 37.25 Gb Total Space | 12.92 Gb Free Space | 34.67% Space Free | Partition Type: FAT32

Drive E: | 37.25 Gb Total Space | 17.81 Gb Free Space | 47.82% Space Free | Partition Type: FAT32

Drive F: | 46.57 Gb Total Space | 2.44 Gb Free Space | 5.23% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HASEE-ADE9B9C08

Current User Name: HWH

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2007-08-01 14:52:38 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe

[2007-08-01 14:52:38 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe

[2008-06-10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[2008-08-21 14:46:56 | 00,341,824 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe

[2004-08-04 12:00:00 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe

[2006-10-05 12:10:12 | 00,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe

[2008-07-22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008-08-13 17:03:34 | 00,544,768 | ---- | M] (北京暴风网际科技有限公司) -- C:\Program Files\StormII\stormliv.exe

[2008-09-27 07:44:20 | 00,634,672 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe

[2008-10-17 17:27:18 | 00,417,280 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HWH\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2006-10-05 12:10:12 | 00,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])

[2008-07-22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007-08-01 14:52:38 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2008-08-13 17:03:34 | 00,544,768 | ---- | M] (北京暴风网际科技有限公司) -- C:\Program Files\StormII\stormliv.exe -- (ccosm [Auto | Running])

[2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008-07-30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])

[2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])

[2006-05-09 21:03:00 | 00,823,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007-03-09 14:56:04 | 01,163,616 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

[2008-07-14 09:42:42 | 00,006,656 | ---- | M] (alipay.com) -- C:\WINDOWS\System32\drivers\alidevice.sys -- (Alidevice [On_Demand | Running])

[2005-06-15 17:58:28 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])

[2005-05-21 05:43:48 | 00,041,984 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\amdk8.sys -- (AmdK8 [On_Demand | Stopped])

[2007-08-01 15:01:48 | 02,371,584 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2007-09-20 21:26:48 | 01,123,328 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])

[2001-08-17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])

[2004-08-04 12:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys -- (FsVga [system | Running])

[2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped])

[2008-01-29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

[2007-05-30 05:04:56 | 04,424,192 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2004-08-03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

File not found -- C:\PROGRA~1\KV2006\KRegEx.sys -- (KRegEx [system | Stopped])

File not found -- C:\PROGRA~1\KV2006\KSysCall.sys -- (KSysCall [system | Stopped])

File not found -- C:\PROGRA~1\KV2006\KvMemon.sys -- (KvMemon [On_Demand | Stopped])

[2008-08-27 15:59:36 | 00,048,128 | ---- | M] (北京三七二一科技有限公司) -- C:\WINDOWS\System32\drivers\lbkcsfm.sys -- (lbkcsfm [boot | Running])

[2001-08-17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])

[2001-08-17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])

[2004-08-03 23:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])

[2004-08-03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])

[2005-03-16 06:47:00 | 00,032,320 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR [boot | Running])

[2005-03-16 06:47:32 | 00,023,200 | ---- | M] (O2 Micro ) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR [boot | Running])

File not found -- C:\PROGRA~1\KV2006\PProtect.sys -- (PProtect [system | Stopped])

[2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-03-08 07:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2001-08-17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])

[2001-08-17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])

[2001-08-17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])

[2004-08-04 12:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2001-08-17 13:48:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sermouse.sys -- (sermouse [On_Demand | Stopped])

[2001-08-16 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])

[2001-08-17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])

[2001-08-17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])

[2001-08-17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])

[2001-08-17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])

[2005-12-16 01:15:06 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

[2004-08-03 23:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\uagp35.sys -- (uagp35 [boot | Stopped])

[2001-08-17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\drivers\ultra.sys -- (ultra [Disabled | Stopped])

[2008-07-22 20:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

[2004-08-03 23:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])

[2004-08-03 23:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wmiacpi.sys -- (WmiAcpi [system | Running])

[2004-08-04 12:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

[2007-04-17 10:12:00 | 00,255,232 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

URLSearchHook: {BB936323-19FA-4521-BA29-ECA6A121BC78} - Reg Error: Key does not exist or could not be opened. File not found

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

URLSearchHook: {BB936323-19FA-4521-BA29-ECA6A121BC78} - Reg Error: Key does not exist or could not be opened. File not found

HKU\S-1-5-21-914090876-3133978997-4149289120-1003\S-1-5-21-914090876-3133978997-4149289120-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (WebThunder Browser Helper) - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll (Thunder Networking Technologies,LTD)

O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKCU\..\Toolbar: (no name) - {B5A34A93-D538-43A7-8371-864CB6148D12} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\..\Toolbar: (no name) - {B5A34A93-D538-43A7-8371-864CB6148D12} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\..\Toolbar: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\StormII\Codec\qttask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\HWH\Start Menu\Programs\Startup\sploov.exe.lnk = C:\WINDOWS\system32\slpoov.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 0 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 2 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 4 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 5 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 6 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 7 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 8 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 9 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 10 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 11 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 12 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 13 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 14 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 15 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 16 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 17 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 18 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 19 = no

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 0 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 2 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 4 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 5 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 6 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 7 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 8 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 9 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 10 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 11 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 12 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 13 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 14 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 15 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 16 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 17 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 18 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 19 = no

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 [binary data]

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O7 - HKU\S-1-5-21-914090876-3133978997-4149289120-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item:

Link to post
Share on other sites

Is there a particular reason your not doing the first requested parts? Your using an outdated version of mbam, with an old database. Let's see if it knows any of the stuff you seem to have with an update. Once you update, scan again, allow mbam to remove anything it finds and reboot. After rebooting, scan once more and post that logfile here please.

I will analyze the logs from ot further and may ask you to provide copies of some of the files in the log for further analysis and possible inclusion into the mbam database.

Thanks!

Link to post
Share on other sites

Ok this is what i got from the updated version;

Windows 5.1.2600 Service Pack 2

2008-10-18 2:15:16

mbam-log-2008-10-18 (02-15-10).txt

Scan type: Quick Scan

Objects scanned: 50586

Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bb936323-19fa-4521-ba29-eca6a121bc78} (Fake.Dropped.Malware) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\1.ico (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\2.ico (Malware.Trace) -> No action taken.

C:\Program Files\Thunder Network\Thunder\Thunder.exe (Trojan.Agent) -> No action taken.

C:\Documents and Settings\HWH\Application Data\TmpRecentIcons\MS Antivirus.lnk (Rogue.Link) -> No action taken.

Link to post
Share on other sites

Ok yes its still there with the updated version.

Malwarebytes' Anti-Malware 1.29

Database version: 1279

Windows 5.1.2600 Service Pack 2

2008-10-19 9:38:52

mbam-log-2008-10-19 (09-38-52).txt

Scan type: Quick Scan

Objects scanned: 51342

Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\WINDOWS\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Ok yes its still there with the updated version.

Malwarebytes' Anti-Malware 1.29

Database version: 1279

Windows 5.1.2600 Service Pack 2

2008-10-19 9:38:52

mbam-log-2008-10-19 (09-38-52).txt

Scan type: Quick Scan

Objects scanned: 51342

Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

C:\WINDOWS\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Trend Micro Damage Cleanup Engine

Make sure you read this document to understand how to use the program.

Basically there are 3 parts that need to be downloaded from these links:
  • As an example on 2008-10-17 the files to download are:
    sysclean.com
    |
    lpt605.zip
    |
    ssapiptn697.zip

  • NOTE!
    These file names are examples and you must visit Trend Micro for the very latest files which may have different names.

  • Create a brand new folder to copy these files to.

  • As an example:
    C:\DCE

  • Then open each of the zipped archive files and copy their contents to
    C:\DCE

  • Copy the file
    sysclean.com
    to the new folder
    C:\DCE
    as well.

  • Double-click on the file
    sysclean.com
    that is in the
    C:\DCE
    folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file
    sysclean.log
    that will be left behind by sysclean.

  • This self-extracting archive is a stand-alone fix package that incorporates the Trend Micro VSAPI Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine and Template.

    This tool supports the following features:

    o Terminate all detected malware/spyware instances in memory

    o Remove malware/spyware registry entries

    o Remove malware/spyware entries from system files

    o Scan for and delete all detected malware/spyware copies in all local drives

http://windowshelp.microsoft.com/windows/en-us/help/7050d809-c761-43d4-aae7-587550cd341a1033.mspx' rel="external nofollow">
Link to post
Share on other sites

OK i ran Trend Micro Damage Cleanup and after clicking 'OK' to the finding of this virus/trojan 'TSC_GENCLEAN' about 1000 times, SVCHOST.EXE is still reappearing after every restart. One of the larger scans found 328 viruses!

Post scan- Twice, on start up, a box popped up from DCE stating DEADLINKS was a virus but now i do not have this message.

The log is large is too large to be displayed in this box... so i'm not sure really what to include... so i have just added some of the log... not sure if it is anygood to anyone, but anyway.

2008-10-20, 17:46:52, Auto-clean mode specified.

2008-10-20, 17:46:52, Initialized Rootkit Driver version 2.2.0.1004.

2008-10-20, 17:46:52, Running scanner "D:\Trend Micro\TSC.BIN"...

2008-10-20, 17:47:00, Scanner "D:\Trend Micro\TSC.BIN" has finished running.

2008-10-20, 17:47:00, TSC Log:

Damage Cleanup Engine (DCE) 5.32(Build 1011)

Windows XP(Build 2600: Service Pack 2)

Start time : 星期一 十月 20 2008 17:02:15

Load Damage Cleanup Template (DCT) "D:\Trend Micro\TMRDCT.ptn" (version ) [fail]

Load Damage Cleanup Template (DCT) "D:\Trend Micro\tsc.ptn" (version 984) [success]

TSC_GENCLEAN[virus found]

-->delete file("C:\WINDOWS\system32\sploov.exe","","") success

-->add folder("D:\Trend Micro\TSC_Temp","","") success

-->copy file("D:\Trend Micro\tsc.bin","D:\Trend Micro\TSC_Temp\tsc.exe","") success

-->copy file("D:\Trend Micro\tsc.ini","D:\Trend Micro\TSC_Temp\tsc.ini","") success

-->copy file("D:\Trend Micro\tsc.ptn","D:\Trend Micro\TSC_Temp\tsc.ptn","") success

-->add file("D:\Trend Micro\TSC_Temp\DEADLINKS.INI","","") success

-->modify file("D:\Trend Micro\TSC_Temp\DEADLINKS.INI","","") success

-->modify file("D:\Trend Micro\TSC_Temp\DEADLINKS.INI","","") success

-->modify registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\RunOnce","TSC") success

-->add file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->modify file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->delete file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->modify registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\security center","FirewallDisableNotify") success

-->modify registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\security center","UpdatesDisableNotify") success

-->modify registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\security center","AntiVirusDisableNotify") success

GenericClean::Pattern:TSC_GENCLEAN,Virus Name:TROJ_AGENT.PLB,Virus File Path:C:\WINDOWS\system32\sploov.exe

Complete time : 星期一 十月 20 2008 17:02:15

Execute pattern count(1), Virus found count(1), Virus clean count(1), Clean failed count(0)

Damage Cleanup Engine (DCE) 5.32(Build 1011)

Windows XP(Build 2600: Service Pack 2)

Start time : 星期一 十月 20 2008 17:02:23

Load Damage Cleanup Template (DCT) "D:\Trend Micro\TMRDCT.ptn" (version ) [fail]

Load Damage Cleanup Template (DCT) "D:\Trend Micro\tsc.ptn" (version 984) [success]

TSC_GENCLEAN[virus found]

-->delete file("C:\WINDOWS\system32\slpoov.exe","","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.exe","","") success

-->copy file("D:\Trend Micro\tsc.bin","D:\Trend Micro\TSC_Temp\tsc.exe","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.ini","","") success

-->copy file("D:\Trend Micro\tsc.ini","D:\Trend Micro\TSC_Temp\tsc.ini","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.ptn","","") success

-->copy file("D:\Trend Micro\tsc.ptn","D:\Trend Micro\TSC_Temp\tsc.ptn","") success

-->modify file("D:\Trend Micro\TSC_Temp\DEADLINKS.INI","","") success

-->add file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->modify file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->delete file("D:\Trend Micro\MARK_TEMP.INI","","") success

GenericClean::Pattern:TSC_GENCLEAN,Virus Name:TROJ_AGENT.PLB,Virus File Path:C:\WINDOWS\system32\slpoov.exe

Complete time : 星期一 十月 20 2008 17:02:24

Execute pattern count(1), Virus found count(1), Virus clean count(1), Clean failed count(0)

Damage Cleanup Engine (DCE) 5.32(Build 1011)

Windows XP(Build 2600: Service Pack 2)

Start time : 星期一 十月 20 2008 17:02:28

Load Damage Cleanup Template (DCT) "D:\Trend Micro\TMRDCT.ptn" (version ) [fail]

Load Damage Cleanup Template (DCT) "D:\Trend Micro\tsc.ptn" (version 984) [success]

TSC_GENCLEAN[virus found]

-->delete file("C:\WINDOWS\system32\awtUoOHB.dll.vir","","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.exe","","") success

-->copy file("D:\Trend Micro\tsc.bin","D:\Trend Micro\TSC_Temp\tsc.exe","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.ini","","") success

-->copy file("D:\Trend Micro\tsc.ini","D:\Trend Micro\TSC_Temp\tsc.ini","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.ptn","","") success

-->copy file("D:\Trend Micro\tsc.ptn","D:\Trend Micro\TSC_Temp\tsc.ptn","") success

-->modify file("D:\Trend Micro\TSC_Temp\DEADLINKS.INI","","") success

-->add file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->modify file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->delete file("D:\Trend Micro\MARK_TEMP.INI","","") success

GenericClean::Pattern:TSC_GENCLEAN,Virus Name:Mal_Vundo-5,Virus File Path:C:\WINDOWS\system32\awtUoOHB.dll.vir

Complete time : 星期一 十月 20 2008 17:02:29

Execute pattern count(1), Virus found count(1), Virus clean count(1), Clean failed count(0)

Damage Cleanup Engine (DCE) 5.32(Build 1011)

Windows XP(Build 2600: Service Pack 2)

Start time : 星期一 十月 20 2008 17:03:40

Load Damage Cleanup Template (DCT) "D:\Trend Micro\TMRDCT.ptn" (version ) [fail]

Load Damage Cleanup Template (DCT) "D:\Trend Micro\tsc.ptn" (version 984) [success]

TSC_GENCLEAN[virus found]

GenericClean::Pattern:TSC_GENCLEAN,Virus Name:Mal_Otorun2,Virus File Path:C:\WINDOWS\autorun.inf

Complete time : 星期一 十月 20 2008 17:03:40

Execute pattern count(1), Virus found count(1), Virus clean count(1), Clean failed count(0)

Damage Cleanup Engine (DCE) 5.32(Build 1011)

Windows XP(Build 2600: Service Pack 2)

Start time : 星期一 十月 20 2008 17:21:08

Load Damage Cleanup Template (DCT) "D:\Trend Micro\TMRDCT.ptn" (version ) [fail]

Load Damage Cleanup Template (DCT) "D:\Trend Micro\tsc.ptn" (version 984) [success]

TSC_GENCLEAN[virus found]

-->delete process("C:\WINDOWS\svchost.exe","","") success

-->reboot delete file("C:\WINDOWS\svchost.exe","","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.exe","","") success

-->copy file("D:\Trend Micro\tsc.bin","D:\Trend Micro\TSC_Temp\tsc.exe","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.ini","","") success

-->copy file("D:\Trend Micro\tsc.ini","D:\Trend Micro\TSC_Temp\tsc.ini","") success

-->delete file("D:\Trend Micro\TSC_Temp\tsc.ptn","","") success

-->copy file("D:\Trend Micro\tsc.ptn","D:\Trend Micro\TSC_Temp\tsc.ptn","") success

-->modify file("D:\Trend Micro\TSC_Temp\DEADLINKS.INI","","") success

-->add file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->modify file("D:\Trend Micro\MARK_TEMP.INI","","") success

-->delete file("D:\Trend Micro\MARK_TEMP.INI","","") success

GenericClean::Pattern:TSC_GENCLEAN,Virus Name:TROJ_AGENT.PLB,Virus File Path:C:\WINDOWS\svchost.exe

Complete time : 星期一 十月 20 2008 17:21:09

Execute pattern count(1), Virus found count(1), Virus clean count(1), Clean failed count(0)

Start time : 星期一 十月 20 2008 17:46:53

Load Damage Cleanup Template (DCT) "D:\Trend Micro\TMRDCT.ptn" (version ) [fail]

Load Damage Cleanup Template (DCT) "D:\Trend Micro\tsc.ptn" (version 984) [success]

Complete time : 星期一 十月 20 2008 17:47:00

Execute pattern count(3024), Virus found count(0), Virus clean count(0), Clean failed count(0)

2008-10-20, 17:47:00, Running scanner "D:\Trend Micro\VSCANTM.BIN"...

2008-10-20, 19:54:12, Scanner "D:\Trend Micro\VSCANTM.BIN" has finished running.

2008-10-20, 19:54:12, VSCANTM Log:

2008-10-20, 19:54:12, Files Detected:

Copyright © 1990 - 2006 Trend Micro Inc.

Report Date : 10/20/2008 17:47:01

VSAPI Engine Version : 8.910-1002

VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 607 (320881/320881 Patterns) (2008/10/19) (560700)

Command Line: D:\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=D:\Trend Micro\lpt$vpn.607

C:\WINDOWS\system32\sploov.exe [TROJ_AGENT.PLB]

C:\WINDOWS\system32\slpoov.exe [TROJ_AGENT.PLB]

C:\WINDOWS\svchost.exe [TROJ_AGENT.PLB]

C:\WINDOWS\fly.exe [TROJ_AGENT.KYW]

C:\WINDOWS\autorun.inf [Mal_Otorun2]

C:\WINDOWS\bsr.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019050.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019051.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019052.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019081.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019083.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019084.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019085.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019101.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019103.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019104.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019105.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019115.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019119.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019120.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019121.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019127.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019129.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019130.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019131.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019141.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019146.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019147.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP43\A0019148.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0019156.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0019157.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0019158.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0019390.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020391.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020393.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020394.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020395.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020428.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020430.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020431.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020432.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020436.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020464.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020468.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020469.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020470.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020484.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020486.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020487.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP44\A0020488.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020495.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020496.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020497.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020558.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020560.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020561.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020562.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020628.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020630.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020631.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020632.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020661.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020665.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020666.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020667.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020705.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020707.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020708.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020709.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020716.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020719.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020720.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020721.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020971.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020974.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020975.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP45\A0020976.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0020998.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0020999.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021000.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021014.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021016.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021017.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021018.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021028.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021032.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021033.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021034.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021087.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021094.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021095.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021096.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021119.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021121.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021122.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021123.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021130.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021132.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021133.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021134.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021147.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021149.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021150.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP46\A0021151.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021185.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021186.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021187.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021193.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021195.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021196.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021197.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021208.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021210.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021211.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021212.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021218.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021220.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021221.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021222.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021228.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021230.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021231.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021232.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021240.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021242.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021243.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021244.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021250.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021252.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021253.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021254.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021263.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021265.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021266.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021267.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021273.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021275.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021276.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021277.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021282.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021284.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021285.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021286.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021293.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021297.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021298.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021299.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021319.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021321.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021322.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP47\A0021323.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021351.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021352.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021353.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021398.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021400.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021401.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021402.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021461.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021463.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021464.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP48\A0021465.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021545.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021546.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021547.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021556.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021558.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021559.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021560.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021656.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021658.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021659.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021660.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021689.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021691.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021692.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP49\A0021693.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021706.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021707.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021708.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021741.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021743.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021744.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021745.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021798.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021800.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021801.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP50\A0021802.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP51\A0021835.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP51\A0021836.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP51\A0021837.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP51\A0021847.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP51\A0021849.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP51\A0021850.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP51\A0021851.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0021929.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0021930.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0021931.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0021940.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0021942.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0021943.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0021944.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0022019.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0022021.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0022022.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP52\A0022023.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP53\A0022033.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP53\A0022034.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP53\A0022035.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP53\A0022087.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP53\A0022089.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP53\A0022090.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP53\A0022092.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP54\A0022165.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP54\A0022166.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP54\A0022167.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP54\A0022205.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP54\A0022212.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP54\A0022213.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP54\A0022214.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022298.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022299.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022300.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022318.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022320.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022321.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022322.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022379.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022381.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022382.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP55\A0022383.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022413.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022414.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022415.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022431.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022433.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022434.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022435.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022450.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022457.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022458.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022459.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022507.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022513.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022514.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022515.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022665.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022667.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022668.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP56\A0022669.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022685.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022686.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022687.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022732.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022734.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022735.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022736.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022775.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022777.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022778.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022779.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022809.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022815.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022816.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP57\A0022817.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022832.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022833.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022834.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022849.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022854.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022855.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022856.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022902.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022904.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022905.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022906.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022938.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022943.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022944.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022945.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022984.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022989.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022990.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0022991.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023020.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023022.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023023.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023024.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023042.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023044.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023045.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023046.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023056.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023058.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023059.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023060.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023081.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023082.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP58\A0023083.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP59\A0023135.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP59\A0023136.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP59\A0023137.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP59\A0023203.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP59\A0023205.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP59\A0023206.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP59\A0023207.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023276.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023277.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023278.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023308.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023314.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023315.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023317.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023345.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP60\A0023348.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023350.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023351.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023352.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023353.EXE [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023358.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023383.inf [Mal_Otorun2]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023384.exe [TROJ_AGENT.KYW]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023390.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023395.exe [TROJ_AGENT.PLB]

C:\System Volume Information\_restore{5A843C36-1ABF-4442-B764-5AC2BD315308}\RP61\A0023397.inf [Mal_Otorun2]

C:\bsr.exe [TROJ_AGENT.PLB]

C:\autorun.inf [Mal_Otorun2]

C:\Temp3721TRQua\autorun.inf.malicious [Mal_Otorun2]

62816 files have been read.

62816 files have been checked.

62770 files have been scanned.

126444 files have been scanned. (including files in archived)

328 files containing viruses.

Found 328 viruses totally.

Maybe 0 viruses totally.

Stop At: 10/20/2008 19:54:12 2 hours 7 minutes 10 seconds (7630.11 seconds) has elapsed.(121.468 msec/file)

Link to post
Share on other sites

Uh, i know i didn't supply all the log the last post but does anyone have any ideas? Or is svchost.exe and the rest doomed to reside on my laptop until formatted?

Please allow time for proper analysis. In the meantime, we will need updated logs, again.

Hijackthis,mbam,otlist,and panda

Link to post
Share on other sites

JeanInMontana i started a new thread because this one is messy and huge.

In any case, this is the results from the latest MBAB scan..

Malwarebytes' Anti-Malware 1.30

Database version: 1308

Windows 5.1.2600 Service Pack 2

2008-10-23 20:01:51

mbam-log-2008-10-23 (20-01-51).txt

Scan type: Quick Scan

Objects scanned: 52426

Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

END LOG

The updated version found some little other nasties;

Files Infected:

C:\WINDOWS\fly.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\bsr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sploov.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\slpoov.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\bsr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.

So whether it was deleting- O4 - Startup: sploov.exe.lnk = C:\WINDOWS\system32\slpoov.exe or just the update, it appears to be fixed up now.. so thanks AdvancedSetup!

Link to post
Share on other sites

JeanInMontana i started a new thread because this one is messy and huge.

In any case, this is the results from the latest MBAB scan..

Malwarebytes' Anti-Malware 1.30

Database version: 1308

Windows 5.1.2600 Service Pack 2

2008-10-23 20:01:51

mbam-log-2008-10-23 (20-01-51).txt

Scan type: Quick Scan

Objects scanned: 52426

Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

END LOG

The updated version found some little other nasties;

Files Infected:

C:\WINDOWS\fly.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\bsr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sploov.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\slpoov.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\bsr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.

So whether it was deleting- O4 - Startup: sploov.exe.lnk = C:\WINDOWS\system32\slpoov.exe or just the update, it appears to be fixed up now.. so thanks AdvancedSetup!

Is your computer running ok now? if so, we'll get this thread closed.

Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.